Edit tour

Windows Analysis Report
Swift-TT680169 Report.svg

Overview

General Information

Sample name:	Swift-TT680169 Report.svg
Analysis ID:	1585787
MD5:	ccc997a94272656e267c53bde3bc895b
SHA1:	34f412909bdd36f3f5fa6ae5f9e70d56b9f182af
SHA256:	3d44de6a6a5358af68357af152c958173369fd96dc2ce4cae03c26795f4d8e8d
Infos:

Detection

Branchlock Obfuscator

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Branchlock Obfuscator

Downloads suspicious files via Chrome

Exploit detected, runtime environment starts unknown processes

Found suspicious ZIP file

Sigma detected: WScript or CScript Dropper

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Contains functionality to detect virtual machines (SLDT)

Contains functionality to query CPU information (cpuid)

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Uses a known web browser user agent for HTTP communication

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64_ra

msedge.exe (PID: 6556 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\Swift-TT680169 Report.svg MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6864 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1836,i,3561918255255189208,8950633871389057760,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7000 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\Desktop\Swift-TT680169 Report.svg MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4300 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7528 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4828 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7544 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6728 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7276 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=3916 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2216 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-GB --service-sandbox-type=service --mojo-platform-channel-handle=7512 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4992 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6772 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

rundll32.exe (PID: 6656 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

wscript.exe (PID: 1764 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\MT103 Mansourbank\Swift Transactions\Swift Transaction Report.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)

java.exe (PID: 5476 cmdline: "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe" -version MD5: 9DAA53BAB2ECB33DC0D9CA51552701FA)

conhost.exe (PID: 6716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

icacls.exe (PID: 7068 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: 2E49585E4E08565F52090B144062F97E)

conhost.exe (PID: 3808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

javaw.exe (PID: 5208 cmdline: "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\Swift Confirmation Copy.jar" MD5: 6E0F4F812AE02FBCB744A929E74A04B8)

tasklist.exe (PID: 1172 cmdline: tasklist.exe MD5: 0A4448B31CE7F83CB7691A2657F330F1)

conhost.exe (PID: 4004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\Swift Confirmation Copy.jar	JoeSecurity_BranchlockObfuscator	Yara detected Branchlock Obfuscator	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000001B.00000002.1896174343.0000000014D19000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BranchlockObfuscator	Yara detected Branchlock Obfuscator	Joe Security
0000001B.00000003.1859584596.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BranchlockObfuscator	Yara detected Branchlock Obfuscator	Joe Security
00000016.00000002.1919379705.000001CB4E890000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BranchlockObfuscator	Yara detected Branchlock Obfuscator	Joe Security
00000016.00000003.1904202124.000001CB4E247000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BranchlockObfuscator	Yara detected Branchlock Obfuscator	Joe Security
Process Memory Space: wscript.exe PID: 1764	JoeSecurity_BranchlockObfuscator	Yara detected Branchlock Obfuscator	Joe Security
Process Memory Space: javaw.exe PID: 5208	JoeSecurity_BranchlockObfuscator	Yara detected Branchlock Obfuscator	Joe Security
Click to see the 1 entries

Sigma Signatures

System Summary

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\MT103 Mansourbank\Swift Transactions\Swift Transaction Report.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\MT103 Mansourbank\Swift Transactions\Swift Transaction Report.js" , CommandLine|base64offset|contains: N-, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4380, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\MT103 Mansourbank\Swift Transactions\Swift Transaction Report.js" , ProcessId: 1764, ProcessName: wscript.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\MT103 Mansourbank\Swift Transactions\Swift Transaction Report.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\MT103 Mansourbank\Swift Transactions\Swift Transaction Report.js" , CommandLine|base64offset|contains: N-, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4380, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\MT103 Mansourbank\Swift Transactions\Swift Transaction Report.js" , ProcessId: 1764, ProcessName: wscript.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Software Vulnerabilities

Exploit detected, runtime environment starts unknown processes

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

Process created: C:\Windows\System32\conhost.exe

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

Code function: 4x nop then cmp eax, dword ptr [ecx+04h]

27_2_02548C4C

Source: Joe Sandbox View	IP Address: 13.107.5.80 13.107.5.80
Source: Joe Sandbox View	IP Address: 23.219.161.132 23.219.161.132
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3

Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /undersideproactive/api/v1/trigger HTTP/1.1Host: services.bingapis.comConnection: keep-aliveContent-Length: 212Content-Type: application/jsonSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/entry.VZichmGr.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/fluent.DRTRCTLp.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonButtonV1.Bhjf-ksG.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonButton.DduORkOQ.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonInlineIcon.v8OKQt42.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/MediaItemDynamic.-IR4ihi9.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/experiments.DS9CrIRX.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ChannelEulaPopup.DASfJiCs.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/edge-icon.BwIA8KUD.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/FocusStepper.D-YSntO-.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/EmbedSearchAdvanced.NDR-lOFq.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BiJd105E.js HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 475Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.80

Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/entry.VZichmGr.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/fluent.DRTRCTLp.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonButtonV1.Bhjf-ksG.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonButton.DduORkOQ.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonInlineIcon.v8OKQt42.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/MediaItemDynamic.-IR4ihi9.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/experiments.DS9CrIRX.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ChannelEulaPopup.DASfJiCs.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/edge-icon.BwIA8KUD.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/FocusStepper.D-YSntO-.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/EmbedSearchAdvanced.NDR-lOFq.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BiJd105E.js HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: Favicons.3.dr	String found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.facebook.com/&origin=PinningWizard equals www.facebook.com (Facebook)
Source: Favicons.3.dr	String found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.youtube.com/&origin=PinningWizard equals www.youtube.com (Youtube)
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log6.3.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log6.3.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log6.3.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: Favicons.3.dr	String found in binary or memory: ?https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: Favicons.3.dr	String found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.youtube.com/&origin=PinningWizard equals www.youtube.com (Youtube)
Source: Favicons.3.dr	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: seasonmonster.s3.us-east-1.amazonaws.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: CF18A00A6C48492F9C51BB374F40E6C3 Ref B: EWR311000103035 Ref C: 2025-01-08T08:23:35ZDate: Wed, 08 Jan 2025 08:23:35 GMTConnection: closeContent-Length: 0

Source: javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HTTP://WWW.CHAMBERSIGN.ORG
Source: javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BB9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009B56000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009B56000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009B81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009B56000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009B56000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009B56000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009B81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009B56000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: java.exe, 00000017.00000002.1856305049.0000000004A00000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.oracle.com/
Source: javaw.exe, 0000001B.00000002.1897066207.0000000015100000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009D42000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://null.oracle.com/
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009B56000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C27000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009B56000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C27000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C06000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009B56000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C27000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009B81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com
Source: javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1884679383.000000000465E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/C
Source: javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org
Source: javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm
Source: javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bmC
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://bard.google.com/
Source: Swift Confirmation Copy.jar.22.dr	String found in binary or memory: https://branchlock.net
Source: wscript.exe, 00000016.00000003.1904202124.000001CB4E247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://branchlock.net8
Source: wscript.exe, 00000016.00000003.1904202124.000001CB4E247000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://branchlock.netJX
Source: Reporting and NEL.4.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: offscreendocument_main.js.3.dr, service_worker_bin_prod.js.3.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: Web Data.3.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.3.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json0.3.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.3.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 4e462f7a-53be-4207-89c2-f29652362ffd.tmp.4.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.3.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 4e462f7a-53be-4207-89c2-f29652362ffd.tmp.4.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: Reporting and NEL.4.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json.3.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.3.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.3.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.3.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.3.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log6.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log6.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log6.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log7.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr, HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log6.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr, HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log6.3.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: Favicons.3.dr	String found in binary or memory: https://edgestatic.azureedge.net/welcome/static/favicon.png
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://gaana.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://m.kugou.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://m.soundcloud.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://m.vk.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://music.amazon.com
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://music.apple.com
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://music.yandex.com
Source: javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://open.spotify.com
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu
Source: javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu0
Source: javaw.exe, 0000001B.00000002.1884679383.000000000498C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://seasonmonster.s3.us-east-1.amazonaws.com
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://seasonmonster.s3.us-east-1.amazonaws.com/1.jar
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://seasonmonster.s3.us-east-1.amazonaws.com/2.jar
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://seasonmonster.s3.us-east-1.amazonaws.com/3.jar
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://seasonmonster.s3.us-east-1.amazonaws.com/checker.jar
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://seasonmonster.s3.us-east-1.amazonaws.com/email.js
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://seasonmonster.s3.us-east-1.amazonaws.com/history.jar
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://seasonmonster.s3.us-east-1.amazonaws.com/recovery.jar
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://seasonmonster.s3.us-east-1.amazonaws.com/res.jar
Source: javaw.exe, 0000001B.00000002.1884679383.000000000498C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://seasonmonster.s3.us-east-1.amazonaws.com/swiftcopy.pdf
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://tidal.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://twitter.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://vibe.naver.com/today
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://web.telegram.org/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://web.whatsapp.com
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: Favicons.3.dr	String found in binary or memory: https://www.aliexpress.com/
Source: Favicons.3.dr	String found in binary or memory: https://www.amazon.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.deezer.com/
Source: content.js.3.dr, content_new.js.3.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.3.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.instagram.com
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.last.fm/
Source: Favicons.3.dr	String found in binary or memory: https://www.live.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.messenger.com
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: Favicons.3.dr	String found in binary or memory: https://www.netflix.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.office.com
Source: Favicons.3.dr	String found in binary or memory: https://www.office.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: Favicons.3.dr	String found in binary or memory: https://www.reddit.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.tiktok.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://www.youtube.com
Source: Favicons.3.dr	String found in binary or memory: https://www.youtube.com/
Source: c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File dump: C:\Users\user\Downloads\MT103 Mansourbank.zip (copy)

Jump to dropped file

Found suspicious ZIP file

Source: 47715a7b-233a-4fe5-845e-736d0f2ad752.tmp.3.dr

Zip Entry: Swift Transactions/Swift Transaction Report.js

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Jump to behavior

Source: classification engine

Classification label: mal72.expl.evad.winSVG@80/257@13/9

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677E35F4-199C.pma

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3808:120:WilError_03
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6716:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4004:120:WilError_03

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\6d9b4a7c-197d-46c9-9cc7-a58d41b5cb3b.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\tasklist.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Windows\System32\wscript.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\Swift-TT680169 Report.svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1836,i,3561918255255189208,8950633871389057760,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate --single-argument C:\Users\user\Desktop\Swift-TT680169 Report.svg
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4828 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6728 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=3916 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-GB --service-sandbox-type=service --mojo-platform-channel-handle=7512 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6772 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\Downloads\MT103 Mansourbank\Swift Transactions\Swift Transaction Report.js"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe" -version
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wscript.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\Swift Confirmation Copy.jar"
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe
Source: C:\Windows\SysWOW64\tasklist.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1836,i,3561918255255189208,8950633871389057760,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4828 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6728 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6772 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=3916 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-GB --service-sandbox-type=service --mojo-platform-channel-handle=7512 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6772 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe" -version	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\Swift Confirmation Copy.jar"	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: jscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msdart.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\icacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Branchlock Obfuscator

Source: Yara match	File source: 0000001B.00000002.1896174343.0000000014D19000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.1859584596.0000000000A84000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.1919379705.000001CB4E890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000003.1904202124.000001CB4E247000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wscript.exe PID: 1764, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 5208, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Swift Confirmation Copy.jar, type: DROPPED

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 23_2_028FA20A push ecx; ret	23_2_028FA21A
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 23_2_028FA21B push ecx; ret	23_2_028FA225
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 23_2_028FB3B7 push 00000000h; mov dword ptr [esp], esp	23_2_028FB3DD
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 23_2_028FBB67 push 00000000h; mov dword ptr [esp], esp	23_2_028FBB8D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 23_2_028FB947 push 00000000h; mov dword ptr [esp], esp	23_2_028FB96D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Code function: 23_2_028FC477 push 00000000h; mov dword ptr [esp], esp	23_2_028FC49D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024AD8F7 push 00000000h; mov dword ptr [esp], esp	27_2_024AD921
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024AA20A push ecx; ret	27_2_024AA21A
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024AA21B push ecx; ret	27_2_024AA225
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024AB350 push 00000000h; mov dword ptr [esp], esp	27_2_024AB3DD
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024ABB67 push 00000000h; mov dword ptr [esp], esp	27_2_024ABB8D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024ABB00 push 00000000h; mov dword ptr [esp], esp	27_2_024ABB8D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024AB3B7 push 00000000h; mov dword ptr [esp], esp	27_2_024AB3DD
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024AB8E0 push 00000000h; mov dword ptr [esp], esp	27_2_024AB96D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024AD8E0 push 00000000h; mov dword ptr [esp], esp	27_2_024AD921
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024AB947 push 00000000h; mov dword ptr [esp], esp	27_2_024AB96D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024AC469 push 00000000h; mov dword ptr [esp], esp	27_2_024AC49D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_024AC477 push 00000000h; mov dword ptr [esp], esp	27_2_024AC49D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_0254D691 push cs; retf	27_2_0254D6B1
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_0254B331 push ecx; retn 0022h	27_2_0254B3E6
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_0254B077 push es; iretd	27_2_0254B07E
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Code function: 27_2_0256DD3E push cs; iretd	27_2_0256DD6C

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AUTORUNSC.EXE8
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AUTORUNS.EXE8
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE8
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXE8
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: PROCMON.EXE8
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: FILEMON.EXE8
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: FIDDLER.EXE8
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: REGMON.EXE8

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

Code function: 27_2_0254B4C4 sldt word ptr [eax]

27_2_0254B4C4

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: Web Data.3.dr	Binary or memory string: outlook.office365.comVMware20,11696584680t
Source: Web Data.3.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696584680
Source: Web Data.3.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696584680p
Source: Web Data.3.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696584680^
Source: Web Data.3.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696584680n
Source: Web Data.3.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696584680]
Source: Web Data.3.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696584680x
Source: java.exe, 00000017.00000002.1855195153.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1882873906.0000000000A48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [Ljava/lang/VirtualMachineError;
Source: java.exe, 00000017.00000003.1852236386.0000000014E61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: Web Data.3.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696584680
Source: java.exe, 00000017.00000002.1855195153.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1882873906.0000000000A48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cjava/lang/VirtualMachineError
Source: Web Data.3.dr	Binary or memory string: outlook.office.comVMware20,11696584680s
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware.exe8
Source: Web Data.3.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696584680\|UE
Source: Web Data.3.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696584680x
Source: java.exe, 00000017.00000003.1852236386.0000000014E61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: java/lang/VirtualMachineError.classPK
Source: Web Data.3.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696584680u
Source: Web Data.3.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696584680
Source: Web Data.3.dr	Binary or memory string: ms.portal.azure.comVMware20,11696584680
Source: Web Data.3.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696584680}
Source: java.exe, 00000017.00000002.1855195153.0000000000CFB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1882873906.0000000000A48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.3.dr	Binary or memory string: bankofamerica.comVMware20,11696584680x
Source: java.exe, 00000017.00000003.1852236386.0000000014E61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: Web Data.3.dr	Binary or memory string: turbotax.intuit.comVMware20,11696584680t
Source: Web Data.3.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696584680
Source: java.exe, 00000017.00000003.1852236386.0000000014E61000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: Web Data.3.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696584680
Source: Web Data.3.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696584680~
Source: Web Data.3.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696584680}
Source: Web Data.3.dr	Binary or memory string: AMC password management pageVMware20,11696584680
Source: Web Data.3.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696584680h
Source: Web Data.3.dr	Binary or memory string: interactivebrokers.comVMware20,11696584680
Source: Web Data.3.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696584680z
Source: Web Data.3.dr	Binary or memory string: tasks.office.comVMware20,11696584680o
Source: Web Data.3.dr	Binary or memory string: discord.comVMware20,11696584680f
Source: javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vboxtray.exe8
Source: Web Data.3.dr	Binary or memory string: global block list test formVMware20,11696584680
Source: Web Data.3.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696584680
Source: Web Data.3.dr	Binary or memory string: dev.azure.comVMware20,11696584680j
Source: Web Data.3.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696584680d

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

Memory protected: page read and write | page guard

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe" -version	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe" -jar "C:\Users\user\AppData\Local\Temp\Swift Confirmation Copy.jar"	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist.exe	Jump to behavior

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

Code function: 23_2_028F03C0 cpuid

23_2_028F03C0

Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\5476 VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\5208 VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Windows Management Instrumentation	1 Scripting	11 Process Injection	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Exploitation for Client Execution	1 Services File Permissions Weakness	1 Services File Permissions Weakness	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	15 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Services File Permissions Weakness	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Rundll32	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://branchlock.netJX	0%	Avira URL Cloud	safe
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/ChannelEulaPopup.DASfJiCs.css	0%	Avira URL Cloud	safe
https://seasonmonster.s3.us-east-1.amazonaws.com/1.jar	0%	Avira URL Cloud	safe
http://repository.swisssign.com/C	0%	Avira URL Cloud	safe
HTTP://WWW.CHAMBERSIGN.ORG	0%	Avira URL Cloud	safe
https://seasonmonster.s3.us-east-1.amazonaws.com/recovery.jar	0%	Avira URL Cloud	safe
https://seasonmonster.s3.us-east-1.amazonaws.com/history.jar	0%	Avira URL Cloud	safe
https://branchlock.net8	0%	Avira URL Cloud	safe
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/MediaItemDynamic.-IR4ihi9.css	0%	Avira URL Cloud	safe
https://seasonmonster.s3.us-east-1.amazonaws.com/3.jar	0%	Avira URL Cloud	safe
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/FocusStepper.D-YSntO-.css	0%	Avira URL Cloud	safe
https://seasonmonster.s3.us-east-1.amazonaws.com/res.jar	0%	Avira URL Cloud	safe
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/CommonButtonV1.Bhjf-ksG.css	0%	Avira URL Cloud	safe
https://seasonmonster.s3.us-east-1.amazonaws.com/email.js	0%	Avira URL Cloud	safe
https://seasonmonster.s3.us-east-1.amazonaws.com/2.jar	0%	Avira URL Cloud	safe
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/EmbedSearchAdvanced.NDR-lOFq.css	0%	Avira URL Cloud	safe
https://seasonmonster.s3.us-east-1.amazonaws.com/checker.jar	0%	Avira URL Cloud	safe
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/entry.VZichmGr.css	0%	Avira URL Cloud	safe
http://www.quovadis.bmC	0%	Avira URL Cloud	safe
https://seasonmonster.s3.us-east-1.amazonaws.com/swiftcopy.pdf	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
googlehosted.l.googleusercontent.com	142.250.181.225	true	false	high
s3-r-w.us-east-1.amazonaws.com	3.5.12.103	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
seasonmonster.s3.us-east-1.amazonaws.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/ChannelEulaPopup.DASfJiCs.css	false	Avira URL Cloud: safe	unknown
https://services.bingapis.com/undersideproactive/api/v1/trigger	false		high
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/MediaItemDynamic.-IR4ihi9.css	false	Avira URL Cloud: safe	unknown
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/FocusStepper.D-YSntO-.css	false	Avira URL Cloud: safe	unknown
https://bzib.nelreports.net/api/report?cat=bingbusiness	false		high
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/EmbedSearchAdvanced.NDR-lOFq.css	false	Avira URL Cloud: safe	unknown
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/CommonButtonV1.Bhjf-ksG.css	false	Avira URL Cloud: safe	unknown
https://clients2.googleusercontent.com/crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx	false		high
https://edgecdn-embza6g8cacagcbn.z01.azurefd.net/shared/edgeweb/_nuxt/entry.VZichmGr.css	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Web Data.3.dr	false		high
https://duckduckgo.com/ac/?q=	Web Data.3.dr	false		high
http://crl.chambersign.org/chambersroot.crl0	javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://repository.swisssign.com/C	javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://branchlock.netJX	wscript.exe, 00000016.00000003.1904202124.000001CB4E247000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.last.fm/	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
http://www.chambersign.org1	javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://repository.swisssign.com/0	javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1884679383.000000000465E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://deff.nelreports.net/api/report?cat=msn	Reporting and NEL.4.dr	false		high
HTTP://WWW.CHAMBERSIGN.ORG	javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://seasonmonster.s3.us-east-1.amazonaws.com/1.jar	javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ocsp.quovadisoffshore.com	javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.google.com/	manifest.json.3.dr	false		high
https://www.youtube.com	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://www.instagram.com	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://web.skype.com/?browsername=edge_canary_shoreline	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://repository.luxtrust.lu	javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive.google.com/	manifest.json.3.dr	false		high
https://www.netflix.com/	Favicons.3.dr	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://www.messenger.com	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://outlook.office.com/mail/compose?isExtension=true	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://www.reddit.com/	Favicons.3.dr	false		high
https://i.y.qq.com/n2/m/index.html	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://www.deezer.com/	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://seasonmonster.s3.us-east-1.amazonaws.com/history.jar	javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://policy.camerfirma.com0	javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://seasonmonster.s3.us-east-1.amazonaws.com/3.jar	javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://seasonmonster.s3.us-east-1.amazonaws.com/recovery.jar	javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.office.com/	Favicons.3.dr	false		high
https://web.telegram.org/	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://branchlock.net8	wscript.exe, 00000016.00000003.1904202124.000001CB4E247000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/mathjax/	offscreendocument_main.js.3.dr, service_worker_bin_prod.js.3.dr	false		high
https://drive-daily-2.corp.google.com/	manifest.json.3.dr	false		high
http://bugreport.sun.com/bugreport/	javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BB9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/	Favicons.3.dr	false		high
https://drive-daily-4.corp.google.com/	manifest.json.3.dr	false		high
https://vibe.naver.com/today	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
http://java.oracle.com/	java.exe, 00000017.00000002.1856305049.0000000004A00000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009BC8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://null.oracle.com/	javaw.exe, 0000001B.00000002.1897066207.0000000015100000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009D42000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Web Data.3.dr	false		high
https://drive-daily-1.corp.google.com/	manifest.json.3.dr	false		high
https://excel.new?from=EdgeM365Shoreline	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://www.youtube.com/	Favicons.3.dr	false		high
https://drive-daily-5.corp.google.com/	manifest.json.3.dr	false		high
http://cps.chambersign.org/cps/chambersroot.html	javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://seasonmonster.s3.us-east-1.amazonaws.com/res.jar	javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.securetrust.com/STCA.crl	javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/chrome	content.js.3.dr, content_new.js.3.dr	false		high
https://www.tiktok.com/	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
http://crl.xrampsecurity.com/XGCA.crl0	javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chromewebstore.google.com/	manifest.json0.3.dr	false		high
http://www.quovadis.bm0	javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-preprod.corp.google.com/	manifest.json.3.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://chrome.google.com/webstore/	manifest.json0.3.dr	false		high
https://y.music.163.com/m/	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://bard.google.com/	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
http://www.quovadis.bmC	javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://web.whatsapp.com	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://m.kugou.com/	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://www.office.com	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://outlook.live.com/mail/0/	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://repository.luxtrust.lu0	javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://cps.chambersign.org/cps/chambersroot.html0	javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://seasonmonster.s3.us-east-1.amazonaws.com/2.jar	javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://powerpoint.new?from=EdgeM365Shoreline	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	Web Data.3.dr	false		high
http://policy.camerfirma.com	javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://tidal.com/	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
http://crl.securetrust.com/STCA.crl0	javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://seasonmonster.s3.us-east-1.amazonaws.com/email.js	javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://gaana.com/	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://drive-staging.corp.google.com/	manifest.json.3.dr	false		high
http://www.quovadisglobal.com/cps0	javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.live.com/mail/compose?isExtension=true	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	Web Data.3.dr	false		high
https://seasonmonster.s3.us-east-1.amazonaws.com/swiftcopy.pdf	javaw.exe, 0000001B.00000002.1884679383.000000000498C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://ocsp.quovadisoffshore.com0	javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://repository.swisssign.com/	javaw.exe, 0000001B.00000002.1884679383.0000000004AA0000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.chambersign.org	javaw.exe, 0000001B.00000002.1884679383.00000000046E4000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://latest.web.skype.com/?browsername=edge_canary_shoreline	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
https://seasonmonster.s3.us-east-1.amazonaws.com/checker.jar	javaw.exe, 0000001B.00000002.1888622600.0000000009C50000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://word.new?from=EdgeM365Shoreline	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high
http://crl.xrampsecurity.com/XGCA.crl	javaw.exe, 0000001B.00000002.1888622600.0000000009DF5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	c3a99f0d-0b93-41e9-956f-4904caabd137.tmp.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.5.80	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
3.5.12.103	s3-r-w.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
23.44.201.39	unknown	United States	20940	AKAMAI-ASN1EU	false
23.219.161.132	unknown	United States	20940	AKAMAI-ASN1EU	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
142.250.181.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1585787
Start date and time:	2025-01-08 09:22:47 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	32
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Swift-TT680169 Report.svg
Detection:	MAL
Classification:	mal72.expl.evad.winSVG@80/257@13/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 77% Number of executed functions: 27 Number of non-executed functions: 3
Cookbook Comments:	Found application associated with file extension: .svg

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 13.107.42.16, 13.107.21.239, 204.79.197.239, 142.250.186.46, 13.107.6.158, 2.16.168.113, 2.16.168.107, 2.16.168.115, 2.16.168.122, 2.23.227.199, 2.23.227.221, 2.23.227.198, 2.23.227.205, 2.23.227.215, 2.23.227.208, 142.251.32.99, 142.251.40.131, 142.250.65.163, 23.51.57.215, 13.107.246.45, 23.56.254.164, 172.202.163.200, 104.77.222.2, 4.152.199.46, 13.107.246.40, 23.219.161.135
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, e11290.dspg.akamaiedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, go.microsoft.com, www.bing.com.edgekey.net, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, bzib.nelreports.net.akamaized.net, star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net, b-0005.b-msedge.net, app-edge.smartscreen.microsoft.com, www-www.bing.com.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, edgestatic.azureedge.net, l-0007.config.skype.com, a2033.dscd.akamai.net, go.microsoft.com.edgekey.net, edgeassetservice.azureedg
Execution Graph export aborted for target java.exe, PID 5476 because it is empty
Execution Graph export aborted for target javaw.exe, PID 5208 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
13.107.5.80	Mansourbank Swift-TT379733 Report.svg	Get hash	malicious	Branchlock Obfuscator	Browse
	https://ammyy.com/en/downloads.html	Get hash	malicious	Flawedammyy	Browse
	http://elizgallery.com/js.php	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_1a8e4ebbcc2e3f76efb2a55bb6179417263ebf3d.zip	Get hash	malicious	Unknown	Browse
	HP Service File Loader.exe	Get hash	malicious	Unknown	Browse
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bcu%C2%ADrio%C2%ADsi%C2%ADty%C2%ADh%C2%ADi%C2%ADve.%E2%80%8Bon%C2%ADline%2Fsys%2Fcss%2F36Cg6awhUCmCkqglue0g3yTJ/osman.turhan@hotmail.com	Get hash	malicious	Unknown	Browse
	https://abex.co.in/1/?clickid=crj4hrne79is73f9g3kg&lp_key=17263275da2fd8c1a244a24d3218001b69e7968282&t1=1083194587&t2=.us.05.desktop.nonadult.windows.edge&key=7dfcf14e88e3f6336162#	Get hash	malicious	Unknown	Browse
	https://praviplastics.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9YW01cVRWST0mdWlkPVVTRVIxMjA5MjAyNFU0ODA5MTI1OQ==#j.pullen@newheycarpets.co.uk	Get hash	malicious	Unknown	Browse
	PO#86637.lzh	Get hash	malicious	FormBook	Browse
162.159.61.3	SecurityScan_Release.exe	Get hash	malicious	Unknown	Browse
	LVkAi4PBv6.exe	Get hash	malicious	Unknown	Browse
	Mansourbank Swift-TT379733 Report.svg	Get hash	malicious	Branchlock Obfuscator	Browse
	w3245.exe	Get hash	malicious	Unknown	Browse
	17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe	Get hash	malicious	Remcos	Browse
	Tax_Refund_Claim_2024_Australian_Taxation_Office.js	Get hash	malicious	Remcos	Browse
	Yoranis Setup.exe	Get hash	malicious	Unknown	Browse
	random.exe	Get hash	malicious	Unknown	Browse
	random.exe	Get hash	malicious	Unknown	Browse
23.44.201.39	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
23.219.161.132	FLKCAS1DzH.bat	Get hash	malicious	Unknown	Browse
	aD7D9fkpII.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	SecurityScan_Release.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	SecurityScan_Release.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	SecurityScan_Release.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	LVkAi4PBv6.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	Mansourbank Swift-TT379733 Report.svg	Get hash	malicious	Branchlock Obfuscator	Browse	172.64.41.3
	w3245.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	w3245.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exe	Get hash	malicious	Remcos	Browse	172.64.41.3
	Tax_Refund_Claim_2024_Australian_Taxation_Office.js	Get hash	malicious	Remcos	Browse	162.159.61.3
s-part-0017.t-0009.t-msedge.net	7ccf88c0bbe3b29bf19d877c4596a8d4.zip	Get hash	malicious	Unknown	Browse	13.107.246.45
	0a0#U00a0.js	Get hash	malicious	PureLog Stealer, RHADAMANTHYS, zgRAT	Browse	13.107.246.45
	https://sUNg.ethamoskag.ru/0cUrcw3/#Msburkholder@heartland-derm.com	Get hash	malicious	Unknown	Browse	13.107.246.45
	Sburkholder.pdf	Get hash	malicious	Unknown	Browse	13.107.246.45
	audio.mp3_JasonhTranscript.html	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://bRH5.bughtswo.com/tgs0/#bW1vb3JlQGVuYWJsZWNvbXAuY29t	Get hash	malicious	Unknown	Browse	13.107.246.45
	phish_alert_sp2_2.0.0.0 (12).eml	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://sammobile.digidip.net/visit?url=https://massageclinic.com.au/wadblacks2&currurl=https://www.sammobile.com/2018/06/06/june-2018-security-patch-information-published-by-samsung/	Get hash	malicious	Gabagool	Browse	13.107.246.45
	3e18bdf74f3caef770a7edcf748bdaf0e6a4a21664e69.exe	Get hash	malicious	AsyncRAT, GhostRat	Browse	13.107.246.45
	[UPD]Intel_Unit.2.1.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
s3-r-w.us-east-1.amazonaws.com	Mansourbank Swift-TT379733 Report.svg	Get hash	malicious	Branchlock Obfuscator	Browse	52.216.29.192
	Wupos Reciept.pdf.jar	Get hash	malicious	Branchlock Obfuscator	Browse	52.216.217.130
	Swift Transaction Report.js	Get hash	malicious	Branchlock Obfuscator	Browse	16.182.70.66
	Swift Transaction Report.js	Get hash	malicious	Branchlock Obfuscator	Browse	54.231.134.106
	https://midoregoncu-securemessagecenter.s3.us-east-1.amazonaws.com/open/message_12832.html	Get hash	malicious	HTMLPhisher	Browse	54.231.130.18
	http://img1.wsimg.com/blobby/go/9b6ed793-452c-4f8f-8f80-6847f4d114d7/downloads/71318864754.pdf	Get hash	malicious	Unknown	Browse	52.217.134.50
	https://5qc68jhomepl.blob.core.windows.net/9x0f8/index.html	Get hash	malicious	Unknown	Browse	52.217.41.32
	https://verification.com/omid_error?	Get hash	malicious	Unknown	Browse	52.217.85.136
	https://receptive-comfortable-paw.glitch.me/	Get hash	malicious	Unknown	Browse	16.15.178.21

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-AESUS	https://url12.mailanyone.net/scanner?m=1tUshS-0000000041D-2l2S&d=4%7Cmail%2F90%2F1736191200%2F1tUshS-0000000041D-2l2S%7Cin12g%7C57e1b682%7C21208867%7C12850088%7C677C2DBECB224D1EED07A26760DE755E&o=%2Fphtp%3A%2Fjtssamcce.ehst.uruirrevam.ctstro%2Fe%3D%2F%3Fixprceetmeat%3Dmn%26aeileplttm%26920%3D09s1-oFmyiSNtMTnafi%25iosctgp40norajmcm.c8p%3D5o%26991dd-86e2ee-4a-9879e6-de5f1dd.%232e.%3D302vp%3D0%26%25ttsdhF23Ap%252a%25Fuii.ctr.vro2omastr%25Fi2ge2ap%25%25FelFp%25cisoie52F21d9c876-89-4e9dd8-9d-d6ea215f22e%25eeFtFde%252maadata%3Da%26kdtuK8rJIg9jKP6GiBXfDGI7Fp%25Lddn2sRxJdhuPpjWD3%25ICb37&s=3NJIrjRA01UUg3P9bWqXPHrWXdk	Get hash	malicious	Unknown	Browse	54.145.131.117
	https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=evsqlwgFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#test@kghm.com	Get hash	malicious	Unknown	Browse	3.233.162.86
	http://plnbl.io/review/VdCYQSoKp54z	Get hash	malicious	HTMLPhisher	Browse	3.223.63.250
	https://juddshaw.acemlnc.com/lt.php?x=3DZy~GDHJXeaEpz5-g1FVxNz1qEjv_Qij~tijXnLI3Ke75_7z0y.yuJz5X6lmNI~jusw	Get hash	malicious	HTMLPhisher	Browse	54.225.69.136
	miori.ppc.elf	Get hash	malicious	Unknown	Browse	54.136.13.236
	https://juddshaw.acemlnc.com/lt.php?x=3DZy~GE4V3Sh78B__Q9GUuBs1XzUv_D1ke04YXLDKXmbEs370Ey.yuJz5X6lmNI~jusw	Get hash	malicious	HTMLPhisher	Browse	54.225.69.136
	https://pozaweclip.upnana.com/	Get hash	malicious	Unknown	Browse	54.225.228.99
	https://us01-i-prod-estimating-storage.s3.amazonaws.com/598134325679181/562949954787293/Documents/1706942/Hoosier%20Crane%20Service%20Company.pdf	Get hash	malicious	HTMLPhisher	Browse	3.5.25.231
	https://link.edgepilot.com/s/692fcd16/rcPy0yXyykq_mRLKroUvRQ?u=https://petroleumalliance.us8.list-manage.com/track/click?u=325f73d29a0b4f85a46b700a9%26id=dfe369da82%26e=94c2db4428	Get hash	malicious	Unknown	Browse	23.20.4.56
	miori.m68k.elf	Get hash	malicious	Unknown	Browse	34.237.123.232
AKAMAI-ASN1EU	http://plnbl.io/review/VdCYQSoKp54z	Get hash	malicious	HTMLPhisher	Browse	88.221.110.136
	https://sUNg.ethamoskag.ru/0cUrcw3/#Msburkholder@heartland-derm.com	Get hash	malicious	Unknown	Browse	2.16.168.12
	miori.x86.elf	Get hash	malicious	Unknown	Browse	184.27.119.118
	https://t.co/sSZe0hnReU	Get hash	malicious	Unknown	Browse	23.215.17.144
	https://pozaweclip.upnana.com/	Get hash	malicious	Unknown	Browse	2.16.168.113
	https://link.edgepilot.com/s/692fcd16/rcPy0yXyykq_mRLKroUvRQ?u=https://petroleumalliance.us8.list-manage.com/track/click?u=325f73d29a0b4f85a46b700a9%26id=dfe369da82%26e=94c2db4428	Get hash	malicious	Unknown	Browse	104.124.11.145
	miori.arm5.elf	Get hash	malicious	Unknown	Browse	23.202.150.7
	sora.spc.elf	Get hash	malicious	Mirai	Browse	104.82.1.11
	sora.arm7.elf	Get hash	malicious	Mirai	Browse	104.96.77.72
	SecurityScan_Release.exe	Get hash	malicious	Unknown	Browse	2.16.168.105
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://url12.mailanyone.net/scanner?m=1tUshS-0000000041D-2l2S&d=4%7Cmail%2F90%2F1736191200%2F1tUshS-0000000041D-2l2S%7Cin12g%7C57e1b682%7C21208867%7C12850088%7C677C2DBECB224D1EED07A26760DE755E&o=%2Fphtp%3A%2Fjtssamcce.ehst.uruirrevam.ctstro%2Fe%3D%2F%3Fixprceetmeat%3Dmn%26aeileplttm%26920%3D09s1-oFmyiSNtMTnafi%25iosctgp40norajmcm.c8p%3D5o%26991dd-86e2ee-4a-9879e6-de5f1dd.%232e.%3D302vp%3D0%26%25ttsdhF23Ap%252a%25Fuii.ctr.vro2omastr%25Fi2ge2ap%25%25FelFp%25cisoie52F21d9c876-89-4e9dd8-9d-d6ea215f22e%25eeFtFde%252maadata%3Da%26kdtuK8rJIg9jKP6GiBXfDGI7Fp%25Lddn2sRxJdhuPpjWD3%25ICb37&s=3NJIrjRA01UUg3P9bWqXPHrWXdk	Get hash	malicious	Unknown	Browse	13.107.253.44
	7ccf88c0bbe3b29bf19d877c4596a8d4.zip	Get hash	malicious	Unknown	Browse	13.107.246.45
	4.elf	Get hash	malicious	Unknown	Browse	51.109.26.124
	http://plnbl.io/review/VdCYQSoKp54z	Get hash	malicious	HTMLPhisher	Browse	13.107.42.14
	https://sUNg.ethamoskag.ru/0cUrcw3/#Msburkholder@heartland-derm.com	Get hash	malicious	Unknown	Browse	52.168.117.168
	miori.ppc.elf	Get hash	malicious	Unknown	Browse	22.176.136.250
	miori.x86.elf	Get hash	malicious	Unknown	Browse	21.129.217.0
	miori.sh4.elf	Get hash	malicious	Unknown	Browse	52.180.32.160
	miori.mpsl.elf	Get hash	malicious	Unknown	Browse	20.10.130.141
	miori.mips.elf	Get hash	malicious	Unknown	Browse	20.218.104.159
AKAMAI-ASN1EU	http://plnbl.io/review/VdCYQSoKp54z	Get hash	malicious	HTMLPhisher	Browse	88.221.110.136
	https://sUNg.ethamoskag.ru/0cUrcw3/#Msburkholder@heartland-derm.com	Get hash	malicious	Unknown	Browse	2.16.168.12
	miori.x86.elf	Get hash	malicious	Unknown	Browse	184.27.119.118
	https://t.co/sSZe0hnReU	Get hash	malicious	Unknown	Browse	23.215.17.144
	https://pozaweclip.upnana.com/	Get hash	malicious	Unknown	Browse	2.16.168.113
	https://link.edgepilot.com/s/692fcd16/rcPy0yXyykq_mRLKroUvRQ?u=https://petroleumalliance.us8.list-manage.com/track/click?u=325f73d29a0b4f85a46b700a9%26id=dfe369da82%26e=94c2db4428	Get hash	malicious	Unknown	Browse	104.124.11.145
	miori.arm5.elf	Get hash	malicious	Unknown	Browse	23.202.150.7
	sora.spc.elf	Get hash	malicious	Mirai	Browse	104.82.1.11
	sora.arm7.elf	Get hash	malicious	Mirai	Browse	104.96.77.72
	SecurityScan_Release.exe	Get hash	malicious	Unknown	Browse	2.16.168.105

Process:	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	52
Entropy (8bit):	4.820162073702298
Encrypted:	false
SSDEEP:	3:oFj4I5vpm4USRXov:oJ5bGv
MD5:	6BAF656C4B470AF650A8A8A750D5B936
SHA1:	813FE4E2169FBE95E8B3920A4DEEA11C390B4656
SHA-256:	DF7D829D64C86DAF5CA6ED4188B27C9593B62ABCFB2EC9B58C5A098AA2075ABB
SHA-512:	6B6ABA6CDE9F0D4B7A8771E7BEF3F7991D34F6F7C1ADDFC0B72F2FD96FC9C540B787AB904D38FF8830C13FD0400A880002C189F3489978C881CBCB40DED8DEC3
Malicious:	false
Preview:	C:\Program Files (x86)\Java\jre-1.8..1736324667474..

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	48354
Entropy (8bit):	6.095370667444796
Encrypted:	false
SSDEEP:	768:OMkbJrT8IeQc5dKGR7hfgMb2IYEeTT5oFAqMCoijMYxhJyoMxBL5uTY3JxChoa:OMk1rT8H1Kii5EeTTvqrv0BFuTAaoa
MD5:	6FFE4A0E457B716CC756D5146C1AA8F1
SHA1:	08A75BDCFAB601E425E5B6E1D8AFF23AF72FAD6A
SHA-256:	B215D8AC70BDD36230611665E5B35F45A78EEECFBF6E76FFA8BC2B182483D5BF
SHA-512:	7F7B73BD696E424B748CC097071F42966AC00F37A57C19C1FFCDC97DA3E3984B74F7DD95FB6B9DB237C03F9B9D65ED71C176F498D26DE8E1EE6FCA409498DDA9
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1736324621"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

Process:	C:\Windows\System32\wscript.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	21359
Entropy (8bit):	7.948030467353428
Encrypted:	false
SSDEEP:	384:OAJjyCdE1n02lxzHm8QkdduiQpbkl/JZ476rvusoEyPsh719/buA5OB5/6RkhZgK:PJy1npQm5QxkBcyvulbkB19/buAoX/Rf
MD5:	8E96E66F83E748D267DF96390C880297
SHA1:	BAE891900C7C646F62A9B51C27F5B13A30CC9589
SHA-256:	AE345B40D165255284BF4C6AB00A871FCB035B552AC0B20B3CFB19E4644E49B7
SHA-512:	CEE16641BBBBF2DA2D1AE7AF00E6B266DE0374B955C37933061C4D1641AAC4CD1216A05C2140CB9203B0DC9CF565C686D5C04CD884EB44C578CD40605F7F7224
Malicious:	true
Yara Hits:	Rule: JoeSecurity_BranchlockObfuscator, Description: Yara detected Branchlock Obfuscator, Source: C:\Users\user\AppData\Local\Temp\Swift Confirmation Copy.jar, Author: Joe Security
Preview:	PK........%.$Z................META-INF/MANIFEST.MFUT.....yg.....M..LK-...K-...R0.3..M...u.I,..RH..MJ,..L.....$.dX).qq..PK..{D.Y:...;...PK.........9%Z................./..class.R[O.A.=C...k..P.h.E]. J.....bDI..m...k.-../..7..Q\|..@c..f..^.!./..4......ag.;g.w......N.2.w#.l.,. .U........6..N.qj....}{N..5.....Q.R.4.$..a.....q.f..A9..#....a...LBUcA.PWM.fx.]..x}(.n...g..S.+rio.....j..&!...{.&....)n!JP...fd)3 .T.U....{..6tSw......-}.u......7.....efD.'........<Pl.3...h......u5.f.~~ .~.k.[.....H......J.2.Y......t..ajO.i~....M.8.U...t..1.cP.L[......,...(#ng....%b#..i...8...5A.......8J....X.Dt..S.e.T3Et.H..M.6.$t..]8.... .J#.n.fN.u.J.C...'..5..Q.+....5N.L.m..5<..5.DT......?.......F.ai..`k..uT.b...S..j]....i.A..'.......Gq8.!D!....<.)...p..C.....}.s8....y..uya...x...u...:.p...u.V..J.".RCl.T!......S...F./PK...}j.........PK.........9%Z................./..class.T]O.Y.~N....k[AdY.u....AYQ....G*~.0.....u._.f....%..Q...&..L................B..w..c

File type:	SVG Scalable Vector Graphics image
Entropy (8bit):	6.057265090020272
TrID:
File name:	Swift-TT680169 Report.svg
File size:	127'905 bytes
MD5:	ccc997a94272656e267c53bde3bc895b
SHA1:	34f412909bdd36f3f5fa6ae5f9e70d56b9f182af
SHA256:	3d44de6a6a5358af68357af152c958173369fd96dc2ce4cae03c26795f4d8e8d
SHA512:	dff751dbb628b5452de9cc7669e343d6b940c64a69aa094fe0d527dbfc18ef005a713d24ed9d45f52e85bb96f3a666af53b6c2858c3d2b39757876047556203b
SSDEEP:	3072:bO0yJEw9N/Tay87YvHLJ+8MLpxlLkeCbAv8iHtsqbOxjf2LCZzY:S0L4o7SM8+pxlJOA06bNLCW
TLSH:	49C302724604053CF110A6489A4B2CF49FBC709B650B9CE1754E29D77B8EFD6AC67ACC
File Content Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 800 600">. Background -->. <rect x="0" y="0" width="800" height="600" fill="#f9f9f9"/>.. Header -->. <defs>. <linearGradient id="headerGradient" x1="0%" y1="0%" x2="0%" y2="

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 8, 2025 09:23:19.739047050 CET	63492	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:23:19.739376068 CET	60427	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:23:19.980674982 CET	55696	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:23:19.980858088 CET	50058	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:23:19.987229109 CET	53	55696	1.1.1.1	192.168.2.16
Jan 8, 2025 09:23:19.988379002 CET	53	50058	1.1.1.1	192.168.2.16
Jan 8, 2025 09:23:23.128578901 CET	56825	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:23:23.128710985 CET	50452	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:23:23.129112005 CET	49883	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:23:23.129220009 CET	51672	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:23:23.135689020 CET	53	50452	1.1.1.1	192.168.2.16
Jan 8, 2025 09:23:23.135971069 CET	53	56825	1.1.1.1	192.168.2.16
Jan 8, 2025 09:23:23.136076927 CET	53	49883	1.1.1.1	192.168.2.16
Jan 8, 2025 09:23:23.136342049 CET	53	51672	1.1.1.1	192.168.2.16
Jan 8, 2025 09:23:23.137892962 CET	62965	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:23:23.138015985 CET	60329	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:23:23.144485950 CET	53	62965	1.1.1.1	192.168.2.16
Jan 8, 2025 09:23:23.144556999 CET	53	60329	1.1.1.1	192.168.2.16
Jan 8, 2025 09:23:30.535630941 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:30.842000961 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:30.998498917 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:30.998519897 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:30.998577118 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:30.998610973 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:30.999819040 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.005486012 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.005686045 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.006247044 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.006427050 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.006505013 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.006608009 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.103097916 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.103112936 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.103131056 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.103141069 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.103529930 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.103576899 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.105092049 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.106044054 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.106405020 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.106422901 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.106554985 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.106607914 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.106808901 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.201278925 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.240053892 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.785145998 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.786835909 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.786937952 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.884552956 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.885103941 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.886023045 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.886645079 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.886847019 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:31.887600899 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:31.926805973 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:32.531445026 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:32.630815983 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:32.631409883 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:32.637116909 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:32.735299110 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:32.736618996 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:32.770760059 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.329199076 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.329391956 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.341629982 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.342900991 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.348705053 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.348810911 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.428250074 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.439615965 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.440579891 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.440937996 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.443624973 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.444329977 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.444550037 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.447324991 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.447942972 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.448337078 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.448383093 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.448538065 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.450552940 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.450750113 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.751904011 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.887511969 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.887564898 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.887576103 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.887583971 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.888282061 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.889489889 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.889641047 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.889837980 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.889925957 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.983560085 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.983583927 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.983592987 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.983602047 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:34.983890057 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.983992100 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:34.984762907 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:35.025285959 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:35.030457973 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:35.030690908 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:35.077714920 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:35.117305040 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:37.628693104 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:37.628802061 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:37.727612972 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:37.728785038 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:37.745874882 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:37.746284962 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:37.959196091 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:37.959302902 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:38.057687998 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:38.070456028 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:38.083774090 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:38.084084034 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:38.276979923 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:38.277122974 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:38.376020908 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:38.377933979 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:38.387361050 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:38.387636900 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:39.364938021 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:39.365145922 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:39.459579945 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:39.459997892 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:39.460196018 CET	443	54845	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:39.462832928 CET	54845	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:41.344063044 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:41.344177008 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:41.442953110 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:41.443665028 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:41.444045067 CET	443	56787	162.159.61.3	192.168.2.16
Jan 8, 2025 09:23:41.444252968 CET	56787	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:23:41.444926023 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:41.753868103 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:41.896128893 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:41.897485018 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:41.897524118 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:41.897567987 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:41.897583008 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:41.898041010 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:41.899990082 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:41.900110960 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:41.900337934 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:41.900352001 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:41.900382042 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.000159979 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.000206947 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.000370026 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.000382900 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.000391960 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.000413895 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.000505924 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.000633001 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.037528038 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.050280094 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.050499916 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.050579071 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.050591946 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.050602913 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.050616980 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.050651073 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.050735950 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.050787926 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.055145025 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.055236101 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.055284977 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.058804035 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.059063911 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.059876919 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.063930035 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.064183950 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.065172911 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.068145990 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.068305016 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.071353912 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.075474977 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:42.075635910 CET	50421	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:23:42.193870068 CET	443	50421	23.44.201.39	192.168.2.16
Jan 8, 2025 09:23:48.415910959 CET	137	137	192.168.2.16	192.168.2.255
Jan 8, 2025 09:23:49.178980112 CET	137	137	192.168.2.16	192.168.2.255
Jan 8, 2025 09:23:49.929918051 CET	137	137	192.168.2.16	192.168.2.255
Jan 8, 2025 09:24:23.056585073 CET	57241	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:24:23.056770086 CET	57241	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:24:23.470963001 CET	57241	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:24:23.504601955 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:24:23.504621029 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:24:23.507215977 CET	57241	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:24:23.569274902 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:24:23.569612980 CET	57241	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:24:23.605324030 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:24:23.605422974 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:24:23.605432987 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:24:23.605443001 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:24:23.605690002 CET	57241	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:24:23.605756044 CET	57241	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:24:23.667675972 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:24:24.869095087 CET	138	138	192.168.2.16	192.168.2.255
Jan 8, 2025 09:24:29.544282913 CET	59516	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:24:29.564043045 CET	53	59516	1.1.1.1	192.168.2.16
Jan 8, 2025 09:24:43.604070902 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:24:43.642086029 CET	57241	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:24:44.154241085 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:24:44.186000109 CET	57241	443	192.168.2.16	23.44.201.39
Jan 8, 2025 09:24:53.606118917 CET	443	57241	23.44.201.39	192.168.2.16
Jan 8, 2025 09:25:19.744935989 CET	57264	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:25:19.745083094 CET	56580	53	192.168.2.16	1.1.1.1
Jan 8, 2025 09:25:19.751689911 CET	53	57264	1.1.1.1	192.168.2.16
Jan 8, 2025 09:25:19.751701117 CET	53	56580	1.1.1.1	192.168.2.16
Jan 8, 2025 09:25:19.752717018 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:19.752860069 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:19.753092051 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:19.753181934 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:20.079283953 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:20.215892076 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.215909004 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.216356039 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.216823101 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:20.254303932 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:20.314346075 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.314359903 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.314367056 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.314374924 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.314734936 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:20.314801931 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:20.412134886 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.412489891 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:20.510759115 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.511914968 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.512237072 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:20.512558937 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:23.118340015 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:23.118439913 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:23.216314077 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:23.216769934 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:23.216945887 CET	443	62227	162.159.61.3	192.168.2.16
Jan 8, 2025 09:25:23.217263937 CET	62227	443	192.168.2.16	162.159.61.3
Jan 8, 2025 09:25:23.218094110 CET	51286	443	192.168.2.16	23.44.201.26
Jan 8, 2025 09:25:23.218190908 CET	51286	443	192.168.2.16	23.44.201.26
Jan 8, 2025 09:25:23.662395000 CET	443	51286	23.44.201.26	192.168.2.16
Jan 8, 2025 09:25:23.662411928 CET	443	51286	23.44.201.26	192.168.2.16
Jan 8, 2025 09:25:23.663057089 CET	51286	443	192.168.2.16	23.44.201.26
Jan 8, 2025 09:25:23.757829905 CET	443	51286	23.44.201.26	192.168.2.16
Jan 8, 2025 09:25:23.757841110 CET	443	51286	23.44.201.26	192.168.2.16
Jan 8, 2025 09:25:23.757850885 CET	443	51286	23.44.201.26	192.168.2.16
Jan 8, 2025 09:25:23.757858992 CET	443	51286	23.44.201.26	192.168.2.16
Jan 8, 2025 09:25:23.758070946 CET	51286	443	192.168.2.16	23.44.201.26
Jan 8, 2025 09:25:23.758109093 CET	51286	443	192.168.2.16	23.44.201.26
Jan 8, 2025 09:25:23.862281084 CET	443	51286	23.44.201.26	192.168.2.16

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 8, 2025 09:23:19.746220112 CET	1.1.1.1	192.168.2.16	0xec65	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 8, 2025 09:23:19.746432066 CET	1.1.1.1	192.168.2.16	0x7383	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 8, 2025 09:23:19.987229109 CET	1.1.1.1	192.168.2.16	0x969e	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 8, 2025 09:23:19.987229109 CET	1.1.1.1	192.168.2.16	0x969e	No error (0)	googlehosted.l.googleusercontent.com		142.250.181.225	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:23:19.988379002 CET	1.1.1.1	192.168.2.16	0xe4c4	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 8, 2025 09:23:21.830027103 CET	1.1.1.1	192.168.2.16	0xc998	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 8, 2025 09:23:21.830027103 CET	1.1.1.1	192.168.2.16	0xc998	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:23:23.135689020 CET	1.1.1.1	192.168.2.16	0xbde9	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jan 8, 2025 09:23:23.135971069 CET	1.1.1.1	192.168.2.16	0x659c	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:23:23.135971069 CET	1.1.1.1	192.168.2.16	0x659c	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:23:23.136076927 CET	1.1.1.1	192.168.2.16	0xb3a6	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:23:23.136076927 CET	1.1.1.1	192.168.2.16	0xb3a6	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:23:23.136342049 CET	1.1.1.1	192.168.2.16	0xf385	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jan 8, 2025 09:23:23.144485950 CET	1.1.1.1	192.168.2.16	0x4c53	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:23:23.144485950 CET	1.1.1.1	192.168.2.16	0x4c53	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:23:23.144556999 CET	1.1.1.1	192.168.2.16	0xdbed	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jan 8, 2025 09:24:29.564043045 CET	1.1.1.1	192.168.2.16	0x79ac	No error (0)	seasonmonster.s3.us-east-1.amazonaws.com	s3-r-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 8, 2025 09:24:29.564043045 CET	1.1.1.1	192.168.2.16	0x79ac	No error (0)	s3-r-w.us-east-1.amazonaws.com		3.5.12.103	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:24:29.564043045 CET	1.1.1.1	192.168.2.16	0x79ac	No error (0)	s3-r-w.us-east-1.amazonaws.com		52.216.25.16	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:24:29.564043045 CET	1.1.1.1	192.168.2.16	0x79ac	No error (0)	s3-r-w.us-east-1.amazonaws.com		52.217.226.146	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:24:29.564043045 CET	1.1.1.1	192.168.2.16	0x79ac	No error (0)	s3-r-w.us-east-1.amazonaws.com		52.217.233.170	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:24:29.564043045 CET	1.1.1.1	192.168.2.16	0x79ac	No error (0)	s3-r-w.us-east-1.amazonaws.com		54.231.135.154	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:24:29.564043045 CET	1.1.1.1	192.168.2.16	0x79ac	No error (0)	s3-r-w.us-east-1.amazonaws.com		16.15.177.185	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:24:29.564043045 CET	1.1.1.1	192.168.2.16	0x79ac	No error (0)	s3-r-w.us-east-1.amazonaws.com		54.231.197.218	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:24:29.564043045 CET	1.1.1.1	192.168.2.16	0x79ac	No error (0)	s3-r-w.us-east-1.amazonaws.com		54.231.196.58	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:25:19.751689911 CET	1.1.1.1	192.168.2.16	0xfdc6	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:25:19.751689911 CET	1.1.1.1	192.168.2.16	0xfdc6	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jan 8, 2025 09:25:19.751701117 CET	1.1.1.1	192.168.2.16	0xac0a	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:20 UTC	594	OUT	GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:21 UTC	563	IN	HTTP/1.1 200 OK X-GUploader-UploadID: AFiumC5wKw6fIBAmdxHzrEhEL7mbInct4DZJ1QTLa23jR-A7kJIcVtlSeOO1H2QUnIUS8Z_o Accept-Ranges: bytes Content-Length: 154477 X-Goog-Hash: crc32c=F5qq4g== Server: UploadServer Date: Tue, 07 Jan 2025 15:58:13 GMT Expires: Wed, 07 Jan 2026 15:58:13 GMT Cache-Control: public, max-age=31536000 Age: 59107 Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-08 08:23:21 UTC	827	IN	Data Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2025-01-08 08:23:21 UTC	1390	IN	Data Raw: d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2 Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,\|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
2025-01-08 08:23:21 UTC	1390	IN	Data Raw: fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44 Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4\|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
2025-01-08 08:23:21 UTC	1390	IN	Data Raw: ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G\|?6:{r;iGW
2025-01-08 08:23:21 UTC	1390	IN	Data Raw: fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}\|.nw'Gw=n'CSZB=
2025-01-08 08:23:21 UTC	1390	IN	Data Raw: 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83 Data Ascii: s=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%pA8C4qc(>@z1/V\|#Bo4v_mnniN ZKa./<_PBzi7~>v
2025-01-08 08:23:21 UTC	1390	IN	Data Raw: 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82 Data Ascii: =K`!3\|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9\|c`rlqIm7n/n$i9xS=qwlVs^\|\|s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
2025-01-08 08:23:21 UTC	1390	IN	Data Raw: fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89 Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm\|n9*ENf+y1AQ-9w.Tvm'W:iw\|K.9-6l[/y[}5'y$+H%:Y1/F\
2025-01-08 08:23:21 UTC	1390	IN	Data Raw: 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05 Data Ascii: AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i\|\|$yfxE?d;VR??p\<Wp;s.IN1 Q9
2025-01-08 08:23:21 UTC	1390	IN	Data Raw: 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63 Data Ascii: QNtY\|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?\|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:23 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2025-01-08 08:23:23 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2025-01-08 08:23:23 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 08 Jan 2025 08:23:23 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8feac9051b804411-EWR alt-svc: h3=":443"; ma=86400
2025-01-08 08:23:23 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 27 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom'A)

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:30 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2025-01-08 08:23:30 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 02 67 6f 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 53 00 0c 00 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: gomicrosoftcom)SO
2025-01-08 08:23:31 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 08 Jan 2025 08:23:31 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8feac9333c1e4366-EWR alt-svc: h3=":443"; ma=86400
2025-01-08 08:23:31 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 03 00 00 00 01 02 67 6f 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 0e 09 00 1e 02 67 6f 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 07 65 64 67 65 6b 65 79 03 6e 65 74 00 c0 2e 00 05 00 01 00 00 02 51 00 19 06 65 31 31 32 39 30 04 64 73 70 67 0a 61 6b 61 6d 61 69 65 64 67 65 c0 47 c0 58 00 01 00 01 00 00 00 0d 00 04 17 33 39 d7 00 00 29 04 d0 00 00 00 00 01 48 00 0c 01 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: gomicrosoftcomgomicrosoftcomedgekeynet.Qe11290dspgakamaiedgeGX39)HD

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:34 UTC	452	OUT	POST /undersideproactive/api/v1/trigger HTTP/1.1 Host: services.bingapis.com Connection: keep-alive Content-Length: 212 Content-Type: application/json Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:34 UTC	212	OUT	Data Raw: 7b 22 64 6f 6d 61 69 6e 73 22 3a 5b 7b 22 63 6f 6e 66 69 64 65 6e 63 65 22 3a 31 2e 30 2c 22 6e 61 6d 65 22 3a 22 55 6e 64 65 72 73 69 64 65 43 68 61 74 41 72 74 69 63 6c 65 50 61 67 65 51 75 65 73 74 69 6f 6e 22 7d 5d 2c 22 69 64 54 79 70 65 22 3a 22 55 6e 6b 6e 6f 77 6e 22 2c 22 73 6f 75 72 63 65 55 72 6c 22 3a 22 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 65 6e 2d 67 62 2f 65 64 67 65 2f 77 65 6c 63 6f 6d 65 3f 65 70 3d 38 36 39 26 65 73 3d 31 36 35 26 66 6f 72 6d 3d 4d 54 30 30 4c 4a 26 63 73 3d 35 38 31 36 39 31 35 39 38 22 2c 22 75 73 65 72 49 64 22 3a 22 22 7d Data Ascii: {"domains":[{"confidence":1.0,"name":"UndersideChatArticlePageQuestion"}],"idType":"Unknown","sourceUrl":"","url":"https://www.microsoft.com/en-gb/edge/welcome?ep=869&es=165&form=MT00LJ&cs=581691598","userId":""}
2025-01-08 08:23:35 UTC	414	IN	HTTP/1.1 404 Not Found X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: CF18A00A6C48492F9C51BB374F40E6C3 Ref B: EWR311000103035 Ref C: 2025-01-08T08:23:35Z Date: Wed, 08 Jan 2025 08:23:35 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:35 UTC	657	OUT	GET /shared/edgeweb/_nuxt/entry.VZichmGr.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:35 UTC	736	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:35 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 46106 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"b41a-19395253ad5" Last-Modified: Thu, 05 Dec 2024 04:47:45 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082335Z-156796c549b8vs9phC1EWRnrp4000000144g000000003afb x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:35 UTC	15648	IN	Data Raw: 2e 70 78 2d 66 6c 6f 61 74 7b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 6f 70 3a 30 7d 2e 70 78 2d 66 6c 6f 61 74 5f 5f 6f 76 65 72 6c 61 79 7b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77 7d 2e 70 78 2d 66 6c 6f 61 74 5f 5f 6f 76 65 72 6c 61 79 2c 2e 70 78 2d 66 6c 6f 61 74 5f 5f 70 6f 70 75 70 7b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 74 6f 70 3a 30 7d 2e 70 78 2d 66 6c 6f 61 74 2d 2d 61 62 73 6f 6c 75 74 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 2e 70 78 2d 66 6c 6f 61 74 2d 2d 63 65 6e 74 65 72 65 64 20 2e 70 78 2d 66 6c 6f 61 74 5f 5f 70 6f 70 75 70 2c 2e 70 78 2d 66 6c 6f 61 74 2d 2d 64 65 66 61 75 6c 74 20 2e 70 78 2d 66 6c 6f 61 74 5f 5f 70 Data Ascii: .px-float{left:0;position:relative;top:0}.px-float__overlay{height:100vh;width:100vw}.px-float__overlay,.px-float__popup{left:0;position:fixed;top:0}.px-float--absolute{position:absolute}.px-float--centered .px-float__popup,.px-float--default .px-float__p
2025-01-08 08:23:35 UTC	16384	IN	Data Raw: 2d 6c 69 67 68 74 62 6c 75 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 35 64 65 67 2c 76 61 72 28 2d 2d 74 68 65 6d 65 2d 73 65 63 74 69 6f 6e 2d 62 67 2d 67 72 61 79 29 2c 76 61 72 28 2d 2d 74 68 65 6d 65 2d 73 65 63 74 69 6f 6e 2d 62 67 2d 6c 69 67 68 74 62 6c 75 65 29 29 7d 2e 63 6f 6d 6d 6f 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 2d 64 61 72 6b 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 64 61 72 6b 2d 62 67 29 7d 2e 63 6f 6d 6d 6f 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 2d 6c 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 6c 69 67 68 74 2d 62 67 29 7d 2e 63 6f 6d 6d 6f 6e 2d 62 61 63 6b Data Ascii: -lightblue{background-image:linear-gradient(105deg,var(--theme-section-bg-gray),var(--theme-section-bg-lightblue))}.common-background--dark{background-color:var(--theme-dark-bg)}.common-background--light{background-color:var(--theme-light-bg)}.common-back
2025-01-08 08:23:35 UTC	14074	IN	Data Raw: 3a 30 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 31 65 6d 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 74 72 61 6e 73 66 6f 72 6d 20 2e 32 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 31 35 2c 2e 36 31 2c 2e 33 35 35 2c 31 29 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 6d 6f 7a 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 70 78 2d 73 69 64 65 2d 64 72 61 77 65 72 5f 5f 69 63 6f 6e 2d 62 75 74 74 6f 6e 3a 64 69 73 61 62 6c 65 64 2c 2e 70 78 2d 73 69 64 65 2d 64 Data Ascii: :0;outline:none;padding:1em;position:relative;text-overflow:ellipsis;transition:transform .2s cubic-bezier(.215,.61,.355,1);-webkit-user-select:none;-moz-user-select:none;user-select:none;white-space:nowrap}.px-side-drawer__icon-button:disabled,.px-side-d

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:35 UTC	658	OUT	GET /shared/edgeweb/_nuxt/fluent.DRTRCTLp.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:35 UTC	736	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:35 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 18068 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"4694-193046c70ff" Last-Modified: Thu, 07 Nov 2024 02:20:35 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082335Z-156796c549br54lshC1EWR052n00000013900000000043kx x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:35 UTC	15648	IN	Data Raw: 2e 70 78 2d 74 6f 67 67 6c 65 7b 2d 2d 70 78 2d 74 6f 67 67 6c 65 2d 73 69 7a 65 3a 31 65 6d 3b 2d 2d 70 78 2d 74 6f 67 67 6c 65 2d 75 6e 63 68 65 63 6b 65 64 3a 72 67 62 61 28 33 34 2c 33 34 2c 33 34 2c 2e 33 33 29 3b 2d 2d 70 78 2d 74 6f 67 67 6c 65 2d 63 68 65 63 6b 65 64 3a 23 31 61 35 39 63 38 3b 2d 2d 70 78 2d 74 6f 67 67 6c 65 2d 74 68 75 6d 62 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 3b 2d 6d 6f 7a 2d 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 3b 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 Data Ascii: .px-toggle{--px-toggle-size:1em;--px-toggle-unchecked:rgba(34,34,34,.33);--px-toggle-checked:#1a59c8;--px-toggle-thumb:#fff;-webkit-appearance:none;-moz-appearance:none;appearance:none;background-color:transparent;border:none;cursor:pointer;display:inline
2025-01-08 08:23:35 UTC	2420	IN	Data Raw: 6f 65 2d 76 66 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 2d 2e 30 31 32 35 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 7d 2e 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 6c 61 6d 70 28 32 31 70 78 2c 31 2e 38 34 32 76 77 2c 32 38 70 78 29 7d 2e 68 35 7b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 2d 2e 30 31 32 35 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 7d 2e 68 35 2c 2e 73 68 31 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 66 6f 6e 74 2d 66 61 6d 69 6c 79 2c 73 65 67 6f 65 2d 76 66 29 2c 73 65 67 6f 65 2d 76 66 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 63 6c 61 6d 70 28 31 39 70 78 2c 31 Data Ascii: oe-vf,sans-serif;font-weight:400;letter-spacing:-.0125em;line-height:1.15}.h4{font-size:clamp(21px,1.842vw,28px)}.h5{letter-spacing:-.0125em;line-height:1.15}.h5,.sh1{font-family:var(--theme-font-family,segoe-vf),segoe-vf,sans-serif;font-size:clamp(19px,1

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:35 UTC	666	OUT	GET /shared/edgeweb/_nuxt/CommonButtonV1.Bhjf-ksG.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:35 UTC	738	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:35 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 110086 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1ae06-193656987c9" Last-Modified: Mon, 25 Nov 2024 22:20:35 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082335Z-156796c549bwq2hnhC1EWR1y1000000015600000000004s3 x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:35 UTC	15646	IN	Data Raw: 2e 73 63 72 6f 6c 6c 2d 69 64 7b 68 65 69 67 68 74 3a 31 70 78 3b 6f 70 61 63 69 74 79 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 38 30 70 78 3b 77 69 64 74 68 3a 31 70 78 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 3a 64 69 73 61 62 6c 65 64 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 61 62 61 62 61 38 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 78 2d 73 68 61 64 6f 77 3a Data Ascii: .scroll-id{height:1px;opacity:0;position:absolute;top:-80px;width:1px}.common-button-v1{cursor:pointer;font-size:1em}.common-button-v1,.common-button-v1:hover{text-decoration:none}.common-button-v1:disabled{background-color:#bababa80!important;box-shadow:
2025-01-08 08:23:35 UTC	16384	IN	Data Raw: 6c 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 61 74 74 65 6e 74 69 6f 6e 2d 67 72 61 64 69 65 6e 74 2d 62 6f 72 64 65 72 2d 62 6c 75 65 67 72 65 65 6e 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 61 74 74 65 6e 74 69 6f 6e 2d 67 72 61 64 69 65 6e 74 2d 62 6f 72 64 65 72 2d 62 6c 75 65 70 75 72 70 6c 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 61 74 74 65 6e 74 69 6f 6e 2d 67 72 61 64 69 65 6e 74 2d 62 6f 72 64 65 72 2d 67 72 65 65 6e 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 61 74 74 65 6e 74 69 6f 6e 2d 67 72 61 64 69 65 6e 74 2d 62 6f 72 64 65 72 2d 6c 69 67 Data Ascii: le,.common-button-v1--attention-gradient-border-bluegreen:focus-visible,.common-button-v1--attention-gradient-border-bluepurple:focus-visible,.common-button-v1--attention-gradient-border-green:focus-visible,.common-button-v1--attention-gradient-border-lig
2025-01-08 08:23:35 UTC	16384	IN	Data Raw: 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 33 70 78 20 23 31 61 35 39 63 38 62 66 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 69 63 6f 6e 2d 73 74 61 72 74 20 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 5f 5f 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 69 63 6f 6e 2d 73 74 61 72 74 20 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 5f 5f 69 63 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 65 6e 64 3a 2e 33 33 65 6d 3b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 2d 2e 33 33 65 6d 3b 6f 72 64 65 72 3a 2d 31 30 7d 2e 63 6f 6d 6d 6f 6e 2d Data Ascii: :focus-visible{box-shadow:0 0 0 3px #1a59c8bf}.common-button-v1--icon-start .common-button-v1__label{display:flex}.common-button-v1--icon-start .common-button-v1__icon{font-size:inherit;margin-inline-end:.33em;margin-inline-start:-.33em;order:-10}.common-
2025-01-08 08:23:35 UTC	16384	IN	Data Raw: 32 32 38 2c 30 29 20 36 34 2e 38 64 65 67 2c 23 32 64 38 63 65 34 20 2e 34 32 74 75 72 6e 2c 23 33 66 62 66 66 66 20 32 30 38 2e 38 64 65 67 2c 72 67 62 61 28 36 33 2c 31 39 31 2c 32 35 35 2c 30 29 20 2e 38 32 74 75 72 6e 29 20 31 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 61 74 74 65 6e 74 69 6f 6e 2d 6f 75 74 6c 69 6e 65 2d 73 68 61 6b 65 2d 67 72 61 64 69 65 6e 74 2d 62 6f 72 64 65 72 2d 70 75 72 70 6c 65 7b 61 6e 69 6d 61 74 69 6f 6e 3a 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 62 6f 72 64 65 72 2d 72 6f 74 61 74 65 20 31 2e 37 35 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 68 65 61 64 73 68 61 6b 65 20 33 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 34 34 35 2c 2e 30 35 2c 2e 35 35 Data Ascii: 228,0) 64.8deg,#2d8ce4 .42turn,#3fbfff 208.8deg,rgba(63,191,255,0) .82turn) 1}.common-button-v1--attention-outline-shake-gradient-border-purple{animation:common-button-v1-border-rotate 1.75s linear infinite;animation:headshake 3s cubic-bezier(.445,.05,.55
2025-01-08 08:23:35 UTC	16384	IN	Data Raw: 5f 63 6f 6e 74 65 6e 74 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 74 65 6d 70 2d 6e 65 78 74 2d 35 20 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 5f 5f 63 6f 6e 74 65 6e 74 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 74 72 61 6e 73 66 6f 72 6d 20 2e 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 31 35 2c 2e 36 31 2c 2e 33 35 35 2c 31 29 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 74 65 6d 70 2d 6e 65 78 74 2d 31 20 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 5f 5f 63 6f 6e 74 65 6e 74 3a 61 66 74 65 72 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 74 65 6d 70 2d 6e 65 78 74 2d 32 20 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 5f 5f 63 6f 6e 74 65 6e 74 3a 61 66 74 65 72 2c 2e 63 6f 6d 6d Data Ascii: _content,.common-button-v1--temp-next-5 .common-button-v1__content{transition:transform .4s cubic-bezier(.215,.61,.355,1)}.common-button-v1--temp-next-1 .common-button-v1__content:after,.common-button-v1--temp-next-2 .common-button-v1__content:after,.comm
2025-01-08 08:23:35 UTC	16384	IN	Data Raw: 6e 74 2d 73 69 7a 65 3a 2e 39 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 74 65 6d 70 2d 73 65 63 6f 6e 64 61 72 79 2d 36 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 33 65 33 66 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 74 65 6d 70 2d 6e 65 78 74 2d 37 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 35 37 61 65 39 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 69 6e 2d 77 69 64 74 68 3a 39 65 6d 3b 70 61 64 64 69 6e 67 3a 30 20 32 65 6d 20 2e 31 65 6d 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 74 65 6d 70 2d 6e 65 78 74 Data Ascii: nt-size:.9em;font-weight:600}.common-button-v1--temp-secondary-6:hover{background-color:#d3e3f9;color:#fff}.common-button-v1--temp-next-7{background:#157ae9;box-shadow:none!important;color:#fff;min-width:9em;padding:0 2em .1em}.common-button-v1--temp-next
2025-01-08 08:23:35 UTC	12520	IN	Data Raw: 77 3a 68 6f 76 65 72 20 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 5f 5f 63 6f 6e 74 65 6e 74 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2e 35 65 6d 29 7d 5b 64 69 72 3d 72 74 6c 5d 20 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 74 65 6d 70 2d 62 69 6e 67 2d 61 72 72 6f 77 3a 68 6f 76 65 72 20 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 5f 5f 63 6f 6e 74 65 6e 74 3a 61 66 74 65 72 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 2e 35 65 6d 29 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 76 31 2d 2d 74 65 6d 70 2d 62 69 6e 67 2d 61 72 72 6f 77 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 37 37 31 64 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6d 6d 6f Data Ascii: w:hover .common-button-v1__content{transform:translate(.5em)}[dir=rtl] .common-button-v1--temp-bing-arrow:hover .common-button-v1__content:after{transform:translate(-.5em)}.common-button-v1--temp-bing-arrow:hover{background-color:#2771d8;color:#fff}.commo

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:35 UTC	664	OUT	GET /shared/edgeweb/_nuxt/CommonButton.DduORkOQ.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:36 UTC	736	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:35 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 23135 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"5a5f-193e181524a" Last-Modified: Fri, 20 Dec 2024 00:39:29 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082335Z-156796c549b8zlhlhC1EWRxx40000000143g0000000041bn x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:36 UTC	15648	IN	Data Raw: 2e 73 63 72 6f 6c 6c 2d 69 64 7b 68 65 69 67 68 74 3a 31 70 78 3b 6f 70 61 63 69 74 79 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 38 30 70 78 3b 77 69 64 74 68 3a 31 70 78 7d 40 70 72 6f 70 65 72 74 79 20 2d 2d 63 6d 2d 62 74 6e 2d 63 6c 72 2d 31 7b 73 79 6e 74 61 78 3a 22 3c 63 6f 6c 6f 72 3e 22 3b 69 6e 68 65 72 69 74 73 3a 74 72 75 65 3b 69 6e 69 74 69 61 6c 2d 76 61 6c 75 65 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 40 70 72 6f 70 65 72 74 79 20 2d 2d 63 6d 2d 62 74 6e 2d 63 6c 72 2d 32 7b 73 79 6e 74 61 78 3a 22 3c 63 6f 6c 6f 72 3e 22 3b 69 6e 68 65 72 69 74 73 3a 74 72 75 65 3b 69 6e 69 74 69 61 6c 2d 76 61 6c 75 65 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 40 70 72 6f 70 65 72 74 79 20 2d 2d 63 6d 2d 62 74 6e 2d 63 6c Data Ascii: .scroll-id{height:1px;opacity:0;position:absolute;top:-80px;width:1px}@property --cm-btn-clr-1{syntax:"<color>";inherits:true;initial-value:transparent}@property --cm-btn-clr-2{syntax:"<color>";inherits:true;initial-value:transparent}@property --cm-btn-cl
2025-01-08 08:23:36 UTC	7487	IN	Data Raw: 74 74 6f 6d 3a 2d 32 70 78 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6c 65 66 74 3a 2d 32 70 78 3b 6f 70 61 63 69 74 79 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 2d 32 70 78 3b 74 6f 70 3a 2d 32 70 78 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 33 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 31 35 2c 2e 36 31 2c 2e 33 35 35 2c 31 29 7d 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 63 6f 70 69 6c 6f 74 2d 63 6f 6c 6f 72 2d 77 68 69 74 65 3a 61 63 74 69 76 65 3a 62 65 66 6f 72 65 2c 2e 63 6f 6d 6d 6f 6e 2d 62 75 74 74 6f 6e 2d 2d 63 6f 70 69 6c 6f 74 2d 63 6f 6c 6f 72 2d 77 68 69 74 65 3a 68 6f 76 65 72 3a 62 65 66 6f 72 65 7b 6f 70 61 63 69 74 79 3a 30 7d Data Ascii: ttom:-2px;content:"";display:block;left:-2px;opacity:0;position:absolute;right:-2px;top:-2px;transition:opacity .3s cubic-bezier(.215,.61,.355,1)}.common-button--copilot-color-white:active:before,.common-button--copilot-color-white:hover:before{opacity:0}

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:35 UTC	668	OUT	GET /shared/edgeweb/_nuxt/CommonInlineIcon.v8OKQt42.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:36 UTC	709	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:35 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 104 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"68-193046c8e20" Last-Modified: Thu, 07 Nov 2024 02:20:43 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082335Z-156796c549btxqbfhC1EWR2hbg00000015w0000000003kb3 x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:36 UTC	104	IN	Data Raw: 2e 63 6f 6d 6d 6f 6e 2d 69 6e 6c 69 6e 65 2d 69 63 6f 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 66 6c 65 78 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 2e 39 35 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 2e 31 65 6d 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 0a Data Ascii: .common-inline-icon{display:inline-block;flex:none;height:.95em;margin-top:-.1em;vertical-align:middle}

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:36 UTC	668	OUT	GET /shared/edgeweb/_nuxt/MediaItemDynamic.-IR4ihi9.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:36 UTC	710	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:36 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 318 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"13e-193046c70f0" Last-Modified: Thu, 07 Nov 2024 02:20:35 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082336Z-156796c549b888bzhC1EWR3ywc0000000k30000000002nfk x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:36 UTC	318	IN	Data Raw: 2e 73 63 72 6f 6c 6c 2d 69 64 7b 68 65 69 67 68 74 3a 31 70 78 3b 6f 70 61 63 69 74 79 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 38 30 70 78 3b 77 69 64 74 68 3a 31 70 78 7d 2e 6d 65 64 69 61 2d 69 74 65 6d 5f 5f 66 61 64 65 2d 65 6e 74 65 72 2d 61 63 74 69 76 65 2c 2e 6d 65 64 69 61 2d 69 74 65 6d 5f 5f 66 61 64 65 2d 6c 65 61 76 65 2d 61 63 74 69 76 65 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 38 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 36 35 2c 2e 38 34 2c 2e 34 34 2c 31 29 7d 2e 6d 65 64 69 61 2d 69 74 65 6d 5f 5f 66 61 64 65 2d 65 6e 74 65 72 2c 2e 6d 65 64 69 61 2d 69 74 65 6d 5f 5f 66 61 64 65 2d 65 6e 74 65 72 2d 66 72 6f 6d 2c 2e 6d 65 64 69 61 2d 69 74 65 6d 5f 5f 66 61 64 65 2d Data Ascii: .scroll-id{height:1px;opacity:0;position:absolute;top:-80px;width:1px}.media-item__fade-enter-active,.media-item__fade-leave-active{transition:opacity .8s cubic-bezier(.165,.84,.44,1)}.media-item__fade-enter,.media-item__fade-enter-from,.media-item__fade-

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:36 UTC	663	OUT	GET /shared/edgeweb/_nuxt/experiments.DS9CrIRX.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:36 UTC	708	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:36 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 33 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"21-193046c710f" Last-Modified: Thu, 07 Nov 2024 02:20:35 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082336Z-156796c549blw98nhC1EWRf14c00000015wg000000003m3w x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:36 UTC	33	IN	Data Raw: 2e 77 63 70 2d 6d 61 6e 61 67 65 2d 6c 69 6e 6b 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 0a Data Ascii: .wcp-manage-link{cursor:pointer}

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:36 UTC	668	OUT	GET /shared/edgeweb/_nuxt/ChannelEulaPopup.DASfJiCs.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:36 UTC	708	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:36 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 88 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"58-193046c710f" Last-Modified: Thu, 07 Nov 2024 02:20:35 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082336Z-156796c549b888bzhC1EWR3ywc0000000k20000000002zz6 x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:36 UTC	88	IN	Data Raw: 2e 65 75 6c 61 2d 70 6f 70 75 70 5f 5f 64 69 61 6c 6f 67 20 2e 61 70 70 2d 70 6f 70 75 70 2d 6c 61 79 6f 75 74 20 2e 61 70 70 2d 70 6f 70 75 70 2d 67 72 61 70 68 69 63 2d 69 6d 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 35 30 25 7d 0a Data Ascii: .eula-popup__dialog .app-popup-layout .app-popup-graphic-image{background-position:50%}

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:36 UTC	661	OUT	GET /shared/edgeweb/_nuxt/edge-icon.BwIA8KUD.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:36 UTC	735	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:36 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 6401 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1901-193046c70ff" Last-Modified: Thu, 07 Nov 2024 02:20:35 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082336Z-156796c549b97fdkhC1EWRd3rw000000146g000000001xt7 x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:36 UTC	6401	IN	Data Raw: 2e 65 75 6c 61 2d 64 6f 77 6e 6c 6f 61 64 2d 73 65 63 74 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 67 72 69 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 67 61 70 3a 31 2e 35 65 6d 3b 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 61 72 65 61 73 3a 22 68 65 61 64 65 72 20 68 65 61 64 65 72 22 20 22 72 65 61 64 65 72 20 72 65 61 64 65 72 22 20 22 69 6e 66 6f 20 69 6e 66 6f 22 20 22 6c 61 6e 67 20 61 63 63 65 70 74 22 3b 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6c 75 6d 6e 73 3a 61 75 74 6f 20 31 66 72 3b 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 72 6f 77 73 3a 61 75 74 6f 20 6d 69 6e 6d 61 78 28 30 2c 31 66 72 29 20 61 75 74 6f 20 61 75 74 6f 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 65 75 6c 61 2d 64 6f 77 6e 6c 6f 61 64 2d Data Ascii: .eula-download-section{display:grid;font-size:1em;gap:1.5em;grid-template-areas:"header header" "reader reader" "info info" "lang accept";grid-template-columns:auto 1fr;grid-template-rows:auto minmax(0,1fr) auto auto;height:100%;width:100%}.eula-download-

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:37 UTC	664	OUT	GET /shared/edgeweb/_nuxt/FocusStepper.D-YSntO-.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:37 UTC	734	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:37 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 2990 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"bae-193046c70ff" Last-Modified: Thu, 07 Nov 2024 02:20:35 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082337Z-156796c549bwq2hnhC1EWR1y1000000014yg000000003t6c x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:37 UTC	2990	IN	Data Raw: 2e 65 75 6c 61 2d 72 65 61 64 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 73 65 63 74 69 6f 6e 2d 62 67 2d 67 72 61 79 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 35 65 6d 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 76 61 72 28 2d 2d 74 68 65 6d 65 2d 70 61 67 65 2d 66 67 2d 72 67 62 29 2c 2e 37 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 61 75 74 6f 3b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 31 2e 35 65 6d 7d 2e 65 75 6c 61 2d 72 65 61 64 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 2e 65 75 6c 61 2d 72 65 61 64 65 72 20 6c 69 2c 2e 65 75 6c 61 2d 72 65 Data Ascii: .eula-reader{background-color:var(--theme-section-bg-gray);border-radius:.5em;color:rgba(var(--theme-page-fg-rgb),.7);font-size:14px;overflow:auto;overflow-x:hidden;overflow-y:auto;padding:1.5em}.eula-reader strong{font-weight:600}.eula-reader li,.eula-re

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:37 UTC	671	OUT	GET /shared/edgeweb/_nuxt/EmbedSearchAdvanced.NDR-lOFq.css HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:37 UTC	715	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:37 GMT Content-Type: text/css; charset=UTF-8 Content-Length: 6882 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"1ae2-193046c70ff" Last-Modified: Thu, 07 Nov 2024 02:20:35 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082337Z-156796c549b888bzhC1EWR3ywc0000000k70000000000r2s x-fd-int-roxy-purgeid: 3 X-Cache: TCP_MISS Accept-Ranges: bytes
2025-01-08 08:23:37 UTC	6882	IN	Data Raw: 2e 65 6d 62 65 64 2d 73 65 61 72 63 68 2d 61 64 76 61 6e 63 65 64 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 73 74 72 65 74 63 68 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 68 65 6d 65 2d 70 61 67 65 2d 66 67 29 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 63 6c 61 6d 70 28 31 37 70 78 2c 31 2e 33 31 36 76 77 2c 32 30 70 78 29 3b 68 65 69 67 68 74 3a 32 2e 37 35 65 6d 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 74 72 65 74 63 68 3b 6d 61 78 2d 77 69 64 74 68 3a 34 35 65 6d 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 65 6d 62 65 64 2d 73 65 61 72 63 68 2d 61 64 76 61 6e 63 65 64 2d 2d 61 6c 69 67 6e 2d 63 65 6e 74 65 72 2c 2e 65 6d 62 65 64 2d 73 65 61 72 63 68 2d 61 64 76 61 Data Ascii: .embed-search-advanced{align-items:stretch;color:var(--theme-page-fg);display:flex;font-size:clamp(17px,1.316vw,20px);height:2.75em;justify-content:stretch;max-width:45em;position:relative;width:100%}.embed-search-advanced--align-center,.embed-search-adva

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Swift-TT680169 Report.svg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\456a65af-b67b-4c2c-ac97-2237b40b36d2.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4618633e-6206-4f21-8ca5-985d3349a156.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\503b9450-d4c1-41c6-bf70-33e274865824.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8cae7e4a-cd11-42f8-a136-792aedcd9196.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\92a7e0e0-725d-41ba-8e4b-ba20feb908c4.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\da9c56a0-feae-4594-8dde-6317ba814422.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677E35F4-199C.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-677E35F5-1B58.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\191b798f-614c-4100-bc22-6ae096d67c3b.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\250b2eb9-e6c4-4ed6-abb3-6cec51712c82.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3b681f08-137c-4def-b6a6-9194ac0e236f.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7ea50d75-7a22-4fed-b15b-a8a3ed0db494.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\969ef837-753c-4f2b-b598-4c27770e8a59.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\98d42fc7-b301-4f45-9969-d3ee01f376cf.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Windows Analysis Report
Swift-TT680169 Report.svg

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:23:37 UTC	636	OUT	GET /shared/edgeweb/_nuxt/BiJd105E.js HTTP/1.1 Host: edgecdn-embza6g8cacagcbn.z01.azurefd.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.microsoft.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://www.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:23:37 UTC	752	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 08:23:37 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 576355 Connection: close Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable ETag: W/"8cb63-193eab500e9" Last-Modified: Sat, 21 Dec 2024 19:32:31 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Origin-Agent-Cluster: ?1 X-Content-Type-Options: nosniff X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-XSS-Protection: 0 x-azure-ref: 20250108T082337Z-156796c549btx6v5hC1EWRq6c800000014ag000000000309 x-fd-int-roxy-purgeid: 3 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-08 08:23:37 UTC	15632	IN	Data Raw: 63 6f 6e 73 74 20 5f 5f 76 69 74 65 5f 5f 6d 61 70 44 65 70 73 3d 28 69 2c 6d 3d 5f 5f 76 69 74 65 5f 5f 6d 61 70 44 65 70 73 2c 64 3d 28 6d 2e 66 7c 7c 28 6d 2e 66 3d 5b 22 2e 2f 50 78 54 72 61 6e 73 69 74 69 6f 6e 45 78 70 61 6e 64 2e 44 67 52 69 73 49 78 6f 2e 63 73 73 22 2c 22 2e 2f 41 63 74 69 6f 6e 4c 69 73 74 2e 44 69 6f 6a 6c 48 65 65 2e 63 73 73 22 2c 22 2e 2f 42 61 6e 6e 65 72 44 65 66 61 75 6c 74 2e 42 57 51 49 66 66 64 47 2e 63 73 73 22 2c 22 2e 2f 43 6f 6d 6d 6f 6e 42 75 74 74 6f 6e 56 31 2e 42 68 6a 66 2d 6b 73 47 2e 63 73 73 22 2c 22 2e 2f 43 6f 6d 6d 6f 6e 49 6e 6c 69 6e 65 49 63 6f 6e 2e 76 38 4f 4b 51 74 34 32 2e 63 73 73 22 2c 22 2e 2f 43 6f 6d 6d 6f 6e 42 75 74 74 6f 6e 2e 44 64 75 4f 52 6b 4f 51 2e 63 73 73 22 2c 22 2e 2f 43 6f 6d 6d Data Ascii: const __vite__mapDeps=(i,m=__vite__mapDeps,d=(m.f\|\|(m.f=["./PxTransitionExpand.DgRisIxo.css","./ActionList.DiojlHee.css","./BannerDefault.BWQIffdG.css","./CommonButtonV1.Bhjf-ksG.css","./CommonInlineIcon.v8OKQt42.css","./CommonButton.DduORkOQ.css","./Comm
2025-01-08 08:23:37 UTC	16384	IN	Data Raw: 74 2c 6e 2c 72 2c 6c 74 28 74 29 3f 74 3a 69 29 3b 72 65 74 75 72 6e 20 74 3d 3d 3d 78 65 28 69 29 26 26 28 6f 3f 7a 72 28 72 2c 73 29 26 26 62 72 28 74 2c 22 73 65 74 22 2c 6e 2c 72 29 3a 62 72 28 74 2c 22 61 64 64 22 2c 6e 2c 72 29 29 2c 61 7d 64 65 6c 65 74 65 50 72 6f 70 65 72 74 79 28 74 2c 6e 29 7b 63 6f 6e 73 74 20 72 3d 4e 65 28 74 2c 6e 29 3b 74 5b 6e 5d 3b 63 6f 6e 73 74 20 69 3d 52 65 66 6c 65 63 74 2e 64 65 6c 65 74 65 50 72 6f 70 65 72 74 79 28 74 2c 6e 29 3b 72 65 74 75 72 6e 20 69 26 26 72 26 26 62 72 28 74 2c 22 64 65 6c 65 74 65 22 2c 6e 2c 76 6f 69 64 20 30 29 2c 69 7d 68 61 73 28 74 2c 6e 29 7b 63 6f 6e 73 74 20 72 3d 52 65 66 6c 65 63 74 2e 68 61 73 28 74 2c 6e 29 3b 72 65 74 75 72 6e 28 21 56 6e 28 6e 29 7c 7c 21 50 67 2e 68 61 73 28 Data Ascii: t,n,r,lt(t)?t:i);return t===xe(i)&&(o?zr(r,s)&&br(t,"set",n,r):br(t,"add",n,r)),a}deleteProperty(t,n){const r=Ne(t,n);t[n];const i=Reflect.deleteProperty(t,n);return i&&r&&br(t,"delete",n,void 0),i}has(t,n){const r=Reflect.has(t,n);return(!Vn(n)\|\|!Pg.has(
2025-01-08 08:23:37 UTC	16384	IN	Data Raw: 61 6d 65 3a 65 2e 6e 61 6d 65 7d 2c 74 2c 7b 73 65 74 75 70 3a 65 7d 29 3a 65 7d 66 75 6e 63 74 69 6f 6e 20 78 66 28 65 29 7b 65 2e 69 64 73 3d 5b 65 2e 69 64 73 5b 30 5d 2b 65 2e 69 64 73 5b 32 5d 2b 2b 2b 22 2d 22 2c 30 2c 30 5d 7d 66 75 6e 63 74 69 6f 6e 20 49 6f 28 65 2c 74 2c 6e 2c 72 2c 69 3d 21 31 29 7b 69 66 28 63 65 28 65 29 29 7b 65 2e 66 6f 72 45 61 63 68 28 28 5f 2c 6d 29 3d 3e 49 6f 28 5f 2c 74 26 26 28 63 65 28 74 29 3f 74 5b 6d 5d 3a 74 29 2c 6e 2c 72 2c 69 29 29 3b 72 65 74 75 72 6e 7d 69 66 28 57 72 28 72 29 26 26 21 69 29 7b 72 2e 73 68 61 70 65 46 6c 61 67 26 35 31 32 26 26 72 2e 74 79 70 65 2e 5f 5f 61 73 79 6e 63 52 65 73 6f 6c 76 65 64 26 26 72 2e 63 6f 6d 70 6f 6e 65 6e 74 2e 73 75 62 54 72 65 65 2e 63 6f 6d 70 6f 6e 65 6e 74 26 26 Data Ascii: ame:e.name},t,{setup:e}):e}function xf(e){e.ids=[e.ids[0]+e.ids[2]+++"-",0,0]}function Io(e,t,n,r,i=!1){if(ce(e)){e.forEach((_,m)=>Io(_,t&&(ce(t)?t[m]:t),n,r,i));return}if(Wr(r)&&!i){r.shapeFlag&512&&r.type.__asyncResolved&&r.component.subTree.component&&
2025-01-08 08:23:37 UTC	16384	IN	Data Raw: 7b 69 66 28 21 65 29 72 65 74 75 72 6e 20 74 3b 69 66 28 21 74 29 72 65 74 75 72 6e 20 65 3b 63 6f 6e 73 74 20 6e 3d 68 74 28 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 2c 65 29 3b 66 6f 72 28 63 6f 6e 73 74 20 72 20 69 6e 20 74 29 6e 5b 72 5d 3d 46 74 28 65 5b 72 5d 2c 74 5b 72 5d 29 3b 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 6f 5f 28 29 7b 72 65 74 75 72 6e 7b 61 70 70 3a 6e 75 6c 6c 2c 63 6f 6e 66 69 67 3a 7b 69 73 4e 61 74 69 76 65 54 61 67 3a 68 76 2c 70 65 72 66 6f 72 6d 61 6e 63 65 3a 21 31 2c 67 6c 6f 62 61 6c 50 72 6f 70 65 72 74 69 65 73 3a 7b 7d 2c 6f 70 74 69 6f 6e 4d 65 72 67 65 53 74 72 61 74 65 67 69 65 73 3a 7b 7d 2c 65 72 72 6f 72 48 61 6e 64 6c 65 72 3a 76 6f 69 64 20 30 2c 77 61 72 6e 48 61 6e 64 6c 65 72 3a Data Ascii: {if(!e)return t;if(!t)return e;const n=ht(Object.create(null),e);for(const r in t)n[r]=Ft(e[r],t[r]);return n}function o_(){return{app:null,config:{isNativeTag:hv,performance:!1,globalProperties:{},optionMergeStrategies:{},errorHandler:void 0,warnHandler:
2025-01-08 08:23:37 UTC	16384	IN	Data Raw: 69 3c 6e 2e 6c 65 6e 67 74 68 26 26 72 3b 69 2b 2b 29 72 3d 72 5b 6e 5b 69 5d 5d 3b 72 65 74 75 72 6e 20 72 7d 7d 63 6f 6e 73 74 20 7a 45 3d 28 65 2c 74 29 3d 3e 74 3d 3d 3d 22 6d 6f 64 65 6c 56 61 6c 75 65 22 7c 7c 74 3d 3d 3d 22 6d 6f 64 65 6c 2d 76 61 6c 75 65 22 3f 65 2e 6d 6f 64 65 6c 4d 6f 64 69 66 69 65 72 73 3a 65 5b 60 24 7b 74 7d 4d 6f 64 69 66 69 65 72 73 60 5d 7c 7c 65 5b 60 24 7b 6b 6e 28 74 29 7d 4d 6f 64 69 66 69 65 72 73 60 5d 7c 7c 65 5b 60 24 7b 73 69 28 74 29 7d 4d 6f 64 69 66 69 65 72 73 60 5d 3b 66 75 6e 63 74 69 6f 6e 20 57 45 28 65 2c 74 2c 2e 2e 2e 6e 29 7b 69 66 28 65 2e 69 73 55 6e 6d 6f 75 6e 74 65 64 29 72 65 74 75 72 6e 3b 63 6f 6e 73 74 20 72 3d 65 2e 76 6e 6f 64 65 2e 70 72 6f 70 73 7c 7c 6a 65 3b 6c 65 74 20 69 3d 6e 3b 63 Data Ascii: i<n.length&&r;i++)r=r[n[i]];return r}}const zE=(e,t)=>t==="modelValue"\|\|t==="model-value"?e.modelModifiers:e[`${t}Modifiers`]\|\|e[`${kn(t)}Modifiers`]\|\|e[`${si(t)}Modifiers`];function WE(e,t,...n){if(e.isUnmounted)return;const r=e.vnode.props\|\|je;let i=n;c
2025-01-08 08:23:37 UTC	16384	IN	Data Raw: 3a 54 2c 6f 6e 45 6e 74 65 72 43 61 6e 63 65 6c 6c 65 64 3a 70 2c 6f 6e 4c 65 61 76 65 3a 67 2c 6f 6e 4c 65 61 76 65 43 61 6e 63 65 6c 6c 65 64 3a 62 2c 6f 6e 42 65 66 6f 72 65 41 70 70 65 61 72 3a 77 3d 76 2c 6f 6e 41 70 70 65 61 72 3a 6b 3d 54 2c 6f 6e 41 70 70 65 61 72 43 61 6e 63 65 6c 6c 65 64 3a 4f 3d 70 7d 3d 74 2c 45 3d 28 4c 2c 46 2c 71 2c 74 65 29 3d 3e 7b 4c 2e 5f 65 6e 74 65 72 43 61 6e 63 65 6c 6c 65 64 3d 74 65 2c 49 72 28 4c 2c 46 3f 75 3a 61 29 2c 49 72 28 4c 2c 46 3f 63 3a 6f 29 2c 71 26 26 71 28 29 7d 2c 50 3d 28 4c 2c 46 29 3d 3e 7b 4c 2e 5f 69 73 4c 65 61 76 69 6e 67 3d 21 31 2c 49 72 28 4c 2c 66 29 2c 49 72 28 4c 2c 68 29 2c 49 72 28 4c 2c 64 29 2c 46 26 26 46 28 29 7d 2c 78 3d 4c 3d 3e 28 46 2c 71 29 3d 3e 7b 63 6f 6e 73 74 20 74 65 Data Ascii: :T,onEnterCancelled:p,onLeave:g,onLeaveCancelled:b,onBeforeAppear:w=v,onAppear:k=T,onAppearCancelled:O=p}=t,E=(L,F,q,te)=>{L._enterCancelled=te,Ir(L,F?u:a),Ir(L,F?c:o),q&&q()},P=(L,F)=>{L._isLeaving=!1,Ir(L,f),Ir(L,h),Ir(L,d),F&&F()},x=L=>(F,q)=>{const te
2025-01-08 08:23:37 UTC	16384	IN	Data Raw: 2e 73 74 61 72 74 73 57 69 74 68 28 22 2f 22 29 7d 66 75 6e 63 74 69 6f 6e 20 46 68 28 65 3d 22 22 29 7b 72 65 74 75 72 6e 20 5f 54 28 65 29 3f 65 3a 22 2f 22 2b 65 7d 66 75 6e 63 74 69 6f 6e 20 62 54 28 65 2c 74 29 7b 69 66 28 71 5f 28 74 29 7c 7c 61 72 28 65 29 29 72 65 74 75 72 6e 20 65 3b 63 6f 6e 73 74 20 6e 3d 7a 6c 28 74 29 3b 72 65 74 75 72 6e 20 65 2e 73 74 61 72 74 73 57 69 74 68 28 6e 29 3f 65 3a 7a 73 28 6e 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 42 68 28 65 2c 74 29 7b 69 66 28 71 5f 28 74 29 29 72 65 74 75 72 6e 20 65 3b 63 6f 6e 73 74 20 6e 3d 7a 6c 28 74 29 3b 69 66 28 21 65 2e 73 74 61 72 74 73 57 69 74 68 28 6e 29 29 72 65 74 75 72 6e 20 65 3b 63 6f 6e 73 74 20 72 3d 65 2e 73 6c 69 63 65 28 6e 2e 6c 65 6e 67 74 68 29 3b 72 65 74 75 72 6e Data Ascii: .startsWith("/")}function Fh(e=""){return _T(e)?e:"/"+e}function bT(e,t){if(q_(t)\|\|ar(e))return e;const n=zl(t);return e.startsWith(n)?e:zs(n,e)}function Bh(e,t){if(q_(t))return e;const n=zl(t);if(!e.startsWith(n))return e;const r=e.slice(n.length);return
2025-01-08 08:23:37 UTC	16384	IN	Data Raw: 3d 3d 6e 75 6c 6c 29 7b 63 6f 6e 73 74 20 61 3d 72 2e 6d 61 78 41 67 65 2d 30 3b 69 66 28 4e 75 6d 62 65 72 2e 69 73 4e 61 4e 28 61 29 7c 7c 21 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 6f 70 74 69 6f 6e 20 6d 61 78 41 67 65 20 69 73 20 69 6e 76 61 6c 69 64 22 29 3b 6f 2b 3d 22 3b 20 4d 61 78 2d 41 67 65 3d 22 2b 4d 61 74 68 2e 66 6c 6f 6f 72 28 61 29 7d 69 66 28 72 2e 64 6f 6d 61 69 6e 29 7b 69 66 28 21 54 61 2e 74 65 73 74 28 72 2e 64 6f 6d 61 69 6e 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 6f 70 74 69 6f 6e 20 64 6f 6d 61 69 6e 20 69 73 20 69 6e 76 61 6c 69 64 22 29 3b 6f 2b 3d 22 3b 20 44 6f 6d 61 69 6e 3d 22 2b 72 2e 64 6f 6d 61 69 6e 7d 69 66 28 Data Ascii: ==null){const a=r.maxAge-0;if(Number.isNaN(a)\|\|!Number.isFinite(a))throw new TypeError("option maxAge is invalid");o+="; Max-Age="+Math.floor(a)}if(r.domain){if(!Ta.test(r.domain))throw new TypeError("option domain is invalid");o+="; Domain="+r.domain}if(
2025-01-08 08:23:37 UTC	16384	IN	Data Raw: 65 77 20 52 65 67 45 78 70 28 61 5b 31 5d 2c 61 5b 32 5d 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 4f 62 6a 65 63 74 22 3a 72 5b 73 5d 3d 4f 62 6a 65 63 74 28 61 5b 31 5d 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 42 69 67 49 6e 74 22 3a 72 5b 73 5d 3d 42 69 67 49 6e 74 28 61 5b 31 5d 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 6e 75 6c 6c 22 3a 63 6f 6e 73 74 20 64 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 3b 72 5b 73 5d 3d 64 3b 66 6f 72 28 6c 65 74 20 68 3d 31 3b 68 3c 61 2e 6c 65 6e 67 74 68 3b 68 2b 3d 32 29 64 5b 61 5b 68 5d 5d 3d 69 28 61 5b 68 2b 31 5d 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 49 6e 74 38 41 72 72 61 79 22 3a 63 61 73 65 22 55 69 6e 74 38 41 72 72 61 79 22 3a 63 61 73 65 22 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 22 Data Ascii: ew RegExp(a[1],a[2]);break;case"Object":r[s]=Object(a[1]);break;case"BigInt":r[s]=BigInt(a[1]);break;case"null":const d=Object.create(null);r[s]=d;for(let h=1;h<a.length;h+=2)d[a[h]]=i(a[h+1]);break;case"Int8Array":case"Uint8Array":case"Uint8ClampedArray"
2025-01-08 08:23:37 UTC	16384	IN	Data Raw: 65 6f 66 20 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 65 28 29 3a 41 65 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 78 75 28 65 29 7b 69 66 28 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 50 72 6f 6d 69 73 65 7c 7c 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 44 61 74 65 7c 7c 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 72 65 74 75 72 6e 20 65 3b 63 6f 6e 73 74 20 74 3d 24 6b 28 65 29 3b 69 66 28 21 65 7c 7c 21 74 29 72 65 74 75 72 6e 20 74 3b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 74 29 29 72 65 74 75 72 6e 20 74 2e 6d 61 70 28 6e 3d 3e 78 75 28 6e 29 29 3b 69 66 28 74 79 70 65 6f 66 20 74 3d 3d 22 6f 62 6a 65 63 74 22 29 7b 63 6f 6e 73 74 20 6e 3d 7b 7d 3b 66 6f 72 28 63 6f 6e 73 74 20 72 20 69 6e 20 74 29 69 66 28 4f 62 6a 65 63 74 2e 70 72 Data Ascii: eof e=="function"?e():Ae(e)}function xu(e){if(e instanceof Promise\|\|e instanceof Date\|\|e instanceof RegExp)return e;const t=$k(e);if(!e\|\|!t)return t;if(Array.isArray(t))return t.map(n=>xu(n));if(typeof t=="object"){const n={};for(const r in t)if(Object.pr

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:25:20 UTC	442	OUT	OPTIONS /api/report?cat=bingbusiness HTTP/1.1 Host: bzib.nelreports.net Connection: keep-alive Origin: https://business.bing.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:25:21 UTC	334	IN	HTTP/1.1 200 OK Content-Length: 0 Server: Kestrel Date: Wed, 08 Jan 2025 08:25:21 GMT Connection: close PMUSER_FORMAT_QS: X-CDN-TraceId: 0.84112317.1736324721.58ea854c Access-Control-Allow-Headers: * Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Timestamp	Bytes transferred	Direction	Data
2025-01-08 08:25:21 UTC	382	OUT	POST /api/report?cat=bingbusiness HTTP/1.1 Host: bzib.nelreports.net Connection: keep-alive Content-Length: 475 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2025-01-08 08:25:21 UTC	475	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 32 30 30 30 39 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 39 33 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 33 2e 31 30 37 2e 36 2e 31 35 38 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 31 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 75 73 69 6e 65 73 73 2e 62 69 6e Data Ascii: [{"age":120009,"body":{"elapsed_time":932,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"13.107.6.158","status_code":401,"type":"http.error"},"type":"network-error","url":"https://business.bin
2025-01-08 08:25:21 UTC	334	IN	HTTP/1.1 200 OK Content-Length: 0 Server: Kestrel Date: Wed, 08 Jan 2025 08:25:21 GMT Connection: close PMUSER_FORMAT_QS: X-CDN-TraceId: 0.84112317.1736324721.58ea8aad Access-Control-Allow-Headers: * Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Target ID:	0
Start time:	03:23:16
Start date:	08/01/2025
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\user\Desktop\Swift-TT680169 Report.svg
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	2
Start time:	03:23:17
Start date:	08/01/2025
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1836,i,3561918255255189208,8950633871389057760,262144 /prefetch:3
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	7
Start time:	03:23:19
Start date:	08/01/2025
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4828 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	16
Start time:	03:23:32
Start date:	08/01/2025
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=3916 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	17
Start time:	03:23:33
Start date:	08/01/2025
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-GB --service-sandbox-type=service --mojo-platform-channel-handle=7512 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	18
Start time:	03:23:39
Start date:	08/01/2025
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff71a950000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	21
Start time:	03:24:17
Start date:	08/01/2025
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6772 --field-trial-handle=1880,i,18180391344318493874,217414584403000464,262144 /prefetch:8
Imagebase:	0x7ff6487a0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false