Windows Analysis Report
xRzIkuwCyozY.exe

Machine Learning detection for sample

Source: Yara match	File source: xRzIkuwCyozY.exe, type: SAMPLE
Source: Yara match	File source: 0.0.xRzIkuwCyozY.exe.630000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1622453853.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2088998163.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xRzIkuwCyozY.exe PID: 2892, type: MEMORYSTR

Source: xRzIkuwCyozY.exe

Joe Sandbox ML: detected

Source: xRzIkuwCyozY.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

C2 URLs / IPs found in malware configuration

Source: unknown	HTTPS traffic detected: 23.54.42.93:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.42.93:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: xRzIkuwCyozY.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Source: Malware configuration extractor

URLs: berlyn777.con-ip.com

Source: global traffic

TCP traffic: 192.168.2.4:49735 -> 45.141.215.185:7777

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: SPECTRAIPSpectraIPBVNL SPECTRAIPSpectraIPBVNL

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.42.93
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.186.0
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.186.0
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.186.0
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.186.0
Source: unknown	TCP traffic detected without corresponding DNS query: 208.111.186.0
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86

Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yAV88TB9dHccag3&MD=LRADRguV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yAV88TB9dHccag3&MD=LRADRguV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: berlyn777.con-ip.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com

Source: xRzIkuwCyozY.exe, 00000000.00000002.2087210406.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.
Source: xRzIkuwCyozY.exe, 00000000.00000002.2087210406.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.LinkId=42127
Source: chromecache_52.4.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_57.4.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_57.4.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_52.4.dr, chromecache_57.4.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_57.4.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_57.4.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_57.4.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_57.4.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_52.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_52.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_52.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_52.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_52.4.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_57.4.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_57.4.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_57.4.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_57.4.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_57.4.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_52.4.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_52.4.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_52.4.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756

Source: unknown	HTTPS traffic detected: 23.54.42.93:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.54.42.93:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49754 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: xRzIkuwCyozY.exe, Keylogger.cs

.Net Code: VKCodeToUnicode

E-Banking Fraud

Source: Yara match	File source: xRzIkuwCyozY.exe, type: SAMPLE
Source: Yara match	File source: 0.0.xRzIkuwCyozY.exe.630000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1622453853.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2088998163.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xRzIkuwCyozY.exe PID: 2892, type: MEMORYSTR

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Code function: 0_2_04DE15C0

0_2_04DE15C0

Source: xRzIkuwCyozY.exe, 00000000.00000002.2087210406.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemscorwks.dllT vs xRzIkuwCyozY.exe
Source: xRzIkuwCyozY.exe, 00000000.00000000.1622466786.0000000000638000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameClient7777.exe4 vs xRzIkuwCyozY.exe
Source: xRzIkuwCyozY.exe	Binary or memory string: OriginalFilenameClient7777.exe4 vs xRzIkuwCyozY.exe

Source: xRzIkuwCyozY.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@32/15@7/5

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Code function: 0_2_04E7339E AdjustTokenPrivileges,		0_2_04E7339E
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Code function: 0_2_04E73367 AdjustTokenPrivileges,		0_2_04E73367

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\xRzIkuwCyozY.exe.log

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9132:120:WilError_03
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Mutant created: \Sessions\1\BaseNamedObjects\03f62b4542954

Source: xRzIkuwCyozY.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: xRzIkuwCyozY.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: xRzIkuwCyozY.exe

ReversingLabs: Detection: 92%

Source: unknown	Process created: C:\Users\user\Desktop\xRzIkuwCyozY.exe "C:\Users\user\Desktop\xRzIkuwCyozY.exe"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2036,i,3006558031417863421,7263643072710997579,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=2036,i,5724583149837707848,3027707607016890056,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xRzIkuwCyozY.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xRzIkuwCyozY.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2036,i,3006558031417863421,7263643072710997579,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=2036,i,5724583149837707848,3027707607016890056,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Source: xRzIkuwCyozY.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

.NET source code contains potential unpacker

Source: xRzIkuwCyozY.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Source: xRzIkuwCyozY.exe, Program.cs

.Net Code: Plugin System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Code function: 0_2_00F304B7 push cs; retf

0_2_00F304B8

Hooking and other Techniques for Hiding and Protection

Self deletion via cmd or bat file

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process created: cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xRzIkuwCyozY.exe"
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process created: cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xRzIkuwCyozY.exe"			Jump to behavior

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Memory allocated: FD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Memory allocated: 2CD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe	Memory allocated: FD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Window / User API: threadDelayed 1841

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe TID: 2044

Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Thread delayed: delay time: 922337203685477

Source: xRzIkuwCyozY.exe, 00000000.00000002.2087210406.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllontextBindingCollectionElement, System.WorkflowServices, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
Source: xRzIkuwCyozY.exe, 00000000.00000002.2087210406.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Memory allocated: page read and write | page guard

.NET source code references suspicious native API functions

HIPS / PFW / Operating System Protection Evasion

Source: xRzIkuwCyozY.exe, Program.cs	Reference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, cbName, ref lpszVer, 100)
Source: xRzIkuwCyozY.exe, Keylogger.cs	Reference to suspicious API methods: MapVirtualKey(a, 0u)
Source: xRzIkuwCyozY.exe, Keylogger.cs	Reference to suspicious API methods: GetAsyncKeyState(num2)

Source: xRzIkuwCyozY.exe, 00000000.00000002.2088998163.0000000002D60000.00000004.00000800.00020000.00000000.sdmp, xRzIkuwCyozY.exe, 00000000.00000002.2088998163.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: xRzIkuwCyozY.exe, 00000000.00000002.2088998163.0000000002D60000.00000004.00000800.00020000.00000000.sdmp, xRzIkuwCyozY.exe, 00000000.00000002.2088998163.0000000002D7C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@9

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\xRzIkuwCyozY.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

Source: Yara match	File source: xRzIkuwCyozY.exe, type: SAMPLE
Source: Yara match	File source: 0.0.xRzIkuwCyozY.exe.630000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1622453853.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2088998163.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xRzIkuwCyozY.exe PID: 2892, type: MEMORYSTR

Remote Access Functionality

Source: Yara match	File source: xRzIkuwCyozY.exe, type: SAMPLE
Source: Yara match	File source: 0.0.xRzIkuwCyozY.exe.630000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1622453853.0000000000632000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2088998163.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xRzIkuwCyozY.exe PID: 2892, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	1 Input Capture	1 Security Software Discovery	Remote Services	1 Input Capture	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	2 Process Injection	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Process Injection	LSA Secrets	12 System Information Discovery	SSH	Keylogging	13 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 File Deletion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
xRzIkuwCyozY.exe	92%	ReversingLabs	ByteCode-MSIL.Backdoor.Bladabhindi
xRzIkuwCyozY.exe	100%	Avira	TR/Dropper.Gen7
xRzIkuwCyozY.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://www.broofa.com	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/lcreport/	0%	URL Reputation	safe
http://go.microsoft.	0%	URL Reputation	safe
http://go.microsoft.LinkId=42127	0%	Avira URL Cloud	safe
berlyn777.con-ip.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
berlyn777.con-ip.com	45.141.215.185	true	true	unknown
google.com	172.217.2.46	true	false	high
plus.l.google.com	142.250.190.110	true	false	high
www.google.com	142.250.190.68	true	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/async/ddljson?async=ntp:2	false		high
berlyn777.con-ip.com	true	Avira URL Cloud: safe	unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0	false		high
https://www.google.com/async/newtab_promos	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://play.google.com/log?format=json&hasfast=true	chromecache_52.4.dr	false		high
http://www.broofa.com	chromecache_52.4.dr	false	URL Reputation: safe	unknown
https://csp.withgoogle.com/csp/lcreport/	chromecache_57.4.dr	false	URL Reputation: safe	unknown
http://go.microsoft.	xRzIkuwCyozY.exe, 00000000.00000002.2087210406.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://apis.google.com	chromecache_52.4.dr, chromecache_57.4.dr	false		high
http://go.microsoft.LinkId=42127	xRzIkuwCyozY.exe, 00000000.00000002.2087210406.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chromecache_57.4.dr	false		high
https://domains.google.com/suggest/flow	chromecache_57.4.dr	false		high
https://clients6.google.com	chromecache_57.4.dr	false		high
https://plus.google.com	chromecache_57.4.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.190.110	plus.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.190.68	www.google.com	United States	15169	GOOGLEUS	false
45.141.215.185	berlyn777.con-ip.com	Netherlands	62068	SPECTRAIPSpectraIPBVNL	true

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1433735
Start date and time:	2024-04-30 00:20:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	xRzIkuwCyozY.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@32/15@7/5
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 92 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.190.67, 142.250.191.238, 142.250.111.84, 34.104.35.123, 23.46.30.28, 192.229.211.108, 142.250.190.131, 142.250.190.78
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: xRzIkuwCyozY.exe

Simulations

Behavior and APIs

Time	Type	Description
00:21:38	API Interceptor	2x Sleep call for process: xRzIkuwCyozY.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://www.bellmarine.e-skafos.gr/bill/membership/login/login	Get hash	malicious	HTMLPhisher	Browse
	https://warsecure5575777876432dfytuvbkjbjfrttdryujk55657yjnnf5.pages.dev/	Get hash	malicious	TechSupportScam	Browse
	https://www.samriddhiayurveda.in/wp-content/plugins/share-private-files/shared/?k79354279p16675037m93398000i07/casesu24543041e9360&court=public&846172383075=files&h150867u91=4525117515&num=kq&dmc=integralads.com&3554322h4&cmp=bbklaw&4855038k6	Get hash	malicious	Unknown	Browse
	https://malsecranx84os64bitcoresecwinxprofiles.azureedge.net/programfilesx86windows/contact.html	Get hash	malicious	TechSupportScam	Browse
	https://apppmt12k.z13.web.core.windows.net/Win0security-helpline07/index.html?ph0n=1-866-993-7810	Get hash	malicious	TechSupportScam	Browse
	Cybg 401(k) Retirement Plans Enrollment.shtml	Get hash	malicious	Unknown	Browse
	https://www.canva.com/design/DAGDzGCYOzE/nxjCQqdQHTYldCQfCk20KQ/view?utm_content=DAGDzGCYOzE&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse
	IDM Trial Reset.exe	Get hash	malicious	Unknown	Browse
	https://2ly.link/1xlBI	Get hash	malicious	Unknown	Browse
	https://upsmychoicedeals.com	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
google.com	https://www.bellmarine.e-skafos.gr/bill/membership/login/login	Get hash	malicious	HTMLPhisher	Browse	142.250.191.132
	https://warsecure5575777876432dfytuvbkjbjfrttdryujk55657yjnnf5.pages.dev/	Get hash	malicious	TechSupportScam	Browse	142.250.191.100
	https://www.samriddhiayurveda.in/wp-content/plugins/share-private-files/shared/?k79354279p16675037m93398000i07/casesu24543041e9360&court=public&846172383075=files&h150867u91=4525117515&num=kq&dmc=integralads.com&3554322h4&cmp=bbklaw&4855038k6	Get hash	malicious	Unknown	Browse	142.250.191.196
	https://malsecranx84os64bitcoresecwinxprofiles.azureedge.net/programfilesx86windows/contact.html	Get hash	malicious	TechSupportScam	Browse	172.217.4.196
	https://apppmt12k.z13.web.core.windows.net/Win0security-helpline07/index.html?ph0n=1-866-993-7810	Get hash	malicious	TechSupportScam	Browse	142.250.190.132
	Cybg 401(k) Retirement Plans Enrollment.shtml	Get hash	malicious	Unknown	Browse	142.250.190.68
	https://www.canva.com/design/DAGDzGCYOzE/nxjCQqdQHTYldCQfCk20KQ/view?utm_content=DAGDzGCYOzE&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	142.250.191.164
	IDM Trial Reset.exe	Get hash	malicious	Unknown	Browse	142.250.190.4
	https://upsmychoicedeals.com	Get hash	malicious	Unknown	Browse	172.217.2.36

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SPECTRAIPSpectraIPBVNL	SgtB2WW8ys.elf	Get hash	malicious	Mirai	Browse	185.244.36.117
	VOlsbvDoA0.elf	Get hash	malicious	Mirai	Browse	185.244.36.168
	bSfl.exe	Get hash	malicious	XWorm	Browse	45.138.16.125
	bSfm.exe	Get hash	malicious	XWorm	Browse	45.138.16.125
	http://185.224.128.43	Get hash	malicious	Unknown	Browse	185.224.128.43
	XmTn4QC6Sk.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	45.138.16.166
	STyR3CTSnI.elf	Get hash	malicious	Mirai	Browse	45.140.188.133
	y74GaN6Ple.elf	Get hash	malicious	Mirai	Browse	45.140.188.133
	vSNDdQtqsQ.elf	Get hash	malicious	Mirai	Browse	45.140.188.133

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://www.bellmarine.e-skafos.gr/bill/membership/login/login	Get hash	malicious	HTMLPhisher	Browse	13.85.23.86 23.54.42.93 20.12.23.50
	https://warsecure5575777876432dfytuvbkjbjfrttdryujk55657yjnnf5.pages.dev/	Get hash	malicious	TechSupportScam	Browse	13.85.23.86 23.54.42.93 20.12.23.50
	https://www.samriddhiayurveda.in/wp-content/plugins/share-private-files/shared/?k79354279p16675037m93398000i07/casesu24543041e9360&court=public&846172383075=files&h150867u91=4525117515&num=kq&dmc=integralads.com&3554322h4&cmp=bbklaw&4855038k6	Get hash	malicious	Unknown	Browse	13.85.23.86 23.54.42.93 20.12.23.50
	https://malsecranx84os64bitcoresecwinxprofiles.azureedge.net/programfilesx86windows/contact.html	Get hash	malicious	TechSupportScam	Browse	13.85.23.86 23.54.42.93 20.12.23.50
	https://apppmt12k.z13.web.core.windows.net/Win0security-helpline07/index.html?ph0n=1-866-993-7810	Get hash	malicious	TechSupportScam	Browse	13.85.23.86 23.54.42.93 20.12.23.50
	Cybg 401(k) Retirement Plans Enrollment.shtml	Get hash	malicious	Unknown	Browse	13.85.23.86 23.54.42.93 20.12.23.50
	https://www.canva.com/design/DAGDzGCYOzE/nxjCQqdQHTYldCQfCk20KQ/view?utm_content=DAGDzGCYOzE&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	13.85.23.86 23.54.42.93 20.12.23.50
	https://2ly.link/1xlBI	Get hash	malicious	Unknown	Browse	13.85.23.86 23.54.42.93 20.12.23.50
	file.exe	Get hash	malicious	Vidar	Browse	13.85.23.86 23.54.42.93 20.12.23.50
	https://uaqtu.com	Get hash	malicious	Unknown	Browse	13.85.23.86 23.54.42.93 20.12.23.50

Process:	C:\Users\user\Desktop\xRzIkuwCyozY.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	907
Entropy (8bit):	5.243019596074263
Encrypted:	false
SSDEEP:	24:MLF2CpI329Iz52VMzffup26KTnKoO2+b2hHAa/:MwQd9IzoaXuY6Ux+SF/
MD5:	48A0572426885EBDE53CA62C7F2E194E
SHA1:	035628CDF6276367F6C83E9F4AA2172933850AA8
SHA-256:	4C68E10691304CAC8DA65A05CF2580728EC0E294104F267840712AF1C46A6538
SHA-512:	DEFE728C2312918D94BD43C98908C08CCCA5EBFB77F873779DCA784F14C607B33A4E29AC5ECB798F2F741668B7692F72BCB60DEFD536EA86B296B64FA359C42D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\53992d421e2c7ecf6609c62b3510a6f0\System.Configuration.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\74774597e319a738b792e6a6c06d3559\System.Xml.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1bd56c432cb9ff27e335d97f404caf8f\System.Management.ni.dll",0..

Chrome Cache Entry: 52

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1746)
Category:	downloaded
Size (bytes):	163891
Entropy (8bit):	5.55061820245277
Encrypted:	false
SSDEEP:	3072:S0eiNiuzs8v4HHKWY8s1BgP4IDQ9GURWu8zylA/u8PemUPhDlaY/ADiZ65LpK629:S0eMhzvwHHKWY8s1BgP4IDQ9GURWu8UD
MD5:	0282D5C4C6038FCEB2FF8607EDAC81A4
SHA1:	62EBF05C33F8A3115C208BB4D5CE9B38F6D06447
SHA-256:	AAAF17E8ED9C8DD5D1B69C8BBB617600A768256654C076F760E09C6047973371
SHA-512:	E21D25042E41527B62E80F9D9B82B85B915BA6D0698B2FFA5D8D59115F764770D1DE2108B72D82D57BFB7A8D4406FB53D091C1DC6D8BD03BED3BCA29CEFD0EAD
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.oT1FwJRCVC4.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvBynad-nWEy1xIb9j1w6LpLOF6IQ"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.nj=function(a,b,c){return c?a\|b:a&~b};_.oj=function(a,b,c,d){a=_.hb(a,b,c,d);return Array.isArray(a)?a:_.lc};_.pj=function(a,b){a=_.nj(a,2,!!(2&b));a=_.nj(a,32,!0);return a=_.nj(a,2048,!1)};_.qj=function(a,b){0===a&&(a=_.pj(a,b));return a=_.nj(a,1,!0)};_.rj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.sj=function(a,b,c){32&b&&c\|\|(a=_.nj(a,32,!1));return a};._.tj=function(a,b,c,d,e,f){var g=!!(2&b),h=g?1:2;const k=1===h;h=2===h;e=!!e;f&&(f=!g);g=_.oj(a,b,d);var l=g[_.v]\|0;const n=!!(4&l);if(!n){l=_.qj(l,b);var p=g,r=b,t;(t=!!(2&l))&&(r=_.nj(r,2,!0));let C=!t,X=!0,P=0,H=0;for(;P<p.length;P++){const O=_.Sa(p[P],c,r);if(O instanceof c){if(!t){const Fa=!!((O.ma[_.v]\|0)&2);C&&(C=!Fa);X&&(X=Fa)}p[H++]=O}}H<P&&(p.length=H);l=_.nj(l,4,!0);l=_.nj(l,16,X);l=_.nj(l,8,C);_.wa(p,l);t&&Object.freeze(p)}c=!!(8&l)\|\|k&&!g.length;if(f&&!c){_.rj(l)&&(g=_.va(g),l=_.pj(l,.b),b=_.gb(a,b,d,g));f=g;c=l;for(p=0;p<f.length;p++)l=f[p],r=_.eb(l),l

Chrome Cache Entry: 53

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 54

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	139804
Entropy (8bit):	5.440961717394583
Encrypted:	false
SSDEEP:	1536:yMRA4a9KJXjPInWWt/usD98kiHLnRA0zqevcZ1nhaV+trbbbhYxvdU:enKJou8TMyeQ0shCO
MD5:	1E7E776C3E362409183607B6751E26E6
SHA1:	CA2C1573A8EDE4BCDD0AB8F61AA2DCF8326C2164
SHA-256:	4F487BBD58A0EB619A31AEF607EDEAF1007F78265082083CBE77BA59F1F068B3
SHA-512:	A7181845C9F3C8F877F07CE4A1018C271FE5D49A405AAA95D3BCD8E793A88D8FFEB1523C97CD3F2881C9C47BFBA67A123D527737CCAEF489ED8890FBCBF58687
Malicious:	false
Reputation:	low
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ra gb_ib gb_Ud gb_od\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Id\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_sd gb_ld gb_yd gb_xd\"\u003e\u003cdiv class\u003d\"gb_rd gb_hd\"\u003e\u003cdiv class\u003d\"gb_Pc gb_r\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Pc gb_Sc gb_r\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 55

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3572), with no line terminators
Category:	downloaded
Size (bytes):	3572
Entropy (8bit):	5.150542995862274
Encrypted:	false
SSDEEP:	96:RJYrcoiktfqqMghOKTEzNx8BSIMw591g8IOl8u8i8DF+Ks:wkktfqqMghxlg8Ig8u78D2
MD5:	88BC8C86A83B9BD8EDA6FDF225CDC8DD
SHA1:	473D84930F027A365278C15282725A69721F4B18
SHA-256:	47D960E93D9E7AB4C760A09DA0AA5E6549A8355AD5C0BA8476D4269F4FBDB354
SHA-512:	3BC486D908160D297AD3028C27177A9C41A1D87EF29A456058265FAF74A1DA069D3B0578F05A79F866C2DB752D5E0E42D179158BD62251D4FDA601A7CBA7CC4D
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.T5bVtXo12IQ.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTssrVR1lBtzoy_MObv1DSp-vWG36A"
Preview:	.gb_3e{background:rgba(60,64,67,.9);-webkit-border-radius:4px;border-radius:4px;color:#fff;font:500 12px "Roboto",arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000;-webkit-font-smoothing:antialiased}.gb_Hc{text-align:left}.gb_Hc>*{color:#bdc1c6;line-height:16px}.gb_Hc div:first-child{color:white}.gb_qa{background:none;border:1px solid transparent;-webkit-border-radius:50%;border-radius:50%;-webkit-box-sizing:border-box;box-sizing:border-box;cursor:pointer;height:40px;margin:8px;outline:none;padding:1px;position:absolute;right:0;top:0;width:40px}.gb_qa:hover{background-color:rgba(68,71,70,.08)}.gb_qa:focus,.gb_qa:active{background-color:rgba(68,71,70,.12)}.gb_qa:focus-visible{border-color:#0b57d0;outline:1px solid transparent;outline-offset:-1px}.gb_i .gb_qa:hover,.gb_i .gb_qa:focus,.gb_i .gb_qa:active{background-color:rgba(227,227,227,.08)}.gb_i .gb_qa:focus-visible{border-color:#a8c7fa}.gb_ra{-webkit-box

Chrome Cache Entry: 56

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 57

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2124)
Category:	downloaded
Size (bytes):	121628
Entropy (8bit):	5.506662476672723
Encrypted:	false
SSDEEP:	3072:QI9yvwslCsrCF9f/U2Dj3Fkk7rEehA5L1kx:l9ygsrieDkVaL1kx
MD5:	F46ACD807A10216E6EEE8EA51E0F14D6
SHA1:	4702F47070F7046689432DCF605F11364BC0FBED
SHA-256:	D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086
SHA-512:	811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x20000, ]);.var ba,ca,da,na,pa,va,wa,za;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=da(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)re

Chrome Cache Entry: 58

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	19
Entropy (8bit):	3.6818808028034042
Encrypted:	false
SSDEEP:	3:VQRWN:VQRWN
MD5:	9FAE2B6737B98261777262B14B586F28
SHA1:	79C894898B2CED39335EB0003C18B27AA8C6DDCD
SHA-256:	F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
SHA-512:	29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
Malicious:	false
URL:	https://www.google.com/async/ddljson?async=ntp:2
Preview:	)]}'.{"ddljson":{}}

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	3.8093394779449836
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	xRzIkuwCyozY.exe
File size:	32'768 bytes
MD5:	3e07cea83322232968c52e0ad1f98c03
SHA1:	093c6a9df30012c36c5231b105816b8a614feba3
SHA256:	d65e2a63a3e7cd2675134d15ae271d3b4f4920cf166e9cdfff34b2cf7b07b449
SHA512:	43da0ab1a54d86bbdef78fb3c68d1cc035601f25476b7715bd8afa65f585e9ce7e22597e6da90ac4bc07e888761d456d88ada4c59b80fca60582f9ab9fea4716
SSDEEP:	384:h0bUe5XB4e0XfODHixBr/QuWTFtTUFQqzFKObbt:6T9Bu2zifrYd4bt
TLSH:	93E2F84A7BB94125C6BC1AFC8CB313214772E3478532EB6F5CDC98CA4F676D04251AE9
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}.0f.................P... ......~g... ........@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x40677e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6630197D [Mon Apr 29 22:04:45 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6724	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x4784	0x5000	85d016ead1cc89e5dfcf9fcf5a7fb92b	False	0.475341796875	data	5.301071218287796	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8000	0x2b0	0x1000	6e08229f48c666d8ac3e162f47953b7e	False	0.0771484375	data	0.6868909292385726	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x1000	6c4dd48bf3226f24c0a279b97a87449d	False	0.008544921875	data	0.013126943721219527	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x8058	0x254	data			0.4597315436241611

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 30, 2024 00:20:50.920245886 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 30, 2024 00:20:52.576421022 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 30, 2024 00:21:02.188173056 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 30, 2024 00:21:04.206351042 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:04.429560900 CEST	49736	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.429600954 CEST	443	49736	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.429671049 CEST	49736	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.429893017 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:04.429903030 CEST	49736	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.429917097 CEST	443	49736	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.429954052 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:04.612724066 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:04.628340006 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.628371000 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.628427029 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.628747940 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.628757000 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.651204109 CEST	443	49736	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.651506901 CEST	49736	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.651526928 CEST	443	49736	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.652805090 CEST	443	49736	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.652870893 CEST	49736	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.654434919 CEST	49736	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.654515028 CEST	443	49736	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.654831886 CEST	49736	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.654839039 CEST	443	49736	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.695378065 CEST	49739	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.695417881 CEST	443	49739	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.695504904 CEST	49739	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.695729971 CEST	49739	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.695744038 CEST	443	49739	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.700670958 CEST	49736	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.848316908 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.848607063 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.848630905 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.850075006 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.850146055 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.850467920 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.850548029 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.850651026 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.850656986 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.877684116 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:04.877746105 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:04.885495901 CEST	443	49736	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.885674953 CEST	443	49736	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.885730028 CEST	49736	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.886429071 CEST	49736	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.886445999 CEST	443	49736	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.916493893 CEST	443	49739	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.916941881 CEST	49739	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.916964054 CEST	443	49739	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.917279005 CEST	443	49739	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.917674065 CEST	49739	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.917732954 CEST	443	49739	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.918226004 CEST	49739	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:04.964114904 CEST	443	49739	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:04.992568016 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.101080894 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.101135969 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.101180077 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.101186991 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.101195097 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.101242065 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.107964993 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.108015060 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.108021021 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.108026028 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.108062029 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.115127087 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.115180016 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.115183115 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.115195036 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.115242004 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.122194052 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.122250080 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.129405975 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.129443884 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.129461050 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.129465103 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.129549026 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.142667055 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:05.155128002 CEST	443	49739	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.155858994 CEST	443	49739	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.155925989 CEST	49739	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.156277895 CEST	49739	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.156296968 CEST	443	49739	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.203510046 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.203555107 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.203574896 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.203581095 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.203629971 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.206537962 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.206604004 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.213685989 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.213721991 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.213731050 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.213736057 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.213776112 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.220854044 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.220894098 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.220904112 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.220909119 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.220947981 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.228027105 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.228070021 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.228079081 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.228082895 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.228121042 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.235141039 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.235199928 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.242228985 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.242280960 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.242295027 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.242300987 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.242402077 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.249346018 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.249402046 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.249404907 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.255944014 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.255983114 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.255990982 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.255995035 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.256043911 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.262377024 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.268984079 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.269022942 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.269041061 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.269046068 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.269201994 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.275460958 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.278724909 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.278779030 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.278783083 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.285254955 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.285298109 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.285303116 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.306282043 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.306334019 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.306341887 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.308182001 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.308228970 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.308233976 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.313287020 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.313338995 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.313344002 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.317890882 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.317938089 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.317941904 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.322597980 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.322653055 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.322658062 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.327182055 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.327229977 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.327234983 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.331783056 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.331830978 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.331835032 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.336431980 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.336483955 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.336488008 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.341037989 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.341088057 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.341092110 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.345648050 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.345702887 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.345707893 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.352722883 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.352762938 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.352772951 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.352777958 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.352818012 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.357166052 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.361845970 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.361882925 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.361920118 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.361924887 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.361964941 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.366451025 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.371079922 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.371118069 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.371129036 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.371133089 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.371174097 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.371177912 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.375756979 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.375807047 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.375811100 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.380410910 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.380476952 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.380481958 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.385176897 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.385354042 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.385358095 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.389354944 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.389427900 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.389431000 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.393583059 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.393848896 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.393853903 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.397968054 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.398021936 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.398025990 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.402175903 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.402240038 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.402244091 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.408458948 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.408497095 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.408509970 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.408515930 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.408679008 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.412652016 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.416881084 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.416922092 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.416924953 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.416934013 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.417068958 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.419542074 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.422163963 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.422213078 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.422235012 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.422240019 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.422282934 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.424840927 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.427421093 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.427459002 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.427479982 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.427484989 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.427557945 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.430104971 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.432533979 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.432573080 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.432595968 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.432601929 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.432735920 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.435133934 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.437635899 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.437671900 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.437695026 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.437699080 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.437736988 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.440021992 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.442455053 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.442507029 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.442512035 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.443860054 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.443968058 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.443972111 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.446114063 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.446177959 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.446181059 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.446295023 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.446341038 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.446399927 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.446413040 CEST	443	49738	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.446420908 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.446449041 CEST	49738	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.722560883 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:05.748038054 CEST	49742	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.748084068 CEST	443	49742	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.748327971 CEST	49742	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.748564959 CEST	49742	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.748579979 CEST	443	49742	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.847464085 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:05.963593006 CEST	443	49742	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.965975046 CEST	49742	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.965996027 CEST	443	49742	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.966310024 CEST	443	49742	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:05.969599009 CEST	49742	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:05.969666958 CEST	443	49742	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:06.112706900 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:06.176121950 CEST	443	49742	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:06.176179886 CEST	49742	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:07.855094910 CEST	49745	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:07.855129957 CEST	443	49745	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:07.855211020 CEST	49745	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:07.856805086 CEST	49745	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:07.856822968 CEST	443	49745	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.009809017 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.009845972 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.009907007 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.010137081 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.010153055 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.078650951 CEST	443	49745	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.078758955 CEST	49745	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.096172094 CEST	49745	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.096189022 CEST	443	49745	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.097142935 CEST	443	49745	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.168971062 CEST	49745	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.231796026 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.232135057 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.232161045 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.233606100 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.233675957 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.237201929 CEST	49745	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.238194942 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.238394022 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.238399029 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.238428116 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.280128002 CEST	443	49745	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.351432085 CEST	443	49745	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.351547956 CEST	443	49745	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.351600885 CEST	49745	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.351649046 CEST	49745	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.351670027 CEST	443	49745	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.351682901 CEST	49745	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.351689100 CEST	443	49745	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.397996902 CEST	49747	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.398047924 CEST	443	49747	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.398108006 CEST	49747	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.398606062 CEST	49747	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.398622036 CEST	443	49747	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.403343916 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.403359890 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.442997932 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.443047047 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.443069935 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.443080902 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.443123102 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.443128109 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.443141937 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.443182945 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.443188906 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.449779034 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.449826956 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.449834108 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.456778049 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.456823111 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.456831932 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.463805914 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.463848114 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.463855982 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.543668985 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.543713093 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.543726921 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.543736935 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.543787003 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.547131062 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.554169893 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.554208994 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.554234982 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.554244995 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.554284096 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.561223030 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.568213940 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.568254948 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.568262100 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.568276882 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.568314075 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.575333118 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.582282066 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.582329035 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.582339048 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.588849068 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.588886023 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.588895082 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.588903904 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.588939905 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.595396042 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.601955891 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.601999998 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.602006912 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.602018118 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.602056026 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.605377913 CEST	443	49747	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.605468035 CEST	49747	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.607004881 CEST	49747	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.607013941 CEST	443	49747	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.607358932 CEST	443	49747	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.608381987 CEST	49747	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.608473063 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.615118980 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.615156889 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.615175009 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.615184069 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.615222931 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.621582031 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.628209114 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.628261089 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.628303051 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.628312111 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.628356934 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.644270897 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.647511005 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.647545099 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.647581100 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.647592068 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.647631884 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.652121067 CEST	443	49747	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.653929949 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.659996033 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.660032988 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.660048008 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.660058022 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.660096884 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.665602922 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.671266079 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.671317101 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.671324015 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.676836967 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.676873922 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.676883936 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.676892042 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.676929951 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.682404995 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.687916040 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.687962055 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.687967062 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.687980890 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.688024998 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.693406105 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.696227074 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.696285963 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.696294069 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.701704025 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.701762915 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.701771021 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.707247019 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.707293034 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.707302094 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.712418079 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.712466955 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.712474108 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.717298031 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.717345953 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.717354059 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.721865892 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.721916914 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.721925974 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.724934101 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:08.726304054 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.726349115 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.726356030 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.730473042 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.730523109 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.730531931 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.734772921 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.734811068 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.734827042 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.734837055 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.734873056 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.738811970 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.742716074 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.742753983 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.742778063 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.742789030 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.742827892 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.746671915 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.750566006 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.750617027 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.750627041 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.752599955 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.752662897 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.752671003 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.756514072 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.756570101 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.756577015 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.758932114 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.758985043 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.758995056 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.759052992 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:08.761365891 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.761416912 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.761435986 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.763757944 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.763819933 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.763828039 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.766184092 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.766233921 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.766242027 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.768661022 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.768724918 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.768868923 CEST	49746	443	192.168.2.4	142.250.190.110
Apr 30, 2024 00:21:08.768879890 CEST	443	49746	142.250.190.110	192.168.2.4
Apr 30, 2024 00:21:08.843930960 CEST	443	49747	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.844060898 CEST	443	49747	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.844113111 CEST	49747	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.844789982 CEST	49747	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.844810009 CEST	443	49747	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:08.844824076 CEST	49747	443	192.168.2.4	23.54.42.93
Apr 30, 2024 00:21:08.844830990 CEST	443	49747	23.54.42.93	192.168.2.4
Apr 30, 2024 00:21:09.023701906 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:10.653152943 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:10.761320114 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:11.727936029 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:11.959300995 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:13.473663092 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:13.737780094 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:13.737859011 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:14.002733946 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:14.143376112 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:14.143425941 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:14.143496037 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:14.144589901 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:14.144609928 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:14.557727098 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:14.557821989 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:14.560558081 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:14.560564041 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:14.561041117 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:14.633033037 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:14.959609985 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:15.004122019 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217597008 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217648029 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217659950 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217678070 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217686892 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217694998 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217736006 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:15.217756033 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217782021 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:15.217796087 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217798948 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:15.217808962 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217858076 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:15.217864037 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.217894077 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.219284058 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:15.455492973 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:15.455493927 CEST	49748	443	192.168.2.4	20.12.23.50
Apr 30, 2024 00:21:15.455573082 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:15.455620050 CEST	443	49748	20.12.23.50	192.168.2.4
Apr 30, 2024 00:21:16.040405035 CEST	443	49742	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:16.040463924 CEST	443	49742	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:16.040580988 CEST	49742	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:16.315947056 CEST	49742	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:21:16.315983057 CEST	443	49742	142.250.190.68	192.168.2.4
Apr 30, 2024 00:21:16.734111071 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:16.773684978 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:17.036636114 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:19.736856937 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:19.771848917 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:20.033641100 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:20.326992035 CEST	80	49723	208.111.186.0	192.168.2.4
Apr 30, 2024 00:21:20.327142000 CEST	49723	80	192.168.2.4	208.111.186.0
Apr 30, 2024 00:21:20.327142000 CEST	49723	80	192.168.2.4	208.111.186.0
Apr 30, 2024 00:21:20.428478956 CEST	80	49723	208.111.186.0	192.168.2.4
Apr 30, 2024 00:21:21.981931925 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:22.245698929 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:22.739907026 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:22.788357973 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:23.051712036 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:25.741879940 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:25.771980047 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:26.034677029 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:28.744172096 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:28.788764954 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:29.052824020 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:31.677963972 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:31.678141117 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:31.901913881 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:31.953753948 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:31.959502935 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:32.224988937 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:34.659790993 CEST	80	49724	208.111.186.0	192.168.2.4
Apr 30, 2024 00:21:34.659892082 CEST	49724	80	192.168.2.4	208.111.186.0
Apr 30, 2024 00:21:34.659892082 CEST	49724	80	192.168.2.4	208.111.186.0
Apr 30, 2024 00:21:34.749005079 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:34.785717964 CEST	80	49724	208.111.186.0	192.168.2.4
Apr 30, 2024 00:21:34.785768032 CEST	80	49724	208.111.186.0	192.168.2.4
Apr 30, 2024 00:21:34.785826921 CEST	49724	80	192.168.2.4	208.111.186.0
Apr 30, 2024 00:21:34.793868065 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:34.807462931 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:35.070513010 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:37.752053022 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:37.793699026 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:37.976795912 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:38.242480993 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:40.083796978 CEST	7777	49735	45.141.215.185	192.168.2.4
Apr 30, 2024 00:21:40.137651920 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:40.140563965 CEST	49735	7777	192.168.2.4	45.141.215.185
Apr 30, 2024 00:21:53.072031975 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.072069883 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.072211027 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.073273897 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.073287010 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.486833096 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.486959934 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.496375084 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.496396065 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.496709108 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.505218983 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.548155069 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.889831066 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.889854908 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.889873981 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.889919043 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.889945984 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.889959097 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.889967918 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.889990091 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.890002012 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.890014887 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.890023947 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.890038967 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.890077114 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.890120029 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.898298025 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.898318052 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:21:53.898329973 CEST	49754	443	192.168.2.4	13.85.23.86
Apr 30, 2024 00:21:53.898334980 CEST	443	49754	13.85.23.86	192.168.2.4
Apr 30, 2024 00:22:05.807828903 CEST	49756	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:22:05.807854891 CEST	443	49756	142.250.190.68	192.168.2.4
Apr 30, 2024 00:22:05.807929039 CEST	49756	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:22:05.808161020 CEST	49756	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:22:05.808172941 CEST	443	49756	142.250.190.68	192.168.2.4
Apr 30, 2024 00:22:06.023577929 CEST	443	49756	142.250.190.68	192.168.2.4
Apr 30, 2024 00:22:06.023900032 CEST	49756	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:22:06.023915052 CEST	443	49756	142.250.190.68	192.168.2.4
Apr 30, 2024 00:22:06.024391890 CEST	443	49756	142.250.190.68	192.168.2.4
Apr 30, 2024 00:22:06.024722099 CEST	49756	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:22:06.024805069 CEST	443	49756	142.250.190.68	192.168.2.4
Apr 30, 2024 00:22:06.073558092 CEST	49756	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:22:16.028520107 CEST	443	49756	142.250.190.68	192.168.2.4
Apr 30, 2024 00:22:16.028582096 CEST	443	49756	142.250.190.68	192.168.2.4
Apr 30, 2024 00:22:16.028747082 CEST	49756	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:22:16.312902927 CEST	49756	443	192.168.2.4	142.250.190.68
Apr 30, 2024 00:22:16.312925100 CEST	443	49756	142.250.190.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 30, 2024 00:21:01.739633083 CEST	53	58529	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:01.778573990 CEST	53	60904	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:01.825956106 CEST	56592	53	192.168.2.4	8.8.8.8
Apr 30, 2024 00:21:01.826514959 CEST	64666	53	192.168.2.4	1.1.1.1
Apr 30, 2024 00:21:01.926848888 CEST	53	56592	8.8.8.8	192.168.2.4
Apr 30, 2024 00:21:01.927973986 CEST	53	64666	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:02.421593904 CEST	53	64874	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:03.896533966 CEST	54827	53	192.168.2.4	1.1.1.1
Apr 30, 2024 00:21:04.199642897 CEST	53	54827	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:04.324058056 CEST	55469	53	192.168.2.4	1.1.1.1
Apr 30, 2024 00:21:04.324189901 CEST	56014	53	192.168.2.4	1.1.1.1
Apr 30, 2024 00:21:04.427110910 CEST	53	55469	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:04.428802967 CEST	53	56014	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:05.652955055 CEST	53	60706	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:07.867012024 CEST	50480	53	192.168.2.4	1.1.1.1
Apr 30, 2024 00:21:07.867151022 CEST	60057	53	192.168.2.4	1.1.1.1
Apr 30, 2024 00:21:07.968390942 CEST	53	60057	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:07.968930006 CEST	53	50480	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:20.116894960 CEST	53	56368	1.1.1.1	192.168.2.4
Apr 30, 2024 00:21:21.440515995 CEST	138	138	192.168.2.4	192.168.2.255
Apr 30, 2024 00:21:39.135560989 CEST	53	64623	1.1.1.1	192.168.2.4
Apr 30, 2024 00:22:01.277951956 CEST	53	51787	1.1.1.1	192.168.2.4
Apr 30, 2024 00:22:02.680608034 CEST	53	60559	1.1.1.1	192.168.2.4
Apr 30, 2024 00:22:30.544150114 CEST	53	60605	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 30, 2024 00:21:01.825956106 CEST	192.168.2.4	8.8.8.8	0x128e	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 30, 2024 00:21:01.826514959 CEST	192.168.2.4	1.1.1.1	0x5358	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 30, 2024 00:21:03.896533966 CEST	192.168.2.4	1.1.1.1	0xdf4	Standard query (0)	berlyn777.con-ip.com	A (IP address)	IN (0x0001)	false
Apr 30, 2024 00:21:04.324058056 CEST	192.168.2.4	1.1.1.1	0xdfd5	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 30, 2024 00:21:04.324189901 CEST	192.168.2.4	1.1.1.1	0xe77d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 30, 2024 00:21:07.867012024 CEST	192.168.2.4	1.1.1.1	0x87ef	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Apr 30, 2024 00:21:07.867151022 CEST	192.168.2.4	1.1.1.1	0x3d27	Standard query (0)	apis.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 30, 2024 00:21:01.926848888 CEST	8.8.8.8	192.168.2.4	0x128e	No error (0)	google.com		172.217.2.46	A (IP address)	IN (0x0001)	false
Apr 30, 2024 00:21:01.927973986 CEST	1.1.1.1	192.168.2.4	0x5358	No error (0)	google.com		142.250.190.142	A (IP address)	IN (0x0001)	false
Apr 30, 2024 00:21:04.199642897 CEST	1.1.1.1	192.168.2.4	0xdf4	No error (0)	berlyn777.con-ip.com		45.141.215.185	A (IP address)	IN (0x0001)	false
Apr 30, 2024 00:21:04.427110910 CEST	1.1.1.1	192.168.2.4	0xdfd5	No error (0)	www.google.com		142.250.190.68	A (IP address)	IN (0x0001)	false
Apr 30, 2024 00:21:04.428802967 CEST	1.1.1.1	192.168.2.4	0xe77d	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 30, 2024 00:21:07.968390942 CEST	1.1.1.1	192.168.2.4	0x3d27	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 30, 2024 00:21:07.968930006 CEST	1.1.1.1	192.168.2.4	0x87ef	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 30, 2024 00:21:07.968930006 CEST	1.1.1.1	192.168.2.4	0x87ef	No error (0)	plus.l.google.com		142.250.190.110	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

apis.google.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	142.250.190.68	443	7452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-29 22:21:04 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-29 22:21:04 UTC	1479	IN	HTTP/1.1 200 OK Version: 627109246 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Date: Mon, 29 Apr 2024 22:21:04 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-29 22:21:04 UTC	25	IN	Data Raw: 31 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d 0d 0a Data Ascii: 13)]}'{"ddljson":{}}
2024-04-29 22:21:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	142.250.190.68	443	7452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-29 22:21:04 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-29 22:21:05 UTC	1479	IN	HTTP/1.1 200 OK Version: 627109246 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Date: Mon, 29 Apr 2024 22:21:05 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-29 22:21:05 UTC	1479	IN	Data Raw: 38 30 30 30 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 52 61 20 67 62 5f 69 62 20 67 62 5f 55 64 20 67 62 5f 6f 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 8000)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ra gb_ib gb_Ud gb_od\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-04-29 22:21:05 UTC	1479	IN	Data Raw: 30 33 64 5c 22 67 62 5f 4a 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 39 64 20 67 62 5f 4b 63 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4f 63 20 67 62 5f 36 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c Data Ascii: 03d\"gb_Jc\"\u003e\u003ca class\u003d\"gb_9d gb_Kc gb_7d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Oc gb_6d\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\
2024-04-29 22:21:05 UTC	1479	IN	Data Raw: 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 53 65 61 72 63 68 20 4c 61 62 73 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 6c 61 62 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 65 61 72 63 68 3f 73 6f 75 72 63 65 5c 75 30 30 33 64 6e 74 70 5c 22 20 74 61 72 67 65 74 5c 75 30 30 33 64 5c 22 5f 74 6f 70 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 67 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 Data Ascii: aria-label\u003d\"Search Labs\" href\u003d\"https://labs.google.com/search?source\u003dntp\" target\u003d\"_top\" role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_g\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0
2024-04-29 22:21:05 UTC	1479	IN	Data Raw: 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 Data Ascii: 9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2
2024-04-29 22:21:05 UTC	1479	IN	Data Raw: 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 31 33 30 30 31 30 32 2c 33 37 30 30 32 34 32 2c 33 37 30 31 33 31 30 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 Data Ascii: u-content","metadata":{"bar_height":60,"experiment_id":[1300102,3700242,3701310],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u00
2024-04-29 22:21:05 UTC	1479	IN	Data Raw: 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 20 69 6e 20 61 2e 69 29 72 65 74 75 72 6e 20 61 2e 69 5b 62 5d 3b 74 68 72 6f 77 20 6e 65 77 20 72 64 3b 7d 3b 5f 2e 74 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 73 64 28 5f 2e 57 63 2e 69 28 29 2c 61 29 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 7a 64 2c 49 64 2c 4b 64 3b 5f 2e 75 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 29 72 65 74 Data Ascii: \u003dfunction(a,b){if(b in a.i)return a.i[b];throw new rd;};_.td\u003dfunction(a){return _.sd(_.Wc.i(),a)};\n}catch(e){_._DumpException(e)}\ntry{\n/\n\n SPDX-License-Identifier: Apache-2.0\n/\nvar zd,Id,Kd;_.ud\u003dfunction(a){if(null\u003d\u003da)ret
2024-04-29 22:21:05 UTC	1479	IN	Data Raw: 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 5f 2e 76 62 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 5b 5f 2e 76 62 5d 7c 7c 28 61 5b 5f 2e 76 62 5d 5c 75 30 30 33 64 2b 2b 49 64 29 7d 3b 4b 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 6e 75 6c 6c 2c 63 5c 75 30 30 33 64 5f 2e 71 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 69 66 28 21 63 7c 7c 21 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 62 3b 74 72 79 7b 62 5c 75 30 30 33 64 63 2e 63 72 65 61 74 65 50 6f 6c 69 Data Ascii: 03dfunction(a){return Object.prototype.hasOwnProperty.call(a,_.vb)\u0026\u0026a[_.vb]\|\|(a[_.vb]\u003d++Id)};Kd\u003dfunction(a){return a};_.Ld\u003dfunction(a){var b\u003dnull,c\u003d_.q.trustedTypes;if(!c\|\|!c.createPolicy)return b;try{b\u003dc.createPoli
2024-04-29 22:21:05 UTC	1479	IN	Data Raw: 28 29 7d 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 57 64 28 5c 22 5c 22 2c 5f 2e 56 64 29 3b 5f 2e 59 64 5c 75 30 30 33 64 52 65 67 45 78 70 28 5c 22 5e 5b 2d 2b 2c 2e 5c 5c 5c 22 5c 75 30 30 32 37 25 5f 21 23 2f 20 61 2d 7a 41 2d 5a 30 2d 39 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 5d 2b 24 5c 22 29 3b 5f 2e 5a 64 5c 75 30 30 33 64 52 65 67 45 78 70 28 5c 22 5c 5c 5c 5c 62 28 75 72 6c 5c 5c 5c 5c 28 5b 20 5c 5c 74 5c 5c 6e 5d 2a 29 28 5c 75 30 30 32 37 5b 20 2d 5c 75 30 30 32 36 28 2d 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2d 7e 5d 2a 5c 75 30 30 32 37 7c 5c 5c 5c 22 5b 20 21 23 2d 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2d 7e 5d 2a 5c 5c 5c 22 7c 5b 21 23 2d 5c 75 30 30 32 36 2a 2d 5c 5c 5c 5c 5b 5c 5c 5c 5c 5d 2d 7e 5d 2a 29 28 5b 20 5c 5c 74 5c 5c 6e 5d 2a 5c 5c 5c 5c Data Ascii: ()}};_.Xd\u003dnew _.Wd(\"\",_.Vd);_.Yd\u003dRegExp(\"^[-+,.\\\"\u0027%_!#/ a-zA-Z0-9\\\\[\\\\]]+$\");_.Zd\u003dRegExp(\"\\\\b(url\\\\([ \\t\\n])(\u0027[ -\u0026(-\\\\[\\\\]-~]\u0027\|\\\"[ !#-\\\\[\\\\]-~]\\\"\|[!#-\u0026-\\\\[\\\\]-~])([ \\t\\n]\\\\
2024-04-29 22:21:05 UTC	1479	IN	Data Raw: 33 64 61 2e 6e 6f 6e 63 65 7c 7c 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 68 65 2e 74 65 73 74 28 61 29 3f 61 3a 5c 22 5c 22 3a 5c 22 5c 22 7d 3b 5f 2e 6a 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 77 69 64 74 68 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 68 65 69 67 68 74 5c 75 30 30 33 64 62 7d 3b 5f 2e 6d 5c 75 30 30 33 64 5f 2e 6a 65 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6d 2e 61 73 70 65 63 74 52 61 74 69 6f 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 77 69 64 74 68 2f 74 68 69 73 2e 68 65 69 67 68 74 7d 3b 5f 2e 6d 2e 45 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 28 74 68 Data Ascii: 3da.nonce\|\|a.getAttribute(\"nonce\"))\u0026\u0026he.test(a)?a:\"\":\"\"};_.je\u003dfunction(a,b){this.width\u003da;this.height\u003db};_.m\u003d_.je.prototype;_.m.aspectRatio\u003dfunction(){return this.width/this.height};_.m.Eb\u003dfunction(){return!(th
2024-04-29 22:21:05 UTC	1479	IN	Data Raw: 62 29 7b 62 5c 75 30 30 33 64 53 74 72 69 6e 67 28 62 29 3b 5c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 63 6f 6e 74 65 6e 74 54 79 70 65 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 62 29 7d 3b 5f 2e 6e 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3b 62 5c 75 30 30 33 64 61 2e 66 69 72 73 74 43 68 69 6c 64 3b 29 61 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 62 29 7d 3b 5f 2e 6f 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 39 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e Data Ascii: b){b\u003dString(b);\"application/xhtml+xml\"\u003d\u003d\u003da.contentType\u0026\u0026(b\u003db.toLowerCase());return a.createElement(b)};_.ne\u003dfunction(a){for(var b;b\u003da.firstChild;)a.removeChild(b)};_.oe\u003dfunction(a){return 9\u003d\u003da.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	142.250.190.68	443	7452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-29 22:21:04 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-29 22:21:05 UTC	1434	IN	HTTP/1.1 200 OK Version: 627109246 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Date: Mon, 29 Apr 2024 22:21:05 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-29 22:21:05 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-04-29 22:21:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	23.54.42.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-29 22:21:08 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-29 22:21:08 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0790) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=31380 Date: Mon, 29 Apr 2024 22:21:08 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	142.250.190.110	443	7452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-29 22:21:08 UTC	741	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-29 22:21:08 UTC	903	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript; charset=UTF-8 Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 121628 Date: Mon, 29 Apr 2024 22:21:08 GMT Expires: Tue, 29 Apr 2025 22:21:08 GMT Cache-Control: public, max-age=31536000 Last-Modified: Mon, 15 Apr 2024 17:34:54 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-29 22:21:08 UTC	352	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 32 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 63 61 2c 64 61 2c 6e 61 2c 70 61 2c 76 61 2c 77 61 2c 7a 61 3b 62 61 3d 66 75 6e 63 Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x20000, ]);var ba,ca,da,na,pa,va,wa,za;ba=func
2024-04-29 22:21:08 UTC	1255	IN	Data Raw: 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 Data Ascii: on"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typ
2024-04-29 22:21:08 UTC	1255	IN	Data Raw: 64 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 26 26 63 61 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 61 28 62 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 75 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 Data Ascii: d&&"function"!=typeof d.prototype[a]&&ca(d.prototype,a,{configurable:!0,writable:!0,value:function(){return pa(ba(this))}})}return a});pa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a};_.ua=function(a){var b="undefined"!=type
2024-04-29 22:21:08 UTC	1255	IN	Data Raw: 5b 5d 3b 76 61 72 20 6b 3d 74 68 69 73 3b 74 68 69 73 2e 74 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 45 37 28 29 7d 29 7d 74 68 69 73 2e 50 66 2e 70 75 73 68 28 68 29 7d 3b 76 61 72 20 64 3d 5f 2e 6d 61 2e 73 65 74 54 69 6d 65 6f 75 74 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 74 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 64 28 68 2c 30 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 45 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 50 66 26 26 74 68 69 73 2e 50 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 50 66 3b 74 68 69 73 2e 50 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d Data Ascii: [];var k=this;this.tP(function(){k.E7()})}this.Pf.push(h)};var d=_.ma.setTimeout;b.prototype.tP=function(h){d(h,0)};b.prototype.E7=function(){for(;this.Pf&&this.Pf.length;){var h=this.Pf;this.Pf=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}
2024-04-29 22:21:08 UTC	1255	IN	Data Raw: 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 68 69 73 3b 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 68 2e 67 63 61 28 29 29 7b 76 61 72 20 6b 3d 5f 2e 6d 61 2e 63 6f 6e 73 6f 6c 65 3b 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 6b 26 26 6b 2e 65 72 72 6f 72 28 68 2e 46 66 29 7d 7d 2c 0a 31 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 63 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 73 56 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 68 3d 5f 2e 6d 61 2e 43 75 73 74 6f 6d 45 76 65 6e 74 2c 6b 3d 5f 2e 6d 61 2e 45 76 65 6e 74 2c 6c 3d 5f 2e 6d 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 3d 74 79 70 65 6f 66 20 6c 29 72 65 74 75 72 6e 21 30 3b 22 66 75 6e 63 74 69 Data Ascii: nction(){var h=this;d(function(){if(h.gca()){var k=_.ma.console;"undefined"!==typeof k&&k.error(h.Ff)}},1)};e.prototype.gca=function(){if(this.sV)return!1;var h=_.ma.CustomEvent,k=_.ma.Event,l=_.ma.dispatchEvent;if("undefined"===typeof l)return!0;"functi
2024-04-29 22:21:08 UTC	1255	IN	Data Raw: 65 2e 72 65 73 6f 6c 76 65 3d 63 3b 65 2e 72 65 6a 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6c 28 68 29 7d 29 7d 3b 65 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 66 6f 72 28 76 61 72 20 6d 3d 5f 2e 75 61 28 68 29 2c 6e 3d 6d 2e 6e 65 78 74 28 29 3b 21 6e 2e 64 6f 6e 65 3b 6e 3d 6d 2e 6e 65 78 74 28 29 29 63 28 6e 2e 76 61 6c 75 65 29 2e 42 79 28 6b 2c 6c 29 7d 29 7d 3b 65 2e 61 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 5f 2e 75 61 28 68 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6c 2e 64 6f 6e 65 3f 63 28 5b 5d 29 3a 6e 65 77 20 65 28 66 75 Data Ascii: e.resolve=c;e.reject=function(h){return new e(function(k,l){l(h)})};e.race=function(h){return new e(function(k,l){for(var m=_.ua(h),n=m.next();!n.done;n=m.next())c(n.value).By(k,l)})};e.all=function(h){var k=_.ua(h),l=k.next();return l.done?c([]):new e(fu
2024-04-29 22:21:08 UTC	1255	IN	Data Raw: 6e 21 31 3b 74 72 79 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6d 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6e 3d 6e 65 77 20 61 28 5b 5b 6c 2c 32 5d 2c 5b 6d 2c 33 5d 5d 29 3b 69 66 28 32 21 3d 6e 2e 67 65 74 28 6c 29 7c 7c 33 21 3d 6e 2e 67 65 74 28 6d 29 29 72 65 74 75 72 6e 21 31 3b 6e 2e 64 65 6c 65 74 65 28 6c 29 3b 6e 2e 73 65 74 28 6d 2c 34 29 3b 72 65 74 75 72 6e 21 6e 2e 68 61 73 28 6c 29 26 26 34 3d 3d 6e 2e 67 65 74 28 6d 29 7d 63 61 74 63 68 28 70 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 0a 76 61 72 20 66 3d 22 24 6a 73 63 6f 6d 70 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 Data Ascii: n!1;try{var l=Object.seal({}),m=Object.seal({}),n=new a([[l,2],[m,3]]);if(2!=n.get(l)\|\|3!=n.get(m))return!1;n.delete(l);n.set(m,4);return!n.has(l)&&4==n.get(m)}catch(p){return!1}}())return a;var f="$jscomp_hidden_"+Math.random();e("freeze");e("preventExt
2024-04-29 22:21:08 UTC	1255	IN	Data Raw: 70 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 0a 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 6b 29 7b 6b 3d 5f 2e 75 61 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6b 3d 30 3d 3d 3d 6b 3f 30 3a 6b 3b 76 61 72 20 6d 3d 64 28 74 68 69 73 2c 6b 29 3b 6d 2e 6c 69 73 74 7c 7c 28 6d 2e 6c 69 73 74 3d 74 68 69 73 5b 30 5d 5b 6d 2e 69 64 5d 3d 5b 5d 29 3b 6d 2e 6e 66 3f 6d 2e 6e 66 2e 76 61 6c 75 65 3d 6c 3a 28 6d 2e 6e 66 3d 7b 6e 65 78 74 3a 74 68 69 Data Ascii: p,c=function(k){this[0]={};this[1]=f();this.size=0;if(k){k=_.ua(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};c.prototype.set=function(k,l){k=0===k?0:k;var m=d(this,k);m.list\|\|(m.list=this[0][m.id]=[]);m.nf?m.nf.value=l:(m.nf={next:thi
2024-04-29 22:21:08 UTC	1255	IN	Data Raw: 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6c 2c 6d 29 29 3a 6d 3d 22 70 5f 22 2b 6c 3b 76 61 72 20 6e 3d 6b 5b 30 5d 5b 6d 5d 3b 69 66 28 6e 26 26 76 61 28 6b 5b 30 5d 2c 6d 29 29 66 6f 72 28 6b 3d 30 3b 6b 3c 6e 2e 6c 65 6e 67 74 68 3b 6b 2b 2b 29 7b 76 61 72 20 70 3d 6e 5b 6b 5d 3b 69 66 28 6c 21 3d 3d 6c 26 26 70 2e 6b 65 79 21 3d 3d 70 2e 6b 65 79 7c 7c 6c 3d 3d 3d 70 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 6b 2c 6e 66 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 2d 31 2c 6e 66 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 76 61 72 20 6d 3d 6b 5b 31 5d 3b 72 65 74 75 72 6e 20 70 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 Data Ascii: =""+ ++h,b.set(l,m)):m="p_"+l;var n=k[0][m];if(n&&va(k[0],m))for(k=0;k<n.length;k++){var p=n[k];if(l!==l&&p.key!==p.key\|\|l===p.key)return{id:m,list:n,index:k,nf:p}}return{id:m,list:n,index:-1,nf:void 0}},e=function(k,l){var m=k[1];return pa(function(){if(
2024-04-29 22:21:08 UTC	1255	IN	Data Raw: 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 34 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 74 68 69 73 2e 44 61 3d 6e 65 77 20 4d 61 70 3b 69 66 28 63 29 7b 63 3d 0a 5f 2e 75 61 28 63 29 3b 66 6f 72 28 Data Ascii: .entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)return!1;f=e.next();return f.done\|\|f.value[0]==c\|\|4!=f.value[0].x\|\|f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var b=function(c){this.Da=new Map;if(c){c=_.ua(c);for(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	23.54.42.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-29 22:21:08 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-29 22:21:08 UTC	455	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 Cache-Control: public, max-age=31393 Date: Mon, 29 Apr 2024 22:21:08 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-29 22:21:08 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49748	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-04-29 22:21:14 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yAV88TB9dHccag3&MD=LRADRguV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-29 22:21:15 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 2b94a7bf-40d9-4af5-be08-fcbfb4d01b8d MS-RequestId: 04c1f4e4-2a98-42ec-9b9c-c1323d34efd1 MS-CV: Do/raHAOJUKeX/Z6.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 29 Apr 2024 22:21:14 GMT Connection: close Content-Length: 24490
2024-04-29 22:21:15 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-29 22:21:15 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49754	13.85.23.86	443

Timestamp	Bytes transferred	Direction	Data
2024-04-29 22:21:53 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=yAV88TB9dHccag3&MD=LRADRguV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-29 22:21:53 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 9958818a-fac2-45b0-94ba-2158b4a8d1ac MS-RequestId: e0585429-f62e-49ee-a903-b87bed4cd42f MS-CV: lb9WHGNW/EWmt7RB.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 29 Apr 2024 22:21:53 GMT Connection: close Content-Length: 25457
2024-04-29 22:21:53 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-29 22:21:53 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	00:20:54
Start date:	30/04/2024
Path:	C:\Users\user\Desktop\xRzIkuwCyozY.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\xRzIkuwCyozY.exe"
Imagebase:	0x630000
File size:	32'768 bytes
MD5 hash:	3E07CEA83322232968C52E0AD1F98C03
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1622453853.0000000000632000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000002.2088998163.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Target ID:	1
Start time:	00:20:59
Start date:	30/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	2
Start time:	00:20:59
Start date:	30/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	4
Start time:	00:21:00
Start date:	30/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2036,i,3006558031417863421,7263643072710997579,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	5
Start time:	00:21:00
Start date:	30/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=2036,i,5724583149837707848,3027707607016890056,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	9
Start time:	00:21:39
Start date:	30/04/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xRzIkuwCyozY.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	10
Start time:	00:21:39
Start date:	30/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true