Edit tour

Windows Analysis Report
4G1n4pmjH3.html

Overview

General Information

Sample name:	4G1n4pmjH3.html renamed because original name is a hash value
Original sample name:	b56a47d08edf4a0f1b1956e86b7e2b78174022c3b301d520cf15cf612749cee7.html
Analysis ID:	1703181
Has dependencies:	false
MD5:	707400fc80c4466466c1f05494ff652b
SHA1:	ff7496bb48687961d3e64c90abadb5681217027b
SHA256:	b56a47d08edf4a0f1b1956e86b7e2b78174022c3b301d520cf15cf612749cee7
Tags:	htmlsdfwer234-comuser-JAMESWT_WT
Infos:

Detection

CAPTCHA Scam ClickFix

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected CAPTCHA Scam ClickFix

Suspicious Javascript code found in HTML file

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7028 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,2488983959081157426,10894814468624279180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2232 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,2488983959081157426,10894814468624279180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3852 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\4G1n4pmjH3.html" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

AI Reasoning

⊘No reasoning have been found

Malware Configuration

⊘No configs have been found

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
4G1n4pmjH3.html	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 4G1n4pmjH3.html	Virustotal: Detection: 32%			Perma Link
Source: 4G1n4pmjH3.html	ReversingLabs: Detection: 36%

Phishing

Yara detected CAPTCHA Scam ClickFix

Source: Yara match	File source: 4G1n4pmjH3.html, type: SAMPLE
Source: Yara match	File source: 0.0.pages.csv, type: HTML

Suspicious Javascript code found in HTML file

Source: 4G1n4pmjH3.html	HTTP Parser: .location
Source: 4G1n4pmjH3.html	HTTP Parser: .location

Source: 4G1n4pmjH3.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/4G1n4pmjH3.html	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.254:443 -> 192.168.2.5:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:49713 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 104.21.27.152 104.21.27.152
Source: Joe Sandbox View	IP Address: 104.21.96.1 104.21.96.1
Source: Joe Sandbox View	IP Address: 104.21.96.1 104.21.96.1

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zZ3w7YWrFPxOB31&MD=gulZsSlr HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?fcb56c85667cf95d3e6d7dffe46dcc7d HTTP/1.1host: ax-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?41daae4991a558c007bc1c761ae255a6 HTTP/1.1host: ax-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5accept-language: en-CHaccept-encoding: gzip, deflate, bruser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Source: global traffic	HTTP traffic detected: GET /releases/v5.0.0/css/all.css HTTP/1.1host: use.fontawesome.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,/;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0
Source: global traffic	HTTP traffic detected: GET /lander/tradingview/recaptcha-project-browser-transparent.png HTTP/1.1host: tradingviewprime.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /releases/v5.0.0/webfonts/fa-brands-400.woff2 HTTP/1.1host: use.fontawesome.comorigin: nullsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://use.fontawesome.com/releases/v5.0.0/css/all.cssaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=4
Source: global traffic	HTTP traffic detected: GET /lander/tradingview/recaptcha-project-browser-transparent.png HTTP/1.1host: tradingviewprime.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: /sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zZ3w7YWrFPxOB31&MD=gulZsSlr HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: c.pki.goog
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: tradingviewprime.com

Source: 4G1n4pmjH3.html	String found in binary or memory: https://sdfwer234.com/13.vbs
Source: 4G1n4pmjH3.html	String found in binary or memory: https://tradingviewprime.com/lander/tradingview/recaptcha-project-browser-transparent.png
Source: 4G1n4pmjH3.html	String found in binary or memory: https://tradingviewprime.com/lander/tradingview/recaptcha-verify.html
Source: 4G1n4pmjH3.html	String found in binary or memory: https://use.fontawesome.com/releases/v5.0.0/css/all.css
Source: 4G1n4pmjH3.html	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: 4G1n4pmjH3.html	String found in binary or memory: https://www.google.com/intl/en/policies/terms/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49675
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.254:443 -> 192.168.2.5:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:49713 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.winHTML@24/7@9/5

Source: 4G1n4pmjH3.html	Virustotal: Detection: 32%
Source: 4G1n4pmjH3.html	ReversingLabs: Detection: 36%

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,2488983959081157426,10894814468624279180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2232 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,2488983959081157426,10894814468624279180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3852 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\4G1n4pmjH3.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,2488983959081157426,10894814468624279180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2232 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,2488983959081157426,10894814468624279180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3852 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
4G1n4pmjH3.html	32%	Virustotal		Browse
4G1n4pmjH3.html	36%	ReversingLabs	Document-HTML.Trojan.FakeCaptcha

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
tradingviewprime.com	104.21.48.1	true	false	high
www.google.com	173.194.208.106	true	false	high
use.fontawesome.com.cdn.cloudflare.net	104.21.27.152	true	false	high
pki-goog.l.google.com	142.250.113.94	true	false	high
use.fontawesome.com	unknown	unknown	false	high
c.pki.goog	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://c.pki.goog/r/r4.crl	false		high
file:///C:/Users/user/Desktop/4G1n4pmjH3.html	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://www.google.com/intl/en/policies/terms/	4G1n4pmjH3.html	false	high
https://sdfwer234.com/13.vbs	4G1n4pmjH3.html	false	unknown
https://tradingviewprime.com/lander/tradingview/recaptcha-verify.html	4G1n4pmjH3.html	false	unknown
https://tradingviewprime.com/lander/tradingview/recaptcha-project-browser-transparent.png	4G1n4pmjH3.html	false	unknown
https://use.fontawesome.com/releases/v5.0.0/css/all.css	4G1n4pmjH3.html	false	high
https://www.google.com/intl/en/policies/privacy/	4G1n4pmjH3.html	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.48.1	tradingviewprime.com	United States	13335	CLOUDFLARENETUS	false
173.194.208.106	www.google.com	United States	15169	GOOGLEUS	false
104.21.27.152	use.fontawesome.com.cdn.cloudflare.net	United States	13335	CLOUDFLARENETUS	false
104.21.96.1	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1703181
Start date and time:	2025-06-01 07:51:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	4G1n4pmjH3.html renamed because original name is a hash value
Original Sample Name:	b56a47d08edf4a0f1b1956e86b7e2b78174022c3b301d520cf15cf612749cee7.html
Detection:	MAL
Classification:	mal60.phis.winHTML@24/7@9/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 104.69.85.120, 199.232.210.172, 142.251.116.94, 142.250.114.100, 142.250.114.139, 142.250.114.102, 142.250.114.101, 142.250.114.138, 142.250.114.113, 142.251.186.101, 142.251.186.113, 142.251.186.100, 142.251.186.102, 142.251.186.138, 142.251.186.139, 142.250.113.84, 173.194.208.100, 173.194.208.138, 173.194.208.101, 173.194.208.113, 173.194.208.139, 173.194.208.102, 142.250.115.102, 142.250.115.138, 142.250.115.101, 142.250.115.100, 142.250.115.113, 142.250.115.139, 173.194.208.94, 142.251.116.101, 142.251.116.138, 142.251.116.102, 142.251.116.139, 142.251.116.113, 142.251.116.100, 142.250.113.102, 142.250.113.100, 142.250.113.113, 142.250.113.101, 142.250.113.138, 142.250.113.139
Excluded domains from analysis (whitelisted): clients1.google.com, ev2-ring.msedge.net, sn1prdapp01agg02-canary.cloudapp.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com, ax-ring.msedge.net, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.48.1	Update.msi	Get hash	malicious	Unknown	Browse	eightroutes.shop/c
	rvr13f0XW0.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	304542cm.nyashware.ru/videoMultilinuxpublic.php
	Cotizaci#U00f3n.exe	Get hash	malicious	FormBook	Browse	www.as6.buzz/yh5q/
	rOFERTApdf.exe	Get hash	malicious	FormBook	Browse	www.4x728z9yb.xyz/ii8c/
	FVSDSDDDDDDH11.exe	Get hash	malicious	FormBook	Browse	www.neatcenterr57.shop/jq9q/
	Order RFQ- 19A20060.exe	Get hash	malicious	FormBook	Browse	www.eczanem.shop/x1ba/
	kindly quote your best price for the listed goods..exe	Get hash	malicious	FormBook	Browse	www.eczanem.shop/3ujc/
	random.exe	Get hash	malicious	Amadey, LummaC Stealer, ResolverRAT	Browse	flare-299.shop/c
	Restoro.exe	Get hash	malicious	Unknown	Browse	www.restoro.com/lib/version.php?type=downloader
	random.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc v2, Vidar	Browse	flare-299.shop/c
104.21.27.152	http://digital-watchdog.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	http://clyffordstillmuseum.org	Get hash	malicious	Unknown	Browse
	http://clyffordstillmuseum.org	Get hash	malicious	Unknown	Browse
	https://sownerop.aether-stores.io/login	Get hash	malicious	Unknown	Browse
	https://figma.community/	Get hash	malicious	Unknown	Browse
	http://ehrqt.finances-et-patrimoine.fr/4VCikg8556yVoY96vdmbjlmixn285FTXNWTWGMXONCXH28091QDBM49547Z19	Get hash	malicious	Unknown	Browse
	https://l.facebook.com/l.php?u=https%3A%2F%2Fonlive.ngiktv.com%2Fobituary.php%3Ffbclid%3DIwZXh0bgNhZW0CMTAAYnJpZBExRHlzYnFkaGhFQWpxVmZmOQEeqLSm57mmCzu4bHZKpXWy--hFEoeXPnJiyHuUAX2KT_UO7sQimEnenAYVks4_aem_Rj5q1cGhcZN1TcXQu3kwVA&h=AT3xQ3aAfcDGGOopbuIGZgEwUJAnfwXu9kN_ydY_wZrkltr4ntkjtHLIHYjIOl6VVT8V0fl5NWsV4Uo4l3wctK6JgHJL_Zos_DFpi1LbB4NMrRdYJpvrLzoXXA0leRw59SyD7LiGk8I4bq7B6esICPuM_6UAgNinIug&__tn__=R%5D-R&c%5B0%5D=AT0ycPbhzdQAXFJeEkHZMPM7MPDmsABhFljkRTbuCymLzwvHofePAXxlK9QpvejizAk9GnmPDKl5Kgj9WzSQSjPjKNrYiFRp4he2ql6nqVlGJm9CPFhUedvIWx9qxAXgBM_I9_sqSP60-zMHlPKBv9j_mLtvWVT4Glk3n_ySqJ1jcA	Get hash	malicious	Unknown	Browse
	https://www.mediolanumhotel.com/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	http://clyffordstillmuseum.org	Get hash	malicious	Unknown	Browse
	http://www.dacasahomes.com	Get hash	malicious	Unknown	Browse
104.21.96.1	Setup.exe	Get hash	malicious	ACR Stealer, Amadey, CryptOne	Browse	mi.ultimateamplifier.world/dash/png/index.php
	lFbRD5QqgC.ps1	Get hash	malicious	FormBook	Browse	www.br499339.xyz/cu5u/
	WNOVSOAI.msi	Get hash	malicious	Unknown	Browse	zones-provider10.cfd/c
	F3XwGBAtij.exe	Get hash	malicious	Unknown	Browse	flare-299.shop/c
	rEnv__odedocumento__rdendecompraMAT5465.exe	Get hash	malicious	FormBook	Browse	www.br499339.xyz/gpox/
	Quotation.exe	Get hash	malicious	FormBook	Browse	www.br499339.xyz/gpox/
	quotation.exe	Get hash	malicious	FormBook	Browse	www.br499339.xyz/gpox/?1hU8=moMJD0Z7yQs9Izac2uTeTC9jQoC0ptCZqGWtJx/9u6iFC4M/jjMlpFGwbAgirQ8wDWwAEe1SgkHUENini2QeT+YkDOULABGG0mW2WG04LXnXGZlR1zNDmEU=&-z=rZKtk
	Quotation.exe	Get hash	malicious	FormBook	Browse	www.coininsight.tech/rhz2/
	OYNXZnHEXq.exe	Get hash	malicious	FormBook	Browse	www.eczanem.shop/3ujc/
	Z0N5vD4CcI.exe	Get hash	malicious	FormBook	Browse	www.roastroots.lol/hpwy/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	30000524365985F5PROCESO4H65F4H6G54HH556565451 - Copy (3).vbs	Get hash	malicious	Unknown	Browse	199.232.210.172
	2cqrZoowkb.exe	Get hash	malicious	CobaltStrike	Browse	199.232.210.172
	2cqrZoowkb.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	5GWD8klgXQ.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	cathh3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	199.232.210.172
	Installer.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	7ZSfxMod_x86.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	MeganVPN-letes1.5.5.37.exe	Get hash	malicious	Nitol	Browse	199.232.210.172
	letsvpn-latest.exe	Get hash	malicious	Nitol	Browse	199.232.214.172
	letsvpn-3.12.3.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	199.232.210.172
tradingviewprime.com	RIPblRVBlM.vbs	Get hash	malicious	Unknown	Browse	104.21.96.1
	3dCCf5d3WK.vbs	Get hash	malicious	Unknown	Browse	104.21.48.1
	13.vbs	Get hash	malicious	Unknown	Browse	104.21.32.1
	2IP6zBWMf8.ps1	Get hash	malicious	Unknown	Browse	104.21.96.1
	https://cahasdxca123.com/lander/jdfcxn/13.vbs	Get hash	malicious	Unknown	Browse	104.21.64.1
	3.vbs	Get hash	malicious	Unknown	Browse	104.21.64.1
use.fontawesome.com.cdn.cloudflare.net	http://digital-watchdog.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	104.21.27.152
	http://clyffordstillmuseum.org	Get hash	malicious	Unknown	Browse	104.21.27.152
	http://clyffordstillmuseum.org	Get hash	malicious	Unknown	Browse	104.21.27.152
	https://sownerop.aether-stores.io/login	Get hash	malicious	Unknown	Browse	104.21.27.152
	https://figma.community/	Get hash	malicious	Unknown	Browse	104.21.27.152
	http://track.chanret.com/trackclick.asp?ThreadKey=845eg0cmn&Email=dGd1aWxsZW1vdEBjb25kZW5hc3QuZnI=&url=aHR0cDovL3QuY28vUHhWdUFVbUloaA==	Get hash	malicious	Unknown	Browse	172.67.142.245
	https://share.google/lxvpaPKlq1DBx18Or	Get hash	malicious	Unknown	Browse	172.67.142.245
	https://www.mediolanumhotel.com/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	104.21.27.152
	http://clyffordstillmuseum.org	Get hash	malicious	Unknown	Browse	104.21.27.152
	https://nicolaurosa.superokay.com/share/U2PFMZ8X7KxLrZks_0t40	Get hash	malicious	Unknown	Browse	172.67.142.245
pki-goog.l.google.com	30000524365985F5PROCESO4H65F4H6G54HH556565451 - Copy (3).vbs	Get hash	malicious	Unknown	Browse	142.250.113.94
	Cobalt.dll.dll	Get hash	malicious	Unknown	Browse	142.251.116.94
	Cracked By MR3B.exe	Get hash	malicious	XWorm	Browse	173.194.208.94
	5GWD8klgXQ.exe	Get hash	malicious	Unknown	Browse	173.194.208.94
	cathh3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	173.194.208.94
	Installer.exe	Get hash	malicious	Unknown	Browse	142.250.114.94
	7ZSfxMod_x86.exe	Get hash	malicious	Unknown	Browse	142.251.116.94
	gustreun.exe	Get hash	malicious	Unknown	Browse	142.250.114.94
	AmyDesk.exe	Get hash	malicious	Unknown	Browse	173.194.208.94
	AnyDesk.msi	Get hash	malicious	Unknown	Browse	142.250.115.94

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	new.bat	Get hash	malicious	Koadic	Browse	104.16.230.132
	cathh3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	catbb.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
	prosperff2.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	obiff2.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	linkingff2.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	cEd2CBI4YL.exe	Get hash	malicious	RedLine	Browse	104.26.13.31
	catee.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	StH2kYINe4.exe	Get hash	malicious	Aurotun Stealer, Meduza Stealer, MicroClip	Browse	104.26.12.205
	https://ssa.aldercreativearts.com	Get hash	malicious	ScreenConnect Tool	Browse	172.67.74.152
CLOUDFLARENETUS	new.bat	Get hash	malicious	Koadic	Browse	104.16.230.132
	cathh3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	catbb.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
	prosperff2.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	obiff2.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	linkingff2.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	cEd2CBI4YL.exe	Get hash	malicious	RedLine	Browse	104.26.13.31
	catee.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	StH2kYINe4.exe	Get hash	malicious	Aurotun Stealer, Meduza Stealer, MicroClip	Browse	104.26.12.205
	https://ssa.aldercreativearts.com	Get hash	malicious	ScreenConnect Tool	Browse	172.67.74.152
CLOUDFLARENETUS	new.bat	Get hash	malicious	Koadic	Browse	104.16.230.132
	cathh3.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	catbb.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
	prosperff2.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	obiff2.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	linkingff2.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.80.1
	cEd2CBI4YL.exe	Get hash	malicious	RedLine	Browse	104.26.13.31
	catee.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
	StH2kYINe4.exe	Get hash	malicious	Aurotun Stealer, Meduza Stealer, MicroClip	Browse	104.26.12.205
	https://ssa.aldercreativearts.com	Get hash	malicious	ScreenConnect Tool	Browse	172.67.74.152

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://ssa.aldercreativearts.com	Get hash	malicious	ScreenConnect Tool	Browse	150.171.28.254 172.202.163.200
	tZNYJAO2ub.pdf	Get hash	malicious	Unknown	Browse	150.171.28.254 172.202.163.200
	old.exe	Get hash	malicious	Mimic	Browse	150.171.28.254 172.202.163.200
	001-Notificacion_electronica_demanda_judicial_Departamento_Juridico.js	Get hash	malicious	AsyncRAT, DcRat	Browse	150.171.28.254 172.202.163.200
	old.exe	Get hash	malicious	Mimic	Browse	150.171.28.254 172.202.163.200
	Old2.exe	Get hash	malicious	Mimic	Browse	150.171.28.254 172.202.163.200
	Loader.exe	Get hash	malicious	LummaC Stealer	Browse	150.171.28.254 172.202.163.200
	ZFY_3.0.exe	Get hash	malicious	Stealc v2	Browse	150.171.28.254 172.202.163.200
	Set-up.exe	Get hash	malicious	LummaC Stealer	Browse	150.171.28.254 172.202.163.200
	python310.dll.dll	Get hash	malicious	LummaC Stealer	Browse	150.171.28.254 172.202.163.200

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9038
Entropy (8bit):	7.641166907974247
Encrypted:	false
SSDEEP:	192:nSoe9pi6lPTkYgUWuXcTpyTngV9oBEOQE+uo//5cDcoyy6/Wannbb1l:SlM/YgUWusFx9oBJHo/YcZy6LbZl
MD5:	B7815D4AC98029AF3790437822995F01
SHA1:	80ECD3102A2EBA8C7AE1EA76B33BB807F486F7E2
SHA-256:	5A84AF0681E66A784ECA075E559B4E4DF79E617FF0F12E7B314F09C3849E378D
SHA-512:	D7D8F7D57B3476F517C219496FBEF69D4B740827215F0A1C3D85C820191AAAC136ED6AFEF7F453870801D4155FDF2F9B1C818FDE10BAD518B64272107A53726E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............x......pHYs.................sRGB.........gAMA......a...".IDATx.....].........]e.Y&.Vmw..H]...\...U...R../.d.VU...&.O....V5..m.v7..]A..eP.U..I.l....lp..={.;.......<.y..a......y..<.9!.............................................................................................0.E`G..}..Z..j...lY}...s....]..V?....t.R...?..._...u..~..9,.......^....$A...W..p!....g..?....0\|E...r(....1... ..>.....R.......-.@.E...,...qei.3......{ .H..`.U..U.TaP.E..Z,....K..:..G".T.3.n..(.z{w.....`......R.N.......P..w.j.c..vN.... 5)....W...}M.....!...$...Q.I.N....B.-.....2.@....T+...n...w.u. .FA..........P..V.\|.7.X..P.`DD.u.....g....ve.9.4...!.@.....Eq...M!.FL.PW.`c.......{......@....Y?s.uz...3.& '.`LD.ur....^.=.Ce.)..3.q.t....1......-.....V.H...3.@....Z...K.....0.".I....[...n....0!".I..........$....0..\.!@].....3..B.<..,.ey\|.......S.o...P#.`.D..O.PG...D.4...N.@M..h.!@.......,B.I..5#..y... .jH.@3.....u../.\|"..9......8....,.........HHYtVo_.w.....@....W.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	7797
Entropy (8bit):	7.9660556994590594
Encrypted:	false
SSDEEP:	192:0NhuFSBldcU/IGm/rY+EWPfzJFAawjj3HzK:khsPGmbPwaMzK
MD5:	FF119C000D50A0D39F494183B551650F
SHA1:	2E34C0C8F4D7A0EA1685F731CA30A52FA15BB2CC
SHA-256:	1AEA10C5890091E3837990B941CDB590F8D78159036D3E92D7918DCC43375102
SHA-512:	0C517114C3066251773C0EE939FF94146FA302BF8816CD8A82AB98A788B112F450549256BE1B74308C6BF5692A27869041446F1D3A5A23C55E67420E447BC8F7
Malicious:	false
Reputation:	low
URL:	https://use.fontawesome.com/releases/v5.0.0/css/all.css
Preview:	(./..X,..z#./-.LF...C.k...G.U.."J..v..O...W-CC+{,..8....(.......8...L. ...F....~..Mg.p..u.....8.q..(..=.=.=k.:.=..A)..}3C...'.ha.@.J.o.@OJ.PRNo...N#.I..D..".8$.$+:....z....S..~...@..bS.}a.......6.lU.>...&..g.p..}u..`.......2H.c..l....B1.2.~....v.(%gV............:.U.P.Y.~..d...#......L...~w...y..9....9K....A&...IF...~.5Lh..S.....3.$@.AR... .........[..A./F.s...I...-.$@....X.=..:....`p.+..x@.....y..L_;3.I8.c.....A.J......n.......f..8.[...]...x..(.L.t".......vl..0Sa.v..r....H......`Q..?.]...*..P....d`..m. 0.....g........}.~^b'....\..9..~.h.....iO......Qb..........3.._...#.e.../..d@...~ <..,...A..B.H ..C.(... ....9.@..aD........!a...R.....g... .]....i]....E~C!Li..u..../B....2...fD.......~.4....A.lF....{..p.....t...I....~.A.[gP.....3$.`.B........n....d@..0.....h@.1..CR.....@@.1......32k...($....,`HJ..Y.....Y.c8.C...(0.....ht...........:....<'Ce..;....G..C#.3o.3.0.4gc.........1...wa.V..SdRV....O......'2j-!..,..h.....>.8).w..W...b.6..7...o..J....P....:..

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9038
Entropy (8bit):	7.641166907974247
Encrypted:	false
SSDEEP:	192:nSoe9pi6lPTkYgUWuXcTpyTngV9oBEOQE+uo//5cDcoyy6/Wannbb1l:SlM/YgUWusFx9oBJHo/YcZy6LbZl
MD5:	B7815D4AC98029AF3790437822995F01
SHA1:	80ECD3102A2EBA8C7AE1EA76B33BB807F486F7E2
SHA-256:	5A84AF0681E66A784ECA075E559B4E4DF79E617FF0F12E7B314F09C3849E378D
SHA-512:	D7D8F7D57B3476F517C219496FBEF69D4B740827215F0A1C3D85C820191AAAC136ED6AFEF7F453870801D4155FDF2F9B1C818FDE10BAD518B64272107A53726E
Malicious:	false
Reputation:	low
URL:	https://tradingviewprime.com/lander/tradingview/recaptcha-project-browser-transparent.png
Preview:	.PNG........IHDR..............x......pHYs.................sRGB.........gAMA......a...".IDATx.....].........]e.Y&.Vmw..H]...\...U...R../.d.VU...&.O....V5..m.v7..]A..eP.U..I.l....lp..={.;.......<.y..a......y..<.9!.............................................................................................0.E`G..}..Z..j...lY}...s....]..V?....t.R...?..._...u..~..9,.......^....$A...W..p!....g..?....0\|E...r(....1... ..>.....R.......-.@.E...,...qei.3......{ .H..`.U..U.TaP.E..Z,....K..:..G".T.3.n..(.z{w.....`......R.N.......P..w.j.c..vN.... 5)....W...}M.....!...$...Q.I.N....B.-.....2.@....T+...n...w.u. .FA..........P..V.\|.7.X..P.`DD.u.....g....ve.9.4...!.@.....Eq...M!.FL.PW.`c.......{......@....Y?s.uz...3.& '.`LD.ur....^.=.Ce.)..3.q.t....1......-.....V.H...3.@....Z...K.....0.".I....[...n....0!".I..........$....0..\.!@].....3..B.<..,.ey\|.......S.o...P#.`.D..O.PG...D.4...N.@M..h.!@.......,B.I..5#..y... .jH.@3.....u../.\|"..9......8....,.........HHYtVo_.w.....@....W.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52648, version 1.0
Category:	downloaded
Size (bytes):	52648
Entropy (8bit):	7.996033428788516
Encrypted:	true
SSDEEP:	1536:9eBlxzWRUJTVGP5v267Q1Sk+S2/D8l+8O2:9maeeP5v267Q7w8z
MD5:	657E828FB3A5963706E24CBF9D711BB8
SHA1:	84C08557D977E0A46EC8941B2D84235069DAB229
SHA-256:	45E39853C41558C4922FF1B0895547A99E378F136EC3D9D2F4DF15CC269485FA
SHA-512:	EEBEDF24A2516B860FFA2C9241474157604F8FC2EDC9E3BF3C0A0DDDF3168519F13FC195D48D232ED8F4A5DB1C48EF0563D62B2E2BDCF55F936CBD319AB18E16
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://use.fontawesome.com/releases/v5.0.0/webfonts/fa-brands-400.woff2
Preview:	wOF2.............r....V.........................T.V..f...h..X.6.$..\|..... ....m[.#qB..........v......@(B...............1......T+.....d.2OaAf.j.....b.>.........?2\|/F...PRJ4[ &..b....E......../...q..4`MD.c...-\|.a.q.b..h..m..4....... ..N...?B....k.?.Ja.F7=....u\|....zx..z..L.....ht......:w.-.P..!...Yh..q.=..'aP[........ .d.u......D65...,.HD.6..........8..4...(...V.........Q..../...8@.+J.B..I.L........N...sn.n............&.5.rC0.nc,.X...".0r......D.."F.6........b..._.....q$.c.[.y......../.0..#..$,.?..P......_...J..&...).c^.do...;~.....^...K...........7.[...BN..I.o.8.....{.....K.I#....~w._[e..... ..C@.n*.qd.....]T..Im.....';...."Y.,S$.I.N...6....m.!...;...2.m9E.\..d.=.W...{...S.#...y$T...]G...Bdp^.#.B....@a];.Q}....._.f..Y.I-....!9...].F/a.[.^..0..VMw..@..]...[.......-.~....U..)m....fc..N..-..iI.l]........u.{..k.y....+)X-.+p.V<.19.q.u8...T....n"..u....~..lIj.\..l....Pa$.$....i.....4%.....k.....e...\l9d..d...R.ij..NHRP:..>...s`.\|

Static File Info

General

File type:	HTML document, Unicode text, UTF-8 text
Entropy (8bit):	4.303083025907945
TrID:	HyperText Markup Language (15015/1) 30.02% HyperText Markup Language (12001/1) 23.99% HyperText Markup Language (12001/1) 23.99% HyperText Markup Language (11001/1) 21.99%
File name:	4G1n4pmjH3.html
File size:	13'910 bytes
MD5:	707400fc80c4466466c1f05494ff652b
SHA1:	ff7496bb48687961d3e64c90abadb5681217027b
SHA256:	b56a47d08edf4a0f1b1956e86b7e2b78174022c3b301d520cf15cf612749cee7
SHA512:	a8374323e545d5dc01ae6142a1ecce8cd81a786f2bb5dba1f50a7b3458b66ef69ebc1f0408c646d827e6ae1351d4c7c66b168c811d0bbbf5894466b44c90c9ba
SSDEEP:	192:2dk+6ekLxGLBTUqRg7QpSFp0F0SZV4a4d4PEd5+JwdODinsU6iP:0EFiFsdB5mwdODinsU6iP
TLSH:	3952536B5EB302616977D179279B93043231D0479181CD2E3BDC9204CFD6DD6AAE3BAC
File Content Preview:	<!DOCTYPE html>..<html lang="en">. <head>. <meta charset="utf-8">. .. <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.0/css/all.css"> . <style>. html, body {. margin: 0;.

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 1, 2025 07:52:09.653557062 CEST	49676	443	192.168.2.5	20.189.173.14
Jun 1, 2025 07:52:09.965641975 CEST	49676	443	192.168.2.5	20.189.173.14
Jun 1, 2025 07:52:10.574915886 CEST	49676	443	192.168.2.5	20.189.173.14
Jun 1, 2025 07:52:10.621884108 CEST	49672	443	192.168.2.5	204.79.197.203
Jun 1, 2025 07:52:11.778109074 CEST	49676	443	192.168.2.5	20.189.173.14
Jun 1, 2025 07:52:14.184334040 CEST	49676	443	192.168.2.5	20.189.173.14
Jun 1, 2025 07:52:14.657520056 CEST	49691	80	192.168.2.5	142.250.113.94
Jun 1, 2025 07:52:14.781132936 CEST	80	49691	142.250.113.94	192.168.2.5
Jun 1, 2025 07:52:14.781378984 CEST	49691	80	192.168.2.5	142.250.113.94
Jun 1, 2025 07:52:15.668945074 CEST	49691	80	192.168.2.5	142.250.113.94
Jun 1, 2025 07:52:15.791829109 CEST	80	49691	142.250.113.94	192.168.2.5
Jun 1, 2025 07:52:15.792088032 CEST	49691	80	192.168.2.5	142.250.113.94
Jun 1, 2025 07:52:15.792151928 CEST	49691	80	192.168.2.5	142.250.113.94
Jun 1, 2025 07:52:15.914772034 CEST	80	49691	142.250.113.94	192.168.2.5
Jun 1, 2025 07:52:15.916271925 CEST	80	49691	142.250.113.94	192.168.2.5
Jun 1, 2025 07:52:15.965687990 CEST	49691	80	192.168.2.5	142.250.113.94
Jun 1, 2025 07:52:18.996840000 CEST	49676	443	192.168.2.5	20.189.173.14
Jun 1, 2025 07:52:20.231283903 CEST	49672	443	192.168.2.5	204.79.197.203
Jun 1, 2025 07:52:28.621870995 CEST	49676	443	192.168.2.5	20.189.173.14
Jun 1, 2025 07:52:30.167232037 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:30.167269945 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:30.167332888 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:30.169630051 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:30.169637918 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:30.651838064 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:30.651904106 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:30.743163109 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:30.743184090 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:30.744630098 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:30.900192022 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:30.900240898 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:30.900548935 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:30.902381897 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:30.903712988 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:30.903783083 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.029356003 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.042345047 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173280954 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173320055 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173340082 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173357964 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173371077 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.173391104 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173418045 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.173424959 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173434019 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.173448086 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.173496962 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.173649073 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173672915 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173691988 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173701048 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.173724890 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.173748016 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.173917055 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.173964024 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.178709030 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.215430021 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.215899944 CEST	443	49696	172.202.163.200	192.168.2.5
Jun 1, 2025 07:52:31.215970993 CEST	49696	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:52:31.231729984 CEST	49675	443	192.168.2.5	2.23.227.208
Jun 1, 2025 07:52:31.231761932 CEST	443	49675	2.23.227.208	192.168.2.5
Jun 1, 2025 07:52:31.950571060 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:31.950617075 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:31.950700045 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.036204100 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.036236048 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.365562916 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.365645885 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.396120071 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.396167040 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.396439075 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.396452904 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.396545887 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.396560907 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.397799015 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.397871017 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.399485111 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.399553061 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.399614096 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.402185917 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.402255058 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.534095049 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.534157038 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.534401894 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.534487009 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.534539938 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.535933971 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.535995007 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.538773060 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.580290079 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.669924021 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.670001030 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.670567989 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.670641899 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.670775890 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.670909882 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:32.673186064 CEST	443	49701	150.171.28.254	192.168.2.5
Jun 1, 2025 07:52:32.673264980 CEST	49701	443	192.168.2.5	150.171.28.254
Jun 1, 2025 07:52:34.296751022 CEST	49702	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:52:34.296783924 CEST	443	49702	173.194.208.106	192.168.2.5
Jun 1, 2025 07:52:34.296876907 CEST	49702	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:52:34.297297955 CEST	49702	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:52:34.297306061 CEST	443	49702	173.194.208.106	192.168.2.5
Jun 1, 2025 07:52:34.576963902 CEST	443	49702	173.194.208.106	192.168.2.5
Jun 1, 2025 07:52:34.577037096 CEST	49702	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:52:34.578201056 CEST	49702	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:52:34.578206062 CEST	443	49702	173.194.208.106	192.168.2.5
Jun 1, 2025 07:52:34.578932047 CEST	443	49702	173.194.208.106	192.168.2.5
Jun 1, 2025 07:52:34.623508930 CEST	49702	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:52:37.200936079 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.201044083 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.201344967 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.201929092 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.201951027 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.207752943 CEST	49704	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.207844019 CEST	443	49704	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.207969904 CEST	49704	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.208406925 CEST	49704	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.208434105 CEST	443	49704	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.479335070 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.479443073 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.498295069 CEST	443	49704	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.498409033 CEST	49704	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.552206039 CEST	49704	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.552237988 CEST	443	49704	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.552253008 CEST	49704	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.552258015 CEST	443	49704	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.552530050 CEST	49704	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.552948952 CEST	443	49704	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.553025007 CEST	49704	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.556138039 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.556180000 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.556282043 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.560478926 CEST	49706	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.560525894 CEST	443	49706	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.560631990 CEST	49706	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.563450098 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.563505888 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.563956022 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.563998938 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.564012051 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.564625025 CEST	49706	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.564641953 CEST	443	49706	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.565054893 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.565218925 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.565609932 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.565773964 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.565829992 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.567912102 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.608300924 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.708152056 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.709928989 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.710030079 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.710202932 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.710277081 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.710474968 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.710541010 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.713145018 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.765146017 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.788748980 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.788846970 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.788940907 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.789472103 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:37.789494991 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:37.832097054 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.832174063 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.833292961 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.833301067 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.833446026 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.833452940 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.833570004 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.833574057 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.839148045 CEST	443	49706	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.839221001 CEST	49706	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.839485884 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.839688063 CEST	49706	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.839701891 CEST	443	49706	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.839729071 CEST	49706	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.839735031 CEST	443	49706	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.839761972 CEST	49706	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.839879036 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.839956999 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.840025902 CEST	49708	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.840096951 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.840106964 CEST	443	49708	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.840204000 CEST	49708	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.840475082 CEST	49708	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.840497971 CEST	443	49708	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.840734005 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.842787027 CEST	443	49706	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.842854023 CEST	49706	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.890218019 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.989698887 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.990968943 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.990994930 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.991045952 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.991117954 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.991244078 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.991300106 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:37.991471052 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.993165970 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:37.993226051 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:38.058994055 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.059205055 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.059503078 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.059528112 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.059632063 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.059653044 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.059876919 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.059885979 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.060169935 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.060693026 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.060807943 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.060854912 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.061532021 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.102863073 CEST	443	49708	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:38.103123903 CEST	49708	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:38.103198051 CEST	443	49708	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:38.103472948 CEST	443	49708	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:38.104276896 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.154469013 CEST	49708	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:38.156440973 CEST	49709	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.156531096 CEST	443	49709	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.156613111 CEST	49709	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.157207012 CEST	49709	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.157229900 CEST	443	49709	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.202397108 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.203839064 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.203872919 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.203958035 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.204171896 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.204260111 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.204464912 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.204560041 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.206001997 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.206079006 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.206245899 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.206335068 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.206496000 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.206572056 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.206701994 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.206768036 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.206796885 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.206898928 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.206964016 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.213017941 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:52:38.223045111 CEST	443	49708	104.21.48.1	192.168.2.5
Jun 1, 2025 07:52:38.257066011 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:52:38.272886992 CEST	49708	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:52:38.430274010 CEST	443	49709	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.430362940 CEST	49709	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.431566000 CEST	49709	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.431566954 CEST	49709	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.431601048 CEST	443	49709	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.431642056 CEST	443	49709	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.431665897 CEST	49709	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.431938887 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.432027102 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.432092905 CEST	443	49709	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.432112932 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.432162046 CEST	49709	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.432499886 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.432521105 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.693300962 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.693619013 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.694996119 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.695014954 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.695229053 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.695239067 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.695430994 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.695468903 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.695930958 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.695997953 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.696227074 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.696784973 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.747922897 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.830482960 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.831703901 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.831737041 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.831760883 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.831882954 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.831914902 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.831914902 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.831959009 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:52:38.831971884 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.833067894 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:52:38.833142996 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:53:07.681180000 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:07.681277990 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:07.681428909 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:07.681790113 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:07.681814909 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.107510090 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.107625008 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.110506058 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.110519886 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.111258030 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.112642050 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.112692118 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.112709999 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.113467932 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.113611937 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.114660978 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.155401945 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.253747940 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.295785904 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.385310888 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.385349989 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.385370016 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.385386944 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.385394096 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.385402918 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.385432005 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.385476112 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.385509014 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.385744095 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.385766983 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.385802984 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.385850906 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.385974884 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.391483068 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.391624928 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.398660898 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:08.398904085 CEST	443	49713	172.202.163.200	192.168.2.5
Jun 1, 2025 07:53:08.398952961 CEST	49713	443	192.168.2.5	172.202.163.200
Jun 1, 2025 07:53:16.046430111 CEST	49691	80	192.168.2.5	142.250.113.94
Jun 1, 2025 07:53:16.169286013 CEST	80	49691	142.250.113.94	192.168.2.5
Jun 1, 2025 07:53:16.169466972 CEST	49691	80	192.168.2.5	142.250.113.94
Jun 1, 2025 07:53:19.592706919 CEST	49702	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:53:19.592731953 CEST	443	49702	173.194.208.106	192.168.2.5
Jun 1, 2025 07:53:22.717628002 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:53:22.717691898 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:53:22.998959064 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:53:22.998975039 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:53:23.217674971 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:53:23.217732906 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:53:23.233220100 CEST	49708	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:53:23.233278036 CEST	443	49708	104.21.48.1	192.168.2.5
Jun 1, 2025 07:53:23.842570066 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:53:23.842597008 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:53:35.095561981 CEST	49702	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:53:35.095921040 CEST	443	49702	173.194.208.106	192.168.2.5
Jun 1, 2025 07:53:35.095999002 CEST	49702	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:53:39.095756054 CEST	49708	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:53:39.096534967 CEST	443	49708	104.21.48.1	192.168.2.5
Jun 1, 2025 07:53:39.096652985 CEST	49708	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:53:46.124006033 CEST	49682	443	192.168.2.5	150.171.28.10
Jun 1, 2025 07:54:07.718420029 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:54:07.718482971 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:54:07.999757051 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:54:07.999772072 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:54:08.218331099 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:54:08.218389988 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:54:08.842698097 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:54:08.842731953 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:54:34.297281027 CEST	49717	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:54:34.297307014 CEST	443	49717	173.194.208.106	192.168.2.5
Jun 1, 2025 07:54:34.297425985 CEST	49717	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:54:34.297800064 CEST	49717	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:54:34.297806025 CEST	443	49717	173.194.208.106	192.168.2.5
Jun 1, 2025 07:54:34.560874939 CEST	443	49717	173.194.208.106	192.168.2.5
Jun 1, 2025 07:54:34.561636925 CEST	49717	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:54:34.561665058 CEST	443	49717	173.194.208.106	192.168.2.5
Jun 1, 2025 07:54:34.562426090 CEST	443	49717	173.194.208.106	192.168.2.5
Jun 1, 2025 07:54:34.608494997 CEST	49717	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:54:52.733223915 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:54:52.733270884 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:54:53.014584064 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:54:53.014601946 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:54:53.233315945 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:54:53.233376026 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:54:53.842654943 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:54:53.842719078 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:55:19.576925993 CEST	49717	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:55:19.576940060 CEST	443	49717	173.194.208.106	192.168.2.5
Jun 1, 2025 07:55:35.094522953 CEST	49717	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:55:35.094991922 CEST	443	49717	173.194.208.106	192.168.2.5
Jun 1, 2025 07:55:35.095288992 CEST	49717	443	192.168.2.5	173.194.208.106
Jun 1, 2025 07:55:37.733238935 CEST	49703	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:55:37.733266115 CEST	443	49703	104.21.27.152	192.168.2.5
Jun 1, 2025 07:55:38.030067921 CEST	49705	443	192.168.2.5	104.21.48.1
Jun 1, 2025 07:55:38.030086040 CEST	443	49705	104.21.48.1	192.168.2.5
Jun 1, 2025 07:55:38.248990059 CEST	49707	443	192.168.2.5	104.21.27.152
Jun 1, 2025 07:55:38.249047995 CEST	443	49707	104.21.27.152	192.168.2.5
Jun 1, 2025 07:55:38.858355999 CEST	49710	443	192.168.2.5	104.21.96.1
Jun 1, 2025 07:55:38.858392000 CEST	443	49710	104.21.96.1	192.168.2.5
Jun 1, 2025 07:55:52.868680000 CEST	49677	443	192.168.2.5	20.93.72.182

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 1, 2025 07:52:14.532104015 CEST	61908	53	192.168.2.5	1.1.1.1
Jun 1, 2025 07:52:14.656465054 CEST	53	61908	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:30.029937029 CEST	53	61779	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:30.047756910 CEST	53	50854	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:30.984791040 CEST	53	54664	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:34.172118902 CEST	64625	53	192.168.2.5	1.1.1.1
Jun 1, 2025 07:52:34.172265053 CEST	50983	53	192.168.2.5	1.1.1.1
Jun 1, 2025 07:52:34.295190096 CEST	53	64625	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:34.295243025 CEST	53	50983	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:37.071521044 CEST	59409	53	192.168.2.5	1.1.1.1
Jun 1, 2025 07:52:37.071876049 CEST	51220	53	192.168.2.5	1.1.1.1
Jun 1, 2025 07:52:37.072335958 CEST	58967	53	192.168.2.5	1.1.1.1
Jun 1, 2025 07:52:37.072729111 CEST	58762	53	192.168.2.5	1.1.1.1
Jun 1, 2025 07:52:37.194668055 CEST	53	51220	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:37.194694996 CEST	53	59409	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:37.203499079 CEST	53	58967	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:37.205981016 CEST	53	58762	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:38.024136066 CEST	57685	53	192.168.2.5	1.1.1.1
Jun 1, 2025 07:52:38.024302006 CEST	59216	53	192.168.2.5	1.1.1.1
Jun 1, 2025 07:52:38.154563904 CEST	53	59216	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:38.154623032 CEST	53	57685	1.1.1.1	192.168.2.5
Jun 1, 2025 07:52:48.030148029 CEST	53	49221	1.1.1.1	192.168.2.5
Jun 1, 2025 07:53:06.972101927 CEST	53	65134	1.1.1.1	192.168.2.5
Jun 1, 2025 07:53:12.927118063 CEST	138	138	192.168.2.5	192.168.2.255
Jun 1, 2025 07:53:29.564583063 CEST	53	55240	1.1.1.1	192.168.2.5
Jun 1, 2025 07:53:29.779565096 CEST	53	63270	1.1.1.1	192.168.2.5
Jun 1, 2025 07:53:59.919569969 CEST	53	59158	1.1.1.1	192.168.2.5
Jun 1, 2025 07:54:44.092401981 CEST	53	56907	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 1, 2025 07:52:14.532104015 CEST	192.168.2.5	1.1.1.1	0x9d95	Standard query (0)	c.pki.goog	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:34.172118902 CEST	192.168.2.5	1.1.1.1	0x1585	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:34.172265053 CEST	192.168.2.5	1.1.1.1	0x8fa2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jun 1, 2025 07:52:37.071521044 CEST	192.168.2.5	1.1.1.1	0xf405	Standard query (0)	use.fontawesome.com	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.071876049 CEST	192.168.2.5	1.1.1.1	0xc01e	Standard query (0)	use.fontawesome.com	65	IN (0x0001)	false
Jun 1, 2025 07:52:37.072335958 CEST	192.168.2.5	1.1.1.1	0xc94e	Standard query (0)	tradingviewprime.com	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.072729111 CEST	192.168.2.5	1.1.1.1	0x576e	Standard query (0)	tradingviewprime.com	65	IN (0x0001)	false
Jun 1, 2025 07:52:38.024136066 CEST	192.168.2.5	1.1.1.1	0xcc8e	Standard query (0)	tradingviewprime.com	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:38.024302006 CEST	192.168.2.5	1.1.1.1	0x58f9	Standard query (0)	tradingviewprime.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 1, 2025 07:52:11.877638102 CEST	1.1.1.1	192.168.2.5	0x8266	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:11.877638102 CEST	1.1.1.1	192.168.2.5	0x8266	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:14.656465054 CEST	1.1.1.1	192.168.2.5	0x9d95	No error (0)	c.pki.goog	pki-goog.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 1, 2025 07:52:14.656465054 CEST	1.1.1.1	192.168.2.5	0x9d95	No error (0)	pki-goog.l.google.com		142.250.113.94	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:34.295190096 CEST	1.1.1.1	192.168.2.5	0x1585	No error (0)	www.google.com		173.194.208.106	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:34.295190096 CEST	1.1.1.1	192.168.2.5	0x1585	No error (0)	www.google.com		173.194.208.147	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:34.295190096 CEST	1.1.1.1	192.168.2.5	0x1585	No error (0)	www.google.com		173.194.208.104	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:34.295190096 CEST	1.1.1.1	192.168.2.5	0x1585	No error (0)	www.google.com		173.194.208.99	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:34.295190096 CEST	1.1.1.1	192.168.2.5	0x1585	No error (0)	www.google.com		173.194.208.103	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:34.295190096 CEST	1.1.1.1	192.168.2.5	0x1585	No error (0)	www.google.com		173.194.208.105	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:34.295243025 CEST	1.1.1.1	192.168.2.5	0x8fa2	No error (0)	www.google.com			65	IN (0x0001)	false
Jun 1, 2025 07:52:37.194668055 CEST	1.1.1.1	192.168.2.5	0xc01e	No error (0)	use.fontawesome.com	use.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 1, 2025 07:52:37.194668055 CEST	1.1.1.1	192.168.2.5	0xc01e	No error (0)	use.fontawesome.com.cdn.cloudflare.net			65	IN (0x0001)	false
Jun 1, 2025 07:52:37.194694996 CEST	1.1.1.1	192.168.2.5	0xf405	No error (0)	use.fontawesome.com	use.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Jun 1, 2025 07:52:37.194694996 CEST	1.1.1.1	192.168.2.5	0xf405	No error (0)	use.fontawesome.com.cdn.cloudflare.net		104.21.27.152	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.194694996 CEST	1.1.1.1	192.168.2.5	0xf405	No error (0)	use.fontawesome.com.cdn.cloudflare.net		172.67.142.245	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.203499079 CEST	1.1.1.1	192.168.2.5	0xc94e	No error (0)	tradingviewprime.com		104.21.48.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.203499079 CEST	1.1.1.1	192.168.2.5	0xc94e	No error (0)	tradingviewprime.com		104.21.32.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.203499079 CEST	1.1.1.1	192.168.2.5	0xc94e	No error (0)	tradingviewprime.com		104.21.112.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.203499079 CEST	1.1.1.1	192.168.2.5	0xc94e	No error (0)	tradingviewprime.com		104.21.80.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.203499079 CEST	1.1.1.1	192.168.2.5	0xc94e	No error (0)	tradingviewprime.com		104.21.64.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.203499079 CEST	1.1.1.1	192.168.2.5	0xc94e	No error (0)	tradingviewprime.com		104.21.96.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.203499079 CEST	1.1.1.1	192.168.2.5	0xc94e	No error (0)	tradingviewprime.com		104.21.16.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:37.205981016 CEST	1.1.1.1	192.168.2.5	0x576e	No error (0)	tradingviewprime.com			65	IN (0x0001)	false
Jun 1, 2025 07:52:38.154563904 CEST	1.1.1.1	192.168.2.5	0x58f9	No error (0)	tradingviewprime.com			65	IN (0x0001)	false
Jun 1, 2025 07:52:38.154623032 CEST	1.1.1.1	192.168.2.5	0xcc8e	No error (0)	tradingviewprime.com		104.21.96.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:38.154623032 CEST	1.1.1.1	192.168.2.5	0xcc8e	No error (0)	tradingviewprime.com		104.21.48.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:38.154623032 CEST	1.1.1.1	192.168.2.5	0xcc8e	No error (0)	tradingviewprime.com		104.21.112.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:38.154623032 CEST	1.1.1.1	192.168.2.5	0xcc8e	No error (0)	tradingviewprime.com		104.21.16.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:38.154623032 CEST	1.1.1.1	192.168.2.5	0xcc8e	No error (0)	tradingviewprime.com		104.21.64.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:38.154623032 CEST	1.1.1.1	192.168.2.5	0xcc8e	No error (0)	tradingviewprime.com		104.21.80.1	A (IP address)	IN (0x0001)	false
Jun 1, 2025 07:52:38.154623032 CEST	1.1.1.1	192.168.2.5	0xcc8e	No error (0)	tradingviewprime.com		104.21.32.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

www.bing.com

ax-ring.msedge.net

use.fontawesome.com

tradingviewprime.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.5	49691	142.250.113.94	80

Timestamp	Bytes transferred	Direction	Data
Jun 1, 2025 07:52:15.792151928 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Jun 1, 2025 07:52:15.916271925 CEST	1243	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Sun, 01 Jun 2025 05:31:28 GMT Expires: Sun, 01 Jun 2025 06:21:28 GMT Cache-Control: public, max-age=3000 Age: 1247 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49696	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2025-06-01 05:52:31 UTC	282	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zZ3w7YWrFPxOB31&MD=gulZsSlr HTTP/1.1 host: slscr.update.microsoft.com accept: / user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
2025-06-01 05:52:31 UTC	558	IN	HTTP/1.1 200 OK content-type: application/octet-stream date: Sun, 01 Jun 2025 05:52:30 GMT cache-control: no-cache etag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" expires: -1 last-modified: Mon, 01 Jan 0001 00:00:00 GMT pragma: no-cache content-length: 24490 slsversion: 2.0 ms-correlationid: 7497abf6-5806-45fd-aecc-cf5bc9f363b0 ms-requestid: 6aa74d35-df23-4f05-81b0-71d0246fb3c9 ms-cv: tpCfoXhS90GFk4XF.0 x-content-type-options: nosniff x-microsoft-slsclientcache: 2880 content-disposition: attachment; filename=environment.cab
2025-06-01 05:52:31 UTC	1460	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2025-06-01 05:52:31 UTC	1460	IN	Data Raw: c7 c3 8f 06 b6 24 05 3c f9 2c cb e0 99 86 1a f8 03 ca b3 04 d8 16 f0 f9 32 7f 28 14 e1 08 d8 03 b6 5f ca 00 2c ca e8 4f 1f 06 4e 31 f0 2f 3c 0e 0b 50 12 26 c4 00 85 7e 42 c0 00 c8 0f fa 0d c7 c3 a0 90 23 e5 21 63 33 1e a7 e6 2a f9 c3 ee 4b 69 ce 94 9b 68 c7 7b df ba c7 eb c3 55 b3 50 05 c8 b4 a7 ea a2 5e 5e cd 3a a2 aa 75 43 4b 97 f4 bd 25 ec 55 81 8f 48 6a d4 2b fb 61 52 86 d0 3b 01 14 b0 69 f4 31 7a b6 35 59 f1 51 9b 07 06 22 e9 3b 54 1f 1c 09 53 6c 08 99 9d 74 59 32 ad 33 42 5a f5 2c 05 bf b7 e9 cf 8f 5d 2c 89 c9 8a 5f 6c 65 4c 0c 6d 6a 3f 83 6c b8 bf a3 10 39 92 ad fd bc d8 94 f7 ca 6b ef 90 4b eb 87 76 34 1d 50 f6 0b 7d 4a 62 19 4b 92 ae d4 3f 79 3c 37 e1 2d 6c bc f7 fc 95 94 bd 9c f5 56 86 da 39 b9 b3 67 4c 1a 17 d4 27 59 97 fa bb 03 e7 1b 32 9c 5f Data Ascii: $<,2(_,ON1/<P&~B#!c3*Kih{UP^^:uCK%UHj+aR;i1z5YQ";TSltY23BZ,],_leLmj?l9kKv4P}JbK?y<7-lV9gL'Y2_
2025-06-01 05:52:31 UTC	1460	IN	Data Raw: 99 5f f0 57 d3 49 7b b2 e4 e5 c0 9e f2 e2 b5 17 92 26 2b c1 a3 c2 60 60 5d 36 2c de 60 61 ea e8 98 df 55 7a a8 91 e4 a9 84 e0 3b 6e 95 89 91 fc a7 0f 95 af 35 36 d1 a7 99 9e 88 5e 1c 90 6f 76 55 35 c9 a6 7b 9c 57 31 1c 7d 98 8c a5 d0 5c 66 01 23 08 79 a0 ac fd 28 e3 66 c4 5d bc 06 ed c2 ac 2e 85 85 1d 2c f9 63 f9 ae 62 0a e0 dc fd 65 e4 07 da 27 83 27 db 54 2f 30 4f ab 57 35 d0 e3 25 bc 3a 8a 0f 18 ab 06 65 1d c3 c6 d7 dc 20 e5 92 42 df 59 3a dd 99 b4 1e 33 04 f5 9c 31 69 0f ec 13 9b b8 7c 93 51 3a 5b 90 33 78 d9 c2 f9 a0 e5 54 1d b7 41 12 7c ea 48 f9 8b 32 9d cb 22 59 19 02 65 dd 61 fc 1e b6 2d 6d 85 1b 49 c9 9e 9d a6 e3 15 82 bd e8 4e 07 0a 96 41 09 6c 7a 91 fe 23 c6 ec 81 c3 34 b3 bc bd 6d 1b a2 f9 9d 9a 55 ad 27 0b b3 da 0d 82 7c 98 8d 2d 3b d6 c6 13 Data Ascii: _WI{&+``]6,`aUz;n56^ovU5{W1}\f#y(f].,cbe''T/0OW5%:e BY:31i\|Q:[3xTA\|H2"Yea-mINAlz#4mU'\|-;
2025-06-01 05:52:31 UTC	1460	IN	Data Raw: 2d 5f d0 00 d0 07 f4 72 f6 e6 e8 44 69 fd 25 5f 10 dc 3f 70 f7 40 41 25 f8 69 80 38 20 27 0e a0 36 fd 40 ab 6d 7e e0 7e 60 1f a0 bb cd 0f 54 fd d7 fc c0 df e9 fb c7 c8 07 c3 96 47 48 09 90 7f f5 08 49 7f e5 05 82 72 c3 a4 de 98 91 55 c3 ea 10 ce a3 13 c3 f7 12 97 f6 c4 ce d7 c2 d9 28 f3 83 ce ec 99 14 4b d4 be 03 9e 48 26 e8 06 e4 1c e3 a4 41 09 dd e2 d3 84 db 86 e8 d2 f6 fb 0d f2 bb 63 cb fd 6b 48 cc 83 a9 85 16 0a 62 17 34 a2 dc b2 5c 8e 5a 11 11 25 46 bc 99 aa 15 3b c9 46 0f 5f 5e b9 9a fd a8 03 36 50 d9 0b 10 d7 86 2a ed 8c d3 6e 1f ed e9 f0 96 84 f7 3b dc 1d 9e 09 6e c5 df da 17 74 23 13 af d2 ac 85 dd 4d 74 ea 15 fd 52 cf 64 7f b7 fa f3 19 03 d1 3c 1d f9 9e 49 c6 ae 97 08 66 b1 ba 94 91 c7 2a c7 ee c7 ef 55 45 e4 5e a7 ed 2e 5d 46 59 44 0d 4b 8d 93 Data Ascii: -_rDi%_?p@A%i8 '6@m~~`TGHIrU(KH&AckHb4\Z%F;F_^6Pn;nt#MtRd<IfUE^.]FYDK
2025-06-01 05:52:31 UTC	1460	IN	Data Raw: f4 d2 5b 0d c4 46 f4 08 0d 64 b7 dd 0e 23 c4 4a be c6 2c 08 e4 15 96 43 0e 90 12 6e 83 93 e4 22 73 bf 9c 43 a3 72 7e 18 32 1c 87 83 10 55 1d 3d 13 70 78 a0 df ea 3e bc 8f 9c f3 c9 cd b2 63 9f 56 68 27 2f ce f2 f7 d1 be 1e 37 ef db 07 4d 38 19 d3 72 07 4b 21 bd e4 5a 22 2f df 9c d9 42 cd 28 ce 46 7d 02 5e c0 3a 7d 59 8f ba 2b d9 8a 6a ee ee 00 2f 1d b9 28 fd 40 78 e3 bc e0 27 36 dd fd 43 d9 6a 3e 0d 73 ca 91 ee 0f 3d a6 1a b5 25 8c d1 15 8a d7 f8 93 2e 54 ac df 56 e1 7f ed 19 54 17 27 34 90 14 e3 70 8c 6c 7f ff 7e 4f 51 14 1e 4e 05 72 47 b2 4d 89 4e f9 67 77 f4 77 a9 eb f6 50 12 1e aa 0b b0 6d 8f 25 51 7d 17 52 f8 55 b8 68 f5 90 ab 07 5f 36 1f f1 e4 1e e5 fb f3 73 97 9a e6 1d ab bb ee b9 59 5a f2 3c e8 6d 9f be 51 7b 02 c0 7d d8 d6 01 4c 12 85 7b 05 e0 5e Data Ascii: [Fd#J,Cn"sCr~2U=px>cVh'/7M8rK!Z"/B(F}^:}Y+j/(@x'6Cj>s=%.TVT'4pl~OQNrGMNgwwPm%Q}RUh_6sYZ<mQ{}L{^
2025-06-01 05:52:31 UTC	1460	IN	Data Raw: 17 7a 50 e3 3d 37 50 78 c6 9b 00 9e b1 6c 93 1f 64 fc 47 28 e5 6f 7b 2c 3f 66 9c 1b c0 91 91 7f f1 eb 59 11 28 38 61 06 ff bf 92 d0 14 5f 4d 0f e8 d9 e9 00 5a 30 6e 48 2f 23 03 13 4d 57 f0 f8 e5 8d 51 9b 88 0d f9 1d 57 58 98 cf e8 0b 8c f6 eb 9c da ff e4 4a 13 15 29 0c 69 75 94 79 e3 95 50 e5 48 e0 90 99 54 fe c5 90 26 13 97 27 85 89 ed 99 b4 32 69 b3 23 07 e3 9e fb e7 e2 e9 27 ff d9 3c 6e 78 48 c3 3d 4c b0 78 83 47 97 43 99 4b fa 65 6a 2b a5 20 16 23 d3 dd e2 46 1d 6b 79 16 e2 7b e7 3e e7 71 eb 7f c8 e3 4a 49 a0 64 7e e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 ff ab f3 b8 5d a3 0e 92 5e 1d d9 33 07 9d b4 5a 5b 1f 36 94 07 fb 31 44 46 72 24 1d af 77 ba 94 e6 6b df 96 Data Ascii: zP=7PxldG(o{,?fY(8a_MZ0nH/#MWQWXJ)iuyPHT&'2i#'<nxH=LxGCKej+ #Fky{>qJId~qqqqqqqqqqqqqqq]^3Z[61DFr$wk
2025-06-01 05:52:31 UTC	1460	IN	Data Raw: 72 61 74 69 6f 6e 73 20 50 75 65 72 74 6f 20 52 69 63 6f 31 16 30 14 06 03 55 04 05 13 0d 32 33 30 38 32 39 2b 34 35 34 32 33 37 30 1f 06 03 55 1d 23 04 18 30 16 80 14 ad 94 76 8f 83 ad 0e 03 a3 e8 3b b0 d7 34 68 d4 79 3a 7d dc 30 60 06 03 55 1d 1f 04 59 30 57 30 55 a0 53 a0 51 86 4f 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 72 6c 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 70 64 61 74 65 25 32 30 53 69 67 6e 69 6e 67 25 32 30 43 41 25 32 30 32 2e 31 2e 63 72 6c 30 6d 06 08 2b 06 01 05 05 07 01 01 04 61 30 5f 30 5d 06 08 2b 06 01 05 05 07 30 02 86 51 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 65 72 74 73 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 Data Ascii: rations Puerto Rico10U230829+4542370U#0v;4hy:}0`UY0W0USQOhttp://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl0m+a0_0]+0Qhttp://www.microsoft.com/pkiops/certs/Microsoft%20U
2025-06-01 05:52:31 UTC	1460	IN	Data Raw: 6c d5 21 c9 b8 50 68 05 c3 e4 09 c9 bd 51 c9 5f 6d 75 4f 8d 35 30 c5 8c c1 83 b2 1f 93 b5 72 6f d2 44 90 1d ed 7f 13 a9 7d 53 24 9c aa 46 c0 8f c5 c5 be bf c8 55 14 fe 87 35 fe cd d5 7e 02 d2 87 68 00 c9 b8 d7 44 cb 71 db a4 8b b3 e0 0e a6 0b ce 12 7d f6 68 dc c0 91 31 f8 59 2c 2c f5 d5 d1 2e 08 9d 2b 30 6a 6e aa ad 9e 16 4e 27 d0 ba 3b 1a 81 30 43 38 92 87 e1 6c 6f 43 3d 2d 4e 1f 0d 10 c1 f8 fa bc 84 c8 93 c3 9e 47 fc b6 fa d1 2f b6 af 39 3e 9c 3f 1c f1 4d a4 16 d3 0a e2 e7 4e f5 37 88 03 46 8e 1e cc 77 c1 47 d3 44 b7 e4 35 23 db eb 20 cb 2a f5 57 ae 2e 00 3b 6b e6 a3 6e 05 99 70 bb 76 3b d8 3c b4 76 f6 28 15 3a 25 d4 26 a4 08 9f d9 7e 7b 44 8a b7 15 8a c6 c5 78 2a 9d 32 c4 83 7b b9 6e 42 14 99 5d 49 7f 45 99 57 a7 33 77 44 1a ff 47 a3 71 b7 b0 b1 56 8a Data Ascii: l!PhQ_muO50roD}S$FU5~hDq}h1Y,,.+0jnN';0C8loC=-NG/9>?MN7FwGD5# W.;knpv;<v(:%&~{Dx2{nB]IEW3wDGqV
2025-06-01 05:52:31 UTC	1460	IN	Data Raw: 42 06 0a 2b 06 01 04 01 82 37 02 01 0c 31 34 30 32 a0 14 80 12 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 a1 1a 80 18 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 04 82 01 00 3d cd 0e 0a 7b 43 82 69 14 76 9b c2 1b 25 6c 3f 01 d0 b8 bb 6f e9 4d 62 55 f3 7a 5b c4 05 04 2e 09 48 41 fd e9 13 24 1e f0 71 f0 79 9e 8e a7 ea d7 72 49 9f 71 e8 41 4c 0a 8e 69 71 3c 8f e9 56 c5 9d a0 e6 3c df 48 88 1c cf 7f eb a0 34 f3 ff 37 ca 6d 9f c7 86 eb 12 35 0a 45 a5 81 a8 f8 53 6d c6 11 4e ef 37 77 2a 73 bf 08 f9 ee ba 8d b8 48 1a 93 32 44 3a cd 7c 41 2d e3 20 7e 34 a2 7c 2b 93 92 2f 0a 5f 17 c8 65 98 79 74 bb e7 1c 1a e2 6c a4 15 db cf ae 5b 18 f9 9a 82 ab 98 f5 13 93 f3 0f 89 71 a4 2f c0 7e Data Ascii: B+71402Microsofthttp://www.microsoft.com0H={Civ%l?oMbUz[.HA$qyrIqALiq<V<H47m5ESmN7wsH2D:\|A- ~4\|+/_eytl[q/~
2025-06-01 05:52:31 UTC	1460	IN	Data Raw: a3 82 01 1b 30 82 01 17 30 1d 06 03 55 1d 0e 04 16 04 14 ec 97 76 68 29 fe 13 4f cd 74 c6 25 18 f2 00 7c da 7d d7 a7 30 1f 06 03 55 1d 23 04 18 30 16 80 14 d5 63 3a 5c 8a 31 90 f3 43 7b 7c 46 1b c5 33 68 5a 85 6d 55 30 56 06 03 55 1d 1f 04 4f 30 4d 30 4b a0 49 a0 47 86 45 68 74 74 70 3a 2f 2f 63 72 6c 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 72 6c 2f 70 72 6f 64 75 63 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 6c 30 5a 06 08 2b 06 01 05 05 07 01 01 04 4e 30 4c 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 65 72 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 74 30 0c 06 Data Ascii: 00Uvh)Ot%\|}0U#0c:\1C{\|F3hZmU0VUO0M0KIGEhttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z+N0L0J+0>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.5	49701	150.171.28.254	443

Timestamp	Bytes transferred	Direction	Data
2025-06-01 05:52:32 UTC	458	OUT	GET /apc/trans.gif?fcb56c85667cf95d3e6d7dffe46dcc7d HTTP/1.1 host: ax-ring.msedge.net referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 accept-language: en-CH accept-encoding: gzip, deflate, br user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
2025-06-01 05:52:32 UTC	690	IN	HTTP/1.1 200 OK cache-control: no-cache, no-store, must-revalidate content-length: 43 content-type: image/gif last-modified: Sun, 11 May 2025 03:48:58 GMT accept-ranges: bytes etag: 0x0DA2C2C0C44B11E89E6C66FF4F731D7D access-control-allow-origin: * access-control-expose-headers: X-EndPoint, X-FrontEnd, X-UserHostAddress, X-MSEdge-Ref, X-MachineName timing-allow-origin: * x-content-type-options: nosniff x-endpoint: DFW31r5b x-frontend: AFD x-machinename: DFW311000104025 x-userhostaddress: 212.102.41.0 x-cache: CONFIG_NOCACHE x-msedge-ref: Ref A: DD52ECAB6A1D494991E99A31FB924636 Ref B: DFW311000104025 Ref C: 2025-06-01T05:52:32Z date: Sun, 01 Jun 2025 05:52:31 GMT
2025-06-01 05:52:32 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;
2025-06-01 05:52:32 UTC	458	OUT	GET /apc/trans.gif?41daae4991a558c007bc1c761ae255a6 HTTP/1.1 host: ax-ring.msedge.net referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 accept-language: en-CH accept-encoding: gzip, deflate, br user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
2025-06-01 05:52:32 UTC	690	IN	HTTP/1.1 200 OK cache-control: no-cache, no-store, must-revalidate content-length: 43 content-type: image/gif last-modified: Sun, 11 May 2025 03:48:58 GMT accept-ranges: bytes etag: 0x0DA2C2C0C44B11E89E6C66FF4F731D7D access-control-allow-origin: * access-control-expose-headers: X-EndPoint, X-FrontEnd, X-UserHostAddress, X-MSEdge-Ref, X-MachineName timing-allow-origin: * x-content-type-options: nosniff x-endpoint: DFW31r5b x-frontend: AFD x-machinename: DFW311000104025 x-userhostaddress: 212.102.41.0 x-cache: CONFIG_NOCACHE x-msedge-ref: Ref A: 1D775A35A7E142FD983F7A2FA4655B87 Ref B: DFW311000104025 Ref C: 2025-06-01T05:52:32Z date: Sun, 01 Jun 2025 05:52:31 GMT
2025-06-01 05:52:32 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49703	104.21.27.152	443	7028	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-01 05:52:37 UTC	556	OUT	GET /releases/v5.0.0/css/all.css HTTP/1.1 host: use.fontawesome.com sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: text/css,/;q=0.1 sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: style sec-fetch-storage-access: active accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=0
2025-06-01 05:52:37 UTC	934	IN	HTTP/1.1 200 OK date: Sun, 01 Jun 2025 05:52:37 GMT content-type: text/css cache-control: max-age=31556926 etag: W/"e35d9c4ebaea0573df8e4a9505b72eea" last-modified: Fri, 22 Sep 2023 01:44:05 GMT vary: Accept-Encoding age: 1529281 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y%2BnrmYIygNLza6IDdOLdbJtso70ITlOhup4sTM9gdO5epmX4xEdvweWCjkoytwPLQArqx3ZWUjYDZNGNcGL9uXPZ0kvBFfi%2FVRRyjGhVv%2BIbeFfYDFYWe3%2BKQY3nzY1r6hHv7aD0"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 948c722b3a386c4f-DFW content-encoding: zstd alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=122245&min_rtt=122132&rtt_var=25868&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3409&recv_bytes=943&delivery_rate=33054&cwnd=252&unsent_bytes=0&cid=96d2a6e40b05a9c6&ts=247&x=0" content-length: 7797
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: 28 b5 2f fd 04 58 2c f0 00 7a 23 c1 2f 2d f0 4c 46 94 07 a0 43 1c 6b 1b d6 b4 fd 47 b2 55 d4 04 22 4a e3 97 82 8b 76 0c dc 4f 1f f8 0f 57 2d 43 43 2b 7b 2c ff b0 38 bc e3 f0 17 28 03 d9 02 d3 02 91 89 38 b3 9f e9 4c 9b 20 d3 19 99 46 89 1d 99 ce 7e 86 1d 4d 67 cf a9 70 a8 c5 a4 75 de 9a f9 f0 ff 84 38 08 71 0e e2 28 c4 d9 3d 8b 3d 8a 3d 6b cf 3a a8 3d a8 c5 41 29 0e 8a 7d 33 43 df 9a 87 ff 27 14 68 61 7f 40 c9 4a c3 6f 91 40 4f 4a 94 50 52 4e 6f e3 10 ea 9d 4e 23 e5 49 c9 be aa 44 c5 cf 22 8f 38 24 89 24 2b 3a e8 1c a4 0e 7a ac ea cd f0 53 e2 e2 a4 7e 8f 95 98 40 ed df 62 53 e8 7d 61 b1 b5 da a4 c4 a6 fc f2 99 c6 36 ac 6c 55 e2 3e 13 95 9e 26 2e eb 67 b8 70 87 c5 7d 75 c1 e4 60 a1 02 b1 88 b8 a6 b3 32 48 a8 63 a2 d2 6c fb b9 f2 16 42 31 e4 85 32 dd 7e ed Data Ascii: (/X,z#/-LFCkGU"JvOW-CC+{,8(8L F~Mgpu8q(===k:=A)}3C'ha@Jo@OJPRNoN#ID"8$$+:zS~@bS}a6lU>&.gp}u`2HclB12~
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: 8d 65 26 b2 6d a1 df 07 46 af 32 8f bd 14 09 c5 98 c1 72 78 58 84 35 c2 a1 b9 6f 9a f7 58 b9 c3 87 85 7e 6b 83 69 92 85 16 66 ee f0 4a 8c 92 c4 fc 0b 55 49 a2 bf b5 41 72 6f 97 93 a4 57 5d 92 24 2a 21 9b c8 33 a5 bb 1a 4b 74 c1 ce ef da 74 9a b3 df 75 68 09 2e 6b 71 d7 e1 70 92 cc ae 4d ce a3 c1 76 1d 12 ea 81 52 e2 74 db 91 24 14 c7 6d 07 43 09 a4 1d bf 74 ca 8b 24 fb d9 e4 66 bc 5b 55 09 b5 ba d5 75 28 25 54 3f 65 08 03 e7 24 c3 12 49 94 5a 9a c6 2d 13 ac cf 1d 87 a3 2f 47 f9 c3 40 3a b2 2f 52 b1 fe b5 8b 54 6c f6 b3 4c ec 59 36 8b 9c a0 c8 b2 31 7a ac 4c a7 ae 54 fc 74 e5 99 ad c9 7d 65 7f e5 79 6c 9f 34 ca bd 95 0e d5 5f 86 c6 5e 89 fa b1 b2 52 25 ac ac 5c b4 7a 32 3d 45 87 26 36 95 9e a4 2f 22 4b 67 91 a5 27 88 d4 e8 38 e7 be 86 c7 a6 88 35 91 f8 2b Data Ascii: e&mF2rxX5oX~kifJUIAroW]$*!3Kttuh.kqpMvRt$mCt$f[Uu(%T?e$IZ-/G@:/RTlLY61zLTt}eyl4_^R%\z2=E&6/"Kg'85+
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: 1e 4f a5 44 3e bf 3c 57 91 56 3f 9b 6f 61 f3 ec 4c 66 fa 75 3b 11 2c eb 2b 5e cd 3f bf 60 f5 0d e6 af 60 b5 30 85 fe f8 2f f8 41 f9 95 e3 f9 e4 47 a0 35 4a f2 a3 8f 09 ab 16 f9 13 9d ad f0 9f c6 9f 16 a5 7e 6b 50 e3 57 fd a6 f1 23 7e b4 f8 93 e5 3f d0 5b dc 47 d4 6b 03 af 0d 16 68 72 6d b0 68 80 1a 34 58 68 24 21 6e 69 f8 39 70 50 e5 32 ab 4c 8b a1 ac 36 7f e9 d2 79 e9 dc b4 58 5d a6 65 cd dd e1 c9 04 e2 20 f8 49 d7 14 9d 91 7d 12 45 f6 c9 24 87 ff a8 c3 14 e4 90 9e 75 0c 8d 88 88 24 49 92 c6 93 13 40 20 20 78 18 0e c6 a3 b2 85 dd 03 13 80 80 c4 46 a5 b6 20 14 0c 82 20 08 82 80 48 9a c4 56 b1 11 11 05 49 92 14 86 31 91 37 a2 74 4c 7a bc 8b 96 93 30 b6 92 2c af 37 d2 8b dd 45 8f d3 05 99 05 e1 be 6e 69 45 d4 d9 ce 27 06 11 da e5 d5 69 d8 8a 7a 1b 08 dc 2c Data Ascii: OD><WV?oaLfu;,+^?``0/AG5J~kPW#~?[Gkhrmh4Xh$!ni9pP2L6yX]e I}E$u$I@ xF HVI17tLz0,7EniE'iz,
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: 37 1e 6a 01 6c 81 13 4b 5a 2c c3 0d ae 71 af 70 66 a5 97 5d c4 50 a2 b7 3e 57 68 b9 25 cd 78 b8 54 d6 e8 25 8e 4c c4 1e 1d 86 b0 5b 61 ac 63 9c 11 97 6c c7 38 04 f1 ea 38 68 74 73 53 e9 a7 98 8b 9d 43 bc 60 20 a4 2f ec e3 53 6e ee 6b b6 3c 7d db d9 ae 1e b3 1c 34 e4 d1 d2 25 ac ff 51 42 a3 02 49 c3 c5 7b 37 0a 70 96 0e 51 e9 1e f2 a4 a8 05 ec 11 c3 6d 3e 84 2f ad c5 62 5c da 8c 0e f0 a7 b6 f5 34 55 18 a8 e3 cc 02 44 38 72 1a 5b 16 34 2f f8 a5 93 a8 48 1c d3 18 65 5e b5 9d c4 5e 83 10 1f 94 71 92 3b c8 29 6e 82 63 f2 29 46 a4 7f a1 50 a8 15 18 c8 48 94 26 7b 4d 0f f7 ac cd 28 e6 9d b8 1d ac 0b d2 64 76 d5 d4 d2 66 ec ba fe b9 30 46 40 82 68 5f 11 d8 96 a1 dc 30 52 c8 0a 0d aa 40 ce 1a 63 d8 10 d9 1e f2 ca 95 1b 8c 3e b5 88 61 68 41 97 b2 c9 c8 b2 5e 43 29 Data Ascii: 7jlKZ,qpf]P>Wh%xT%L[acl88htsSC` /Snk<}4%QBI{7pQm>/b\4UD8r[4/He^^q;)nc)FPH&{M(dvf0F@h_0R@c>ahA^C)
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: 2b d4 79 db 90 8b da 5c 65 d4 8c 72 ad fb a3 cc e0 67 76 e1 77 9c d1 b2 cb da 1d d1 03 68 22 e9 3b 21 fb 93 d8 6b 8f 65 ea 4b 07 47 b5 1b de 7e 53 a8 8c 10 07 c2 b5 92 9a ce 02 d1 41 57 12 d3 a5 11 7f 78 9f 51 3c fd ae 42 fa a6 15 ae 59 c1 4c 5c bd a3 21 5e 7c 53 71 51 25 93 11 78 60 8e fa d4 90 80 06 b5 72 0b cc 21 c4 43 ec 17 e5 b9 16 0f e8 09 ab cc d9 58 36 86 30 27 98 35 49 1a 5e 5e f6 5b df 48 cd 57 e2 24 f1 9e 11 57 a8 ce cc ce 29 d2 95 b8 cb fb 9b db ba 24 3e 57 bf 46 8b 18 5d 0a 8b 67 7b 67 31 f3 1a 22 de 2b fc 86 57 15 6a a8 00 e0 8b 16 fe 41 07 fd 9c 12 f8 6d 03 8a c6 70 8d 50 6a a3 12 99 69 59 09 f9 57 cd 89 ea 65 57 88 09 03 ec 09 01 f7 d8 55 90 aa 37 ef c6 89 33 6c 42 e7 39 e8 40 26 8d b1 20 a6 02 33 cd cd fd 6a 14 8e f0 d0 3c c0 e4 d1 26 59 Data Ascii: +y\ergvwh";!keKG~SAWxQ<BYL\!^\|SqQ%x`r!CX60'5I^^[HW$W)$>WF]g{g1"+WjAmpPjiYWeWU73lB9@& 3j<&Y
2025-06-01 05:52:37 UTC	497	IN	Data Raw: 74 a2 11 17 01 5f 89 1e 9f f7 1d 37 5d 52 94 61 3a 56 cb 5c 80 48 db 96 7b be 78 1c 96 e4 47 dd e3 fc 12 d1 53 6f 9e e1 ef f7 1c 9b ae 81 a0 11 27 b8 9e bf c2 bd c3 9b 9e 79 05 85 f2 80 09 2b 1a 87 f4 9b 07 ef 93 5c 94 17 22 a9 8c 24 91 b6 77 d1 6c ee ba 2f f5 50 11 b8 26 02 e2 0d 41 12 ab 70 1b a6 d0 39 e7 1d 16 33 00 2c ba 55 54 43 03 95 ee dd b8 c0 0e 8e 37 94 94 82 88 54 f4 f8 65 5a 5d 48 3a 25 cb f2 3c cd 77 af cb 82 86 8b 2a f3 5a cb cf 02 41 f4 25 8a c8 51 8e 0c 51 b4 50 40 40 e7 d1 d2 a5 37 53 59 51 1f e5 f4 87 64 c3 28 25 94 8a 06 58 50 fa ef ec 0b 95 be 2c ac d7 86 97 aa 5f 1d 74 29 8d ef 84 c4 96 49 8b 57 f3 00 eb d4 f1 68 66 46 85 f3 ba 36 f5 00 f3 72 84 45 d1 98 fb 90 c0 6f 40 e9 e6 5c 7b cd 58 5d 9d 33 05 0b 36 29 6c 6f 2e 15 6f 53 73 53 b3 Data Ascii: t_7]Ra:V\H{xGSo'y+\"$wl/P&Ap93,UTC7TeZ]H:%<w*ZA%QQP@@7SYQd(%XP,_t)IWhfF6rEo@\{X]36)lo.oSsS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49705	104.21.48.1	443	7028	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-01 05:52:37 UTC	639	OUT	GET /lander/tradingview/recaptcha-project-browser-transparent.png HTTP/1.1 host: tradingviewprime.com sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: image sec-fetch-storage-access: active accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=1, i
2025-06-01 05:52:37 UTC	738	IN	HTTP/1.1 200 OK date: Sun, 01 Jun 2025 05:52:37 GMT content-type: image/png content-length: 9038 server: cloudflare last-modified: Tue, 25 Mar 2025 12:32:08 GMT nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} etag: "67e2a248-234e" expires: Sun, 08 Jun 2025 18:20:34 GMT cache-control: max-age=864000 access-control-allow-origin: * accept-ranges: bytes age: 214323 cf-cache-status: HIT vary: accept-encoding report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qdxP6QjSAPi5apkasx7%2B%2BGffnGbXPWHQxzcJeNN7fPFJMO6mbpl5mMzDcwsgWjfakUs4QJ%2F8VIC1s8j4BETeFN1eIl1qzh3WDZ4bYa7ZBM%2FbUI6W"}]} cf-ray: 948c722ceb39f063-DFW alt-svc: h3=":443"; ma=86400
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 06 00 00 00 f4 78 d4 fa 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 22 e3 49 44 41 54 78 01 ed dd ff 8f 5d e5 9d d8 f1 e7 dc 99 e1 9b ed ec ac da 5d 65 0b 59 26 d9 56 6d 77 bb c2 48 5d 95 90 aa 5c 87 b6 bf 55 d8 02 cc ba 52 85 e7 2f c0 64 a5 56 55 82 18 8b 26 ec 4f 05 fa 0f d8 96 56 35 d8 a8 1e 2a 6d a5 76 37 f8 a6 5d 41 aa b4 65 50 d5 55 d3 ae 9a 49 81 6c b2 12 c9 04 6c 70 f0 cc 3d 7b 9e 3b f7 82 bf cd f7 fb e5 3c cf 79 bd a4 61 c6 c6 f0 03 d8 f3 79 9f e7 3c e7 39 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDRxpHYssRGBgAMAa"IDATx]]eY&VmwH]\UR/dVU&OV5*mv7]AePUIllp={;<yay<9!
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: aa ee e9 b5 03 c0 6e 15 65 3b a7 cd 81 86 ff f5 04 40 66 da df bc 74 b0 d5 ed 56 f7 fb cb b9 00 b0 47 71 73 60 3c 34 28 f5 08 30 fc 6f 26 00 32 d2 7e ee c3 76 f5 3f d4 f0 07 86 6a f0 84 c0 3d 0f 9c 6d 87 04 19 fe b7 26 00 32 f1 f0 b7 3e 7e b2 bf d3 bf b1 87 79 00 23 35 1b 5a ad 8b bf fe 95 57 9e 0c 09 31 fc 37 26 00 32 f0 d5 6f 5d 7e b6 2c d7 4e 07 80 11 eb 96 e1 74 2a 8f 09 1a fe 9b 13 00 89 8b c3 3f 94 e5 42 00 18 9b 78 7c 70 bd 23 c0 f0 df 9a 00 48 98 e1 0f 4c 4e 7d 23 c0 f0 df 1e 01 90 28 c3 1f 98 bc fa 45 80 e1 bf 7d 02 20 41 0f 7f f3 d2 29 c3 1f a8 87 ee c2 dd 0f 9e 3b 15 6a c0 f0 df 19 01 90 98 38 fc cb 10 8e 07 80 9a 28 42 79 7c d2 11 60 f8 ef 9c 00 48 88 e1 0f d4 d5 24 23 c0 f0 df 1d 01 90 08 c3 1f a8 bb 49 44 80 e1 bf 7b 02 20 01 bd 37 fa 19 fe Data Ascii: ne;@ftVGqs`<4(0o&2~v?j=m&2>~y#5ZW17&2o]~,Nt*?Bx\|p#HLN}#(E} A);j8(By\|`H$#ID{ 7
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: 3f f7 61 db d5 3f 37 58 29 ba c5 91 6f 3f 73 e0 44 67 e1 fa 33 e8 45 40 da e2 0b 87 d6 ca 18 01 9e 14 80 81 c6 06 40 d1 0a 27 02 f4 c5 7b fd dd ab 53 f7 7f fb 99 7d 8b 1b fd 1a 11 90 b6 c1 93 02 6e 09 c0 ba 46 06 40 ef d1 bf 50 3c 12 20 ac 2f f9 c7 7b fd 9d 85 3b 97 b7 fa b5 22 20 7d f1 96 c0 f4 d5 e2 7e b7 04 68 ba 46 06 80 83 7f e8 fb 74 c9 7f 27 ff 90 08 48 df f2 f7 8e 2e ad df 12 10 01 34 57 33 03 a0 28 1e 0a 34 5a 6f 97 ff 16 4b fe 9b 11 01 e9 8b b7 04 e2 51 c2 45 19 76 f5 7b 00 52 d7 b8 00 f0 e8 1f f1 7e 7f 6f 97 ff 36 96 fc 37 23 02 d2 17 8f 12 7e e7 cd 27 8e d8 17 40 13 35 2e 00 ca e0 d8 df 26 fb ec 7e ff f5 bb fc 77 4b 04 e4 a1 f7 a8 a0 08 a0 61 1a 15 00 eb 9b ff 42 3b d0 4c d5 a0 de e9 fd fe ed 10 01 79 88 11 50 96 e5 d3 01 1a a2 51 01 d0 5a 5d Data Ascii: ?a?7X)o?sDg3E@@'{S}nF@P< /{;" }~hFt'H.4W3(4ZoKQEv{R~o67#~'@5.&~wKaB;LyPQZ]
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: 2f ed 5b 00 c1 29 80 29 a9 fe 7f 2d b9 ff cf a8 18 fe b0 33 a9 9f 04 68 05 20 21 45 28 5c fd 33 12 86 3f ec 5c b2 01 e0 10 a0 04 d9 00 c8 08 18 fe b0 3b e9 ae 00 38 04 28 39 dd b2 b4 02 c0 50 19 fe b0 7b e9 bf 0d 90 64 78 fd 2f c3 64 f8 c3 de 24 1b 00 4e 01 4c 4b dc 00 18 60 48 0c 7f d8 bb 74 57 00 9c 02 98 98 f2 87 01 86 c0 f0 87 e1 70 0b 80 b1 68 75 c3 72 80 3d 32 fc 61 78 92 0d 00 c7 00 a7 a5 fa ff b5 1c 60 0f 0c 7f 18 2e 2b 00 8c 85 27 00 d8 0b c3 1f 86 2f dd 00 f0 1e 80 b4 b4 0a 27 00 b2 2b 86 3f 8c 86 15 00 c6 a2 f3 f5 fd 56 00 d8 31 c3 1f 46 47 00 30 0e ae fe d9 31 c3 9f 14 94 45 99 ec 91 f4 c9 06 40 e1 45 40 c9 28 83 27 00 d8 19 c3 9f 84 08 00 d8 98 33 00 d8 3e c3 1f c6 43 00 30 72 65 28 16 03 6c 83 e1 0f e3 93 72 00 78 15 70 3a 6c 00 64 4b 86 3f Data Ascii: /[))-3h !E(\3?\;8(9P{dx/d$NLK`HtWphur=2ax`.+'/'+?V1FG01E@E@('3>C0re(lrxp:ldK?
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: 13 77 fa 57 57 fe f1 a5 3e 0b 21 53 22 80 ad 08 00 e8 6f 0e f4 8d b2 19 e2 fd fe 03 07 0e bc 55 0d c8 c3 21 73 22 80 cd 08 00 08 eb 9b 03 7d a3 cc 5f 15 7a 4f e5 74 bf 7f 3b 44 00 1b 11 00 d0 17 bf 51 4e 4f 4f ff c0 2d 81 fc 0c 96 fc ab ff c7 2f 86 cc ee f7 6f 87 08 e0 56 04 00 dc 2c 1e 1a e4 9b 65 26 9a b4 e4 bf 99 18 01 53 53 53 17 62 0c 05 08 02 00 36 d2 ae 56 03 de 7a f9 e5 97 4f 04 92 d5 5f f2 7f ab 49 4b fe 9b 89 8f c0 ee db b7 ef a2 08 20 2a 42 a2 e2 15 5a f5 a9 1d 60 f4 3a ab ab ab f3 c7 8e 1d 5b 0e 24 21 ae de 54 01 17 4f 7d 6c 07 6e 52 05 d1 d2 e5 cb 97 0f cd cf cf af 04 1a cb 0a 00 6c ad 6d 6f 40 3a 5e 79 e5 95 c3 71 f5 26 18 fe 1b b2 12 40 64 05 00 76 a0 fa c6 b9 dc ed 76 4f 1e 3d 7a f4 74 a0 56 5c f5 ef 9c 95 80 66 b3 02 00 3b 10 ef 25 57 11 Data Ascii: wWW>!S"oU!s"}_zOt;DQNOO-/oV,e&SSSb6VzO_IK *BZ`:[$!TO}lnRlmo@:^yq&@dvvO=ztV\f;%W
2025-06-01 05:52:37 UTC	1460	IN	Data Raw: 67 f8 a7 47 00 ec d0 b8 87 ff 80 08 00 ea ca f0 4f 93 00 d8 81 49 0d ff 01 11 00 d4 8d e1 9f 2e 01 b0 4d 93 1e fe 03 83 08 f0 74 00 30 69 45 51 2c 1a fe e9 9a 0e 6c a9 2e c3 7f 20 46 40 78 fe e3 43 57 d6 66 2e fe fd 5f fd d3 b9 00 30 7e 67 1e 7b ec b1 e3 81 64 59 01 d8 42 dd 86 ff c0 e0 9c 80 3f fe f3 fb 96 1d 1b 0c 8c 53 59 96 2f 79 ce 3f 7d 02 60 13 75 1d fe 03 31 02 be ff d3 5f b9 df bb 03 80 31 3a 79 f4 e8 d1 13 81 e4 09 80 0d d4 7d f8 0f c4 63 83 e3 bb 03 5e 7b e7 81 45 af 12 06 46 cc 8b 7d 32 62 0f c0 2d a4 32 fc 07 62 04 54 9f 8e 4c ff eb 77 5e fc 47 9f 7f fb a9 03 33 1f 07 80 61 4a ed fb 22 5b b3 02 70 83 94 7f 93 9f fd da 17 4e bc fe e7 bf 7d f2 fd 2b 9f 0b 00 43 12 2f 30 0e 19 fe f9 11 00 d7 c8 a1 70 ff e0 f7 ee 5d 38 b7 fc e0 c9 ef 7f 70 77 00 Data Ascii: gGOI.Mt0iEQ,l. F@xCWf._0~g{dYB?SY/y?}`u1_1:y}c^{EF}2b-2bTLw^G3aJ"[pN}+C/0p]8pw
2025-06-01 05:52:37 UTC	278	IN	Data Raw: 43 6c 2e ac 87 01 d7 a8 fe bb 2c 57 57 f4 4b 55 3c fd 30 ac 6f da 5b ba 7c f9 f2 b2 ab 7b 18 1d 01 00 13 10 37 18 56 03 6f ae 1f 06 f7 5e 13 06 39 af 18 c4 61 be 1c af e8 ab 41 ff f3 60 d0 c3 44 09 00 a8 99 fe d3 07 b3 31 0a e2 c7 35 81 10 e3 60 f0 b9 6e e2 a1 3a f1 f5 b8 71 c0 2f c7 01 1f 3f c7 9f 0b 86 3c d4 92 00 80 04 f5 df 73 30 17 43 21 fe 38 06 42 fc ba 1a bc bd 1f c7 68 b8 e6 97 c7 98 d8 76 34 54 ff 9e 38 a8 3f 1d d6 71 98 c7 41 5e ad 58 ac f4 07 7a 18 0c f7 ea f6 c6 8a 67 eb 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: Cl.,WWKU<0o[\|{7Vo^9aA`D15`n:q/?<s0C!8Bhv4T8?qA^Xzg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49707	104.21.27.152	443	7028	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-01 05:52:38 UTC	600	OUT	GET /releases/v5.0.0/webfonts/fa-brands-400.woff2 HTTP/1.1 host: use.fontawesome.com origin: null sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: / sec-fetch-site: cross-site sec-fetch-mode: cors sec-fetch-dest: font referer: https://use.fontawesome.com/releases/v5.0.0/css/all.css accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=4
2025-06-01 05:52:38 UTC	967	IN	HTTP/1.1 200 OK date: Sun, 01 Jun 2025 05:52:38 GMT content-type: font/woff2 content-length: 52648 accept-ranges: bytes access-control-allow-origin: * cache-control: max-age=31556926 etag: "657e828fb3a5963706e24cbf9d711bb8" last-modified: Fri, 22 Sep 2023 01:44:04 GMT vary: Origin, Accept-Encoding age: 300 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mXMCWCK5mU4%2BpLWk3UutiktDSmTpnKXDQja4u5vydMi5hcdnK2cJSPklg5S0DqMQXDiqntN86%2BDcKlJ3wNK5ruy1BVVGKP8S5OGZcaDLQk7Ej8rKbUyNnzNDX6jX25AXu%2Bz4ld6E"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 948c722e4e8d6c6e-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=123303&min_rtt=123280&rtt_var=26040&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3409&recv_bytes=969&delivery_rate=32730&cwnd=251&unsent_bytes=0&cid=de8b254b4e94d3c3&ts=152&x=0"
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 cd a8 00 0b 00 00 00 01 72 cc 00 00 cd 56 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 54 06 56 00 aa 66 0a 85 84 68 83 ed 58 01 36 02 24 03 89 7c 0b 85 00 00 04 20 05 86 2a 07 9c 6d 5b f4 23 71 42 d9 b6 ab 01 a9 1b 03 88 2a bd f3 df 76 89 bf d9 11 db ed 40 28 42 f5 94 99 d1 18 e3 00 80 fd 0a cb fe ff ff e4 a4 31 c6 da 0d dd 10 05 54 2b eb bf f2 1f 82 f3 64 e4 32 4f 61 41 66 82 6a eb 98 0b 0a 13 b4 62 c3 3e 1d f9 b6 ac c7 dd 98 d1 c2 06 3f 32 7c 2f 46 87 9b 83 50 52 2a 4a 34 5b 20 26 88 a9 62 11 99 9d da 45 ad e4 c3 a6 a7 12 a6 fe cc 2f e8 e7 b5 13 71 f1 ae c1 34 60 4d 2a 44 bc 63 1e f8 f7 2d 7c a2 61 ad 71 cf 90 62 86 a4 68 d2 06 6d a9 f5 34 0c 09 0a 8a 12 a4 a0 20 09 12 4e 1b 8a 9b 3f 42 0e df Data Ascii: wOF2rVTVfhX6$\| m[#qBv@(B1T+d2OaAfjb>?2\|/FPRJ4[ &bE/q4`MDc-\|aqbhm4 N?B
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: e7 8a 0e 96 2a a3 92 2a 6a 99 4e f3 d5 5d 49 bb c8 03 54 e8 70 8e 4c c5 c0 fc 1e 56 4b b2 aa cb 1e 64 8c 3d df c9 4a b3 6c 56 a2 59 9b 51 93 16 ae 55 0f 35 0c 0a 97 37 ad a6 da a4 d4 19 f3 16 2c 56 e5 ca c7 22 63 69 35 3f a9 6c a4 3f e4 c3 ab 36 74 13 ff 32 62 b7 72 59 ee cd f0 92 06 dd 92 da 76 e8 8c 73 ae bb 79 75 bf 4b ff 4a fe 1e 3e e1 17 9d 5e 25 83 14 08 b9 90 92 53 52 d3 5e f6 10 a1 f6 24 c9 4a 69 b2 94 2a 57 ab de 44 5d d7 aa 2e fc 04 14 ce 44 2b 51 21 55 67 c0 88 29 5d fb 07 66 5d f9 1c 98 0f 8b 69 af 7c 35 1c 0a 8f a5 23 f3 e2 e0 0c 78 5a 4e 9b 83 05 a6 52 cc db b3 95 d8 82 41 37 6e 68 21 10 b7 e9 98 c1 9c d2 c2 0a 48 6f dc ff 0d 8b 82 e5 44 8a 28 31 7f 91 2e 9a f7 0a ed f1 1c cd 2d 99 4f ce f9 82 1e 3f d0 e7 61 c1 8e f8 f4 20 b2 c5 a0 24 17 ae Data Ascii: *jN]ITpLVKd=JlVYQU57,V"ci5?l?6t2brYvsyuKJ>^%SR^$JiWD].D+Q!Ug)]f]i\|5#xZNRA7nh!HoD(1.-O?a $
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: e0 ab 17 f0 28 d2 07 8f 21 fd 83 a3 01 c0 0b 40 06 07 1a c2 d0 6e 18 f0 0a 90 11 78 15 c8 f8 d0 68 12 43 b6 29 0c 34 0d f8 14 c8 cc e8 35 87 71 db 3c e0 1b 20 0b 23 b7 88 81 96 f0 f8 b2 fc f3 33 10 f8 0d c8 07 30 c8 47 98 08 f2 19 fe 05 f9 4a 41 be 51 81 e4 3b 15 4c 7e 50 61 e4 27 15 45 fe 51 d1 34 01 2a 8d 26 48 a5 d3 84 a8 0c 9a 30 95 49 13 a5 b2 69 62 54 0e 4d 9c 2a a0 49 50 c5 34 49 aa 8c 26 45 55 d1 a4 a9 1a 9a 3c 55 4f 53 a0 5a 68 8a 54 17 4d 89 ea a4 29 8f 99 54 00 b3 d2 54 61 5b da 2a 78 10 6d 35 3c 8c b6 06 9e 05 da 5a f8 18 68 eb 86 6c eb 01 d7 a0 6d 80 1f 80 b6 f1 1e 0a 54 8e a2 38 c0 46 31 0c 68 97 c0 81 54 94 c6 81 69 28 83 03 8b 50 16 07 85 20 0b b4 fc 4f ff 1f 41 7d 00 80 f7 61 17 27 1d 99 f1 fe 3a 43 ec 51 94 bd 79 34 50 f0 0f bf 13 2e c6 Data Ascii: (!@nxhC)45q< #30GJAQ;L~Pa'EQ4&H0IibTMIP4I&EU<UOSZhTM)TTa[*xm5<ZhlmT8F1hTi(P OA}a':CQy4P.
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 50 87 41 b3 bb 8e 99 d6 a2 5e 59 5f 09 9d fc e3 9d 97 1f ea 95 bd a3 81 ca f9 cd b3 bb e3 fa e0 08 2b 55 f1 b9 81 5c 44 30 7b 12 79 a4 c5 cc ac 85 5a 36 3d 43 22 cc f9 c9 69 a8 da a3 d6 c0 f6 2e d5 91 5f 16 de 6b 4f ec 9a e8 30 79 7b d5 7b eb 6d e8 5c 06 8f bb dc c1 3a b3 bd d4 af 44 c3 64 90 f6 e2 fe b9 f0 2f 9d 7b 6f 07 b9 b0 32 2e f7 36 df 6b 56 a9 e2 d6 c0 34 ff a2 96 dc f1 ca 24 9b 8b 9e 34 a4 2a e1 ee ff 47 06 24 bf 6a 88 b4 aa c5 2f c0 0c 9d 94 81 27 56 07 1a 3c 0f 33 a5 bc 18 81 a7 f5 c0 18 5f 29 e6 0a 5f e1 4b c3 89 90 a3 4e 21 69 33 6a 3c e7 d5 79 4a 7b 39 c2 49 12 f1 a8 1d c2 f3 66 51 37 71 46 c3 8b 3c e1 98 df 14 26 b1 e6 28 5d 5b e9 75 9f 65 ca 2d 60 c8 b6 fd 9c 54 c7 f4 50 69 cd 55 44 33 c9 ad 23 05 51 4b 90 4a 99 9e ff 60 d7 87 6e 9d 66 68 Data Ascii: PA^Y_+U\D0{yZ6=C"i._kO0y{{m\:Dd/{o2.6kV4$4*G$j/'V<3_)_KN!i3j<yJ{9IfQ7qF<&(][ue-`TPiUD3#QKJ`nfh
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 95 58 77 72 23 0e d7 e8 55 8c 59 be 61 12 8b 6f dc 08 06 07 8a 6b 39 89 62 7d d6 59 39 14 a6 52 39 df 5d 3f 90 56 16 a1 ac 19 43 b0 02 96 9d 59 c1 07 5b ff fc 82 98 5b d5 56 d7 bc 55 b6 a5 b1 15 24 90 df 46 d9 93 00 8e 54 2d a6 d2 e8 48 d1 23 f3 61 80 e7 fc 90 36 63 3f 50 48 e2 07 1e 6b ec 25 da af a2 e0 20 dd 8f ef 53 cf c9 6e 15 39 c0 89 f6 5d b2 51 93 68 0c da 16 e6 41 e5 15 db 82 42 88 69 55 6e 5f fd e2 1e d1 6f cf 90 63 ea 48 96 b7 89 0e 70 ba f1 70 cd 54 75 c0 5a ee 39 9f c5 4e 4e 22 78 64 49 8d 90 81 c7 7e 45 33 ba 85 89 e8 d4 9d 13 44 c7 f0 16 41 8e e8 3a e4 e8 b2 da ad f8 61 60 8e 95 f8 49 3a de 02 71 66 16 79 27 26 47 61 7b 9f 0d 71 24 03 f6 a2 61 da 20 7c 6f e8 d3 51 f7 c4 04 e3 ed fa 95 bd b4 51 bd 1f c7 b9 c1 7c c5 28 34 1e c5 8e 7a 0b 6c dd Data Ascii: Xwr#UYaok9b}Y9R9]?VCY[[VU$FT-H#a6c?PHk% Sn9]QhABiUn_ocHppTuZ9NN"xdI~E3DA:a`I:qfy'&Ga{q$a \|oQQ\|(4zl
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: a1 83 1f de 37 d7 fe 60 9c b7 0f 0e 50 11 4a d7 65 91 66 2b c7 fb 7c d2 d3 69 a6 08 9e 5e bf 47 5d 9c a6 5e ef de 22 3c 56 41 ed 7f 74 cc 5c ba 6e 90 e1 f1 f6 01 5c ff a9 f7 63 00 50 79 45 f4 ad 7e e1 7d eb 3f 72 17 7b 9c 3d 98 3e 95 37 c7 f5 d6 18 60 d6 8a 73 d9 d7 8f 4b 78 33 6e 65 dd e9 14 9a 33 32 77 22 20 83 c6 8a 4c ec 7d f8 de 3b af 85 9d 95 f2 e0 73 9b 1a 0d 31 cd 52 d4 9f 7f e3 f3 f7 cc 98 b9 58 aa 57 b8 62 db f8 f3 d8 42 a1 62 38 83 c3 2b 33 f1 fe 77 e9 b2 12 77 17 b9 48 8d ca df f3 91 ee 6a 53 04 15 e4 27 06 95 76 dc 9a d9 c5 da b8 83 e0 f1 5d dd 8a 23 ce 81 ed f6 be f3 8d 3a d3 03 ae 2c f8 e9 7a f7 72 1e eb 35 3c 32 a5 8b 9d 3f 91 a3 27 c8 9d b6 f5 f6 fb bf 79 6d bf 5b 97 57 27 e4 3c ad 00 f7 1f 6e c2 54 e4 3d 9f 32 e9 9a 39 92 e7 08 b3 62 1e Data Ascii: 7`PJef+\|i^G]^"<VAt\n\cPyE~}?r{=>7`sKx3ne32w" L};s1RXWbBb8+3wwHjS'v]#:,zr5<2?'ym[W'<nT=29b
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 05 87 c0 d4 f5 8b bd 67 b8 26 6d 7d 73 cc d3 a8 6b 1b 42 43 83 f7 9e cf dd c3 9c d8 7b 13 f2 28 75 0b d1 18 39 d9 15 2a ec e2 38 b1 11 18 84 2c 63 96 7c d5 d9 06 8f bc 1b 4f b7 26 da 3e fb 2a d7 3a 5a 4b ce 5d 29 73 66 45 52 c6 58 3f 9e 2f 29 4a 1a 98 2b e1 e7 0a 17 1b da 77 bb ac 73 47 86 4a d3 4b 5f fe 15 ce 59 de 00 de b4 18 4a 4e c5 3e 99 e0 91 ad 4c d1 92 bb bf 9a 26 2c 57 e8 e0 a3 e5 2e 2f 4c 23 e2 02 6a a4 18 8a 59 62 1a 2d 8e 17 b2 91 cb eb e4 0c 6a 97 2e 71 94 1d e5 f5 95 77 b2 d2 a4 2c 03 54 16 9d 3e 8d 1e 4c 4f 96 2c 14 2a 5e 7a 96 6e 71 0b f8 8a 9d 09 2f c0 18 f8 53 77 27 44 af 6f 9c 58 3e fc 7b fb af 72 a2 5d 4c a3 64 46 66 76 06 4f f2 77 42 7f dc ec 2a 6a 6c be 68 8e 4a eb da ad f0 17 fe a7 16 21 d3 a1 23 08 2c 07 7e 3c 4c 8a b1 ca 19 54 4a Data Ascii: g&m}skBC{(u98,c\|O&>:ZK])sfERX?/)J+wsGJK_YJN>L&,W./L#jYb-j.qw,T>LO,^znq/Sw'DoX>{r]LdFfvOwBjlhJ!#,~<LTJ
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 4c e0 b3 7d 46 c2 23 63 cc 0a 90 0a 77 f4 25 d6 3c 96 97 34 1d 2a 1f 9d b3 eb 13 71 b7 ae 9d 2b 98 b6 b3 e7 c3 d9 d0 39 5f 36 3c 77 e7 07 d3 15 4f 69 cb e4 47 61 46 7b e2 6c df af 67 e5 47 95 dd 85 77 3d 2f c6 44 49 e4 67 98 9d 96 b6 a3 14 e4 e4 fd 1e 20 18 c1 05 d4 ea 5c eb 20 fb f4 30 86 f8 34 a8 86 7f 0e c5 70 59 56 31 53 94 1c b3 14 a1 72 cf e5 94 88 90 90 b8 12 08 05 4f a8 41 00 11 06 5b 71 cd d5 32 5b 59 14 3c a1 ec 4b f4 ca 07 54 e4 9b ff ee 11 af 58 26 9c 16 3c db 5a 4e 64 a5 f8 a5 48 35 13 2a 52 63 05 08 05 d7 c1 a7 06 d7 ef a5 83 7f ed 07 30 1e 92 9c 08 cf 67 71 6a 51 62 67 99 99 54 fd 51 85 a1 8c 26 11 bc 75 6f 6b 71 15 f3 b9 b4 15 44 da d1 f7 56 8f 7a b9 fd 23 9d 34 bc 69 ec 06 41 83 3b 1c 3d 4f 3d 93 c8 c8 33 37 21 0b 4f c6 cd e7 22 34 e2 53 Data Ascii: L}F#cw%<4q+9_6<wOiGaF{lgGw=/DIg \ 04pYV1SrOA[q2[Y<KTX&<ZNdH5Rc0gqjQbgTQ&uokqDVz#4iA;=O=37!O"4S
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 82 90 c0 62 9e 0a 41 b9 75 55 e3 48 3d 04 8b b3 b8 c6 86 20 4f 95 b6 9b f2 15 1d 74 8b cc af c0 e3 79 cf 19 49 f2 64 6c bf aa b0 29 9b 8c c2 4f 51 98 a0 20 ac aa 6c d5 a4 a4 84 45 62 46 a0 5b 9c 79 fc 31 30 08 9e 6b 70 f9 6c a7 e2 9c da f6 07 a7 10 33 8b 07 66 64 9c c1 94 07 2f 77 56 f6 a5 3f 92 76 8f 39 a5 bb af fc c8 92 23 fb 7e b4 7d 03 45 2f 74 3f c5 75 7f ad 3a 61 35 3d 2f 50 41 a2 e3 a5 90 d1 58 8a 14 f7 52 6d f7 92 0f 27 46 fb ce 91 e2 be f9 42 f6 c0 3f 5a 1e 9c 0b 3b 69 8b 28 81 0a 04 db d9 a1 11 f5 8c 33 47 93 8b 66 c2 85 aa 5c 4c 0e 1a 9a d6 60 8e 9a e1 56 ca 89 0b c0 fa 0b 32 99 23 7c ee 73 05 b1 c6 78 b4 77 5f 4f 2e 38 08 47 90 d6 45 a1 e4 46 24 ab 0a 6f 2a 28 9c 05 cd c2 98 5e 97 4a 4f 8c af 7f 17 08 47 86 b4 55 14 b5 d5 f6 9b 54 eb e3 5a ab Data Ascii: bAuUH= OtyIdl)OQ lEbF[y10kpl3fd/wV?v9#~}E/t?u:a5=/PAXRm'FB?Z;i(3Gf\L`V2#\|sxw_O.8GEF$o*(^JOGUTZ
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: ba 74 73 cf b0 af 62 09 88 a2 f6 3e 21 39 84 5b 14 a3 36 1e 36 c5 0f 1f a7 86 a0 3d e3 83 ff a9 17 df a3 a9 ef e2 71 c7 9e ae 15 e9 07 7a cb c4 f0 7c dd af a2 83 21 85 4f 9d c8 4b 5a b8 5e 12 ff 11 2e d9 61 f7 0c a5 84 76 23 77 70 3b 90 71 3c a6 f6 3c 0e 92 7b 9d 25 97 c0 63 8e 1f a0 e0 a5 96 4a f8 8c 77 ec 4a a1 1c d8 a3 d8 30 32 53 26 1e cc 25 19 93 46 c2 51 ba d4 6f 96 83 1d 7c a6 9e bd 94 92 26 17 0a 39 ba 10 03 8d 2b ec 98 e5 76 e6 e2 fd e9 c3 0b c5 4d c1 5a 94 56 cc 52 25 c3 1b 7d f3 f3 c3 f0 15 36 90 d7 96 8d ee 1a 9e 40 3d e3 1b b9 6b ad 7a 35 91 3c 01 79 46 2f 5c 77 e8 cf ca 16 91 8c a3 c3 b9 6d ea b3 f7 3f 0e 57 9e 11 9d d9 23 7a bd 43 22 7b 8f 17 06 df a9 b1 f5 d3 95 6f 17 f2 da 4f 30 9e f8 30 6b b9 f8 af e0 0a b6 ba 0c 91 68 13 4b ae 41 0d 75 Data Ascii: tsb>!9[66=qz\|!OKZ^.av#wp;q<<{%cJwJ02S&%FQo\|&9+vMZVR%}6@=kz5<yF/\wm?W#zC"{oO00khKAu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49710	104.21.96.1	443	7028	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-01 05:52:38 UTC	438	OUT	GET /lander/tradingview/recaptcha-project-browser-transparent.png HTTP/1.1 host: tradingviewprime.com user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: / sec-fetch-site: none sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: gzip, deflate, br, zstd accept-language: en-US,en;q=0.9 priority: u=1, i
2025-06-01 05:52:38 UTC	738	IN	HTTP/1.1 200 OK date: Sun, 01 Jun 2025 05:52:38 GMT content-type: image/png content-length: 9038 server: cloudflare last-modified: Tue, 25 Mar 2025 12:32:08 GMT nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} etag: "67e2a248-234e" expires: Sun, 08 Jun 2025 18:20:34 GMT cache-control: max-age=864000 access-control-allow-origin: * accept-ranges: bytes age: 214324 cf-cache-status: HIT vary: accept-encoding report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VkvzZs2vKptoklt5RS2ex3w%2B2VH4XlM0bmPoYtYPCeETD6FjbBCR0m8O1xdio5gpJ%2BxTv6RFKLghEBoLjsmuTr0GH%2FhCcA9xEqLtnMBJBSQr4%2FZt"}]} cf-ray: 948c72324e59f063-DFW alt-svc: h3=":443"; ma=86400
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 00 00 00 02 00 08 06 00 00 00 f4 78 d4 fa 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 22 e3 49 44 41 54 78 01 ed dd ff 8f 5d e5 9d d8 f1 e7 dc 99 e1 9b ed ec ac da 5d 65 0b 59 26 d9 56 6d 77 bb c2 48 5d 95 90 aa 5c 87 b6 bf 55 d8 02 cc ba 52 85 e7 2f c0 64 a5 56 55 82 18 8b 26 ec 4f 05 fa 0f d8 96 56 35 d8 a8 1e 2a 6d a5 76 37 f8 a6 5d 41 aa b4 65 50 d5 55 d3 ae 9a 49 81 6c b2 12 c9 04 6c 70 f0 cc 3d 7b 9e 3b f7 82 bf cd f7 fb e5 3c cf 79 bd a4 61 c6 c6 f0 03 d8 f3 79 9f e7 3c e7 39 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDRxpHYssRGBgAMAa"IDATx]]eY&VmwH]\UR/dVU&OV5*mv7]AePUIllp={;<yay<9!
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: aa ee e9 b5 03 c0 6e 15 65 3b a7 cd 81 86 ff f5 04 40 66 da df bc 74 b0 d5 ed 56 f7 fb cb b9 00 b0 47 71 73 60 3c 34 28 f5 08 30 fc 6f 26 00 32 d2 7e ee c3 76 f5 3f d4 f0 07 86 6a f0 84 c0 3d 0f 9c 6d 87 04 19 fe b7 26 00 32 f1 f0 b7 3e 7e b2 bf d3 bf b1 87 79 00 23 35 1b 5a ad 8b bf fe 95 57 9e 0c 09 31 fc 37 26 00 32 f0 d5 6f 5d 7e b6 2c d7 4e 07 80 11 eb 96 e1 74 2a 8f 09 1a fe 9b 13 00 89 8b c3 3f 94 e5 42 00 18 9b 78 7c 70 bd 23 c0 f0 df 9a 00 48 98 e1 0f 4c 4e 7d 23 c0 f0 df 1e 01 90 28 c3 1f 98 bc fa 45 80 e1 bf 7d 02 20 41 0f 7f f3 d2 29 c3 1f a8 87 ee c2 dd 0f 9e 3b 15 6a c0 f0 df 19 01 90 98 38 fc cb 10 8e 07 80 9a 28 42 79 7c d2 11 60 f8 ef 9c 00 48 88 e1 0f d4 d5 24 23 c0 f0 df 1d 01 90 08 c3 1f a8 bb 49 44 80 e1 bf 7b 02 20 01 bd 37 fa 19 fe Data Ascii: ne;@ftVGqs`<4(0o&2~v?j=m&2>~y#5ZW17&2o]~,Nt*?Bx\|p#HLN}#(E} A);j8(By\|`H$#ID{ 7
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 3f f7 61 db d5 3f 37 58 29 ba c5 91 6f 3f 73 e0 44 67 e1 fa 33 e8 45 40 da e2 0b 87 d6 ca 18 01 9e 14 80 81 c6 06 40 d1 0a 27 02 f4 c5 7b fd dd ab 53 f7 7f fb 99 7d 8b 1b fd 1a 11 90 b6 c1 93 02 6e 09 c0 ba 46 06 40 ef d1 bf 50 3c 12 20 ac 2f f9 c7 7b fd 9d 85 3b 97 b7 fa b5 22 20 7d f1 96 c0 f4 d5 e2 7e b7 04 68 ba 46 06 80 83 7f e8 fb 74 c9 7f 27 ff 90 08 48 df f2 f7 8e 2e ad df 12 10 01 34 57 33 03 a0 28 1e 0a 34 5a 6f 97 ff 16 4b fe 9b 11 01 e9 8b b7 04 e2 51 c2 45 19 76 f5 7b 00 52 d7 b8 00 f0 e8 1f f1 7e 7f 6f 97 ff 36 96 fc 37 23 02 d2 17 8f 12 7e e7 cd 27 8e d8 17 40 13 35 2e 00 ca e0 d8 df 26 fb ec 7e ff f5 bb fc 77 4b 04 e4 a1 f7 a8 a0 08 a0 61 1a 15 00 eb 9b ff 42 3b d0 4c d5 a0 de e9 fd fe ed 10 01 79 88 11 50 96 e5 d3 01 1a a2 51 01 d0 5a 5d Data Ascii: ?a?7X)o?sDg3E@@'{S}nF@P< /{;" }~hFt'H.4W3(4ZoKQEv{R~o67#~'@5.&~wKaB;LyPQZ]
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 2f ed 5b 00 c1 29 80 29 a9 fe 7f 2d b9 ff cf a8 18 fe b0 33 a9 9f 04 68 05 20 21 45 28 5c fd 33 12 86 3f ec 5c b2 01 e0 10 a0 04 d9 00 c8 08 18 fe b0 3b e9 ae 00 38 04 28 39 dd b2 b4 02 c0 50 19 fe b0 7b e9 bf 0d 90 64 78 fd 2f c3 64 f8 c3 de 24 1b 00 4e 01 4c 4b dc 00 18 60 48 0c 7f d8 bb 74 57 00 9c 02 98 98 f2 87 01 86 c0 f0 87 e1 70 0b 80 b1 68 75 c3 72 80 3d 32 fc 61 78 92 0d 00 c7 00 a7 a5 fa ff b5 1c 60 0f 0c 7f 18 2e 2b 00 8c 85 27 00 d8 0b c3 1f 86 2f dd 00 f0 1e 80 b4 b4 0a 27 00 b2 2b 86 3f 8c 86 15 00 c6 a2 f3 f5 fd 56 00 d8 31 c3 1f 46 47 00 30 0e ae fe d9 31 c3 9f 14 94 45 99 ec 91 f4 c9 06 40 e1 45 40 c9 28 83 27 00 d8 19 c3 9f 84 08 00 d8 98 33 00 d8 3e c3 1f c6 43 00 30 72 65 28 16 03 6c 83 e1 0f e3 93 72 00 78 15 70 3a 6c 00 64 4b 86 3f Data Ascii: /[))-3h !E(\3?\;8(9P{dx/d$NLK`HtWphur=2ax`.+'/'+?V1FG01E@E@('3>C0re(lrxp:ldK?
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 13 77 fa 57 57 fe f1 a5 3e 0b 21 53 22 80 ad 08 00 e8 6f 0e f4 8d b2 19 e2 fd fe 03 07 0e bc 55 0d c8 c3 21 73 22 80 cd 08 00 08 eb 9b 03 7d a3 cc 5f 15 7a 4f e5 74 bf 7f 3b 44 00 1b 11 00 d0 17 bf 51 4e 4f 4f ff c0 2d 81 fc 0c 96 fc ab ff c7 2f 86 cc ee f7 6f 87 08 e0 56 04 00 dc 2c 1e 1a e4 9b 65 26 9a b4 e4 bf 99 18 01 53 53 53 17 62 0c 05 08 02 00 36 d2 ae 56 03 de 7a f9 e5 97 4f 04 92 d5 5f f2 7f ab 49 4b fe 9b 89 8f c0 ee db b7 ef a2 08 20 2a 42 a2 e2 15 5a f5 a9 1d 60 f4 3a ab ab ab f3 c7 8e 1d 5b 0e 24 21 ae de 54 01 17 4f 7d 6c 07 6e 52 05 d1 d2 e5 cb 97 0f cd cf cf af 04 1a cb 0a 00 6c ad 6d 6f 40 3a 5e 79 e5 95 c3 71 f5 26 18 fe 1b b2 12 40 64 05 00 76 a0 fa c6 b9 dc ed 76 4f 1e 3d 7a f4 74 a0 56 5c f5 ef 9c 95 80 66 b3 02 00 3b 10 ef 25 57 11 Data Ascii: wWW>!S"oU!s"}_zOt;DQNOO-/oV,e&SSSb6VzO_IK *BZ`:[$!TO}lnRlmo@:^yq&@dvvO=ztV\f;%W
2025-06-01 05:52:38 UTC	1460	IN	Data Raw: 67 f8 a7 47 00 ec d0 b8 87 ff 80 08 00 ea ca f0 4f 93 00 d8 81 49 0d ff 01 11 00 d4 8d e1 9f 2e 01 b0 4d 93 1e fe 03 83 08 f0 74 00 30 69 45 51 2c 1a fe e9 9a 0e 6c a9 2e c3 7f 20 46 40 78 fe e3 43 57 d6 66 2e fe fd 5f fd d3 b9 00 30 7e 67 1e 7b ec b1 e3 81 64 59 01 d8 42 dd 86 ff c0 e0 9c 80 3f fe f3 fb 96 1d 1b 0c 8c 53 59 96 2f 79 ce 3f 7d 02 60 13 75 1d fe 03 31 02 be ff d3 5f b9 df bb 03 80 31 3a 79 f4 e8 d1 13 81 e4 09 80 0d d4 7d f8 0f c4 63 83 e3 bb 03 5e 7b e7 81 45 af 12 06 46 cc 8b 7d 32 62 0f c0 2d a4 32 fc 07 62 04 54 9f 8e 4c ff eb 77 5e fc 47 9f 7f fb a9 03 33 1f 07 80 61 4a ed fb 22 5b b3 02 70 83 94 7f 93 9f fd da 17 4e bc fe e7 bf 7d f2 fd 2b 9f 0b 00 43 12 2f 30 0e 19 fe f9 11 00 d7 c8 a1 70 ff e0 f7 ee 5d 38 b7 fc e0 c9 ef 7f 70 77 00 Data Ascii: gGOI.Mt0iEQ,l. F@xCWf._0~g{dYB?SY/y?}`u1_1:y}c^{EF}2b-2bTLw^G3aJ"[pN}+C/0p]8pw
2025-06-01 05:52:38 UTC	278	IN	Data Raw: 43 6c 2e ac 87 01 d7 a8 fe bb 2c 57 57 f4 4b 55 3c fd 30 ac 6f da 5b ba 7c f9 f2 b2 ab 7b 18 1d 01 00 13 10 37 18 56 03 6f ae 1f 06 f7 5e 13 06 39 af 18 c4 61 be 1c af e8 ab 41 ff f3 60 d0 c3 44 09 00 a8 99 fe d3 07 b3 31 0a e2 c7 35 81 10 e3 60 f0 b9 6e e2 a1 3a f1 f5 b8 71 c0 2f c7 01 1f 3f c7 9f 0b 86 3c d4 92 00 80 04 f5 df 73 30 17 43 21 fe 38 06 42 fc ba 1a bc bd 1f c7 68 b8 e6 97 c7 98 d8 76 34 54 ff 9e 38 a8 3f 1d d6 71 98 c7 41 5e ad 58 ac f4 07 7a 18 0c f7 ea f6 c6 8a 67 eb 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: Cl.,WWKU<0o[\|{7Vo^9aA`D15`n:q/?<s0C!8Bhv4T8?qA^Xzg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49713	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2025-06-01 05:53:08 UTC	282	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zZ3w7YWrFPxOB31&MD=gulZsSlr HTTP/1.1 host: slscr.update.microsoft.com accept: / user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
2025-06-01 05:53:08 UTC	558	IN	HTTP/1.1 200 OK content-type: application/octet-stream date: Sun, 01 Jun 2025 05:53:08 GMT cache-control: no-cache etag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" expires: -1 last-modified: Mon, 01 Jan 0001 00:00:00 GMT pragma: no-cache content-length: 30005 slsversion: 2.0 ms-correlationid: 062047a3-375a-499f-8a8d-b063bb46e47f ms-requestid: 9f0236e9-f30f-4993-9135-90000c1fdce9 ms-cv: 03yNobMOhE+YK0rq.0 x-content-type-options: nosniff x-microsoft-slsclientcache: 1440 content-disposition: attachment; filename=environment.cab
2025-06-01 05:53:08 UTC	1460	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2025-06-01 05:53:08 UTC	1460	IN	Data Raw: 25 dc 93 6a 9f d2 e0 c1 ea a0 79 31 c4 ab 34 9c e1 43 a8 b3 7e 55 3a 43 6e 5b 8c bc 1c ac b5 c5 db f6 d5 6b 9a 98 b7 61 91 ec 20 ed 8b 6b 6b 17 65 25 d4 6a aa b6 ca 84 bd 36 98 48 0e 5e cd 7c b0 80 4f 8a 29 1a bd 79 0a 95 15 94 2c 8d 46 d3 90 66 2a a1 20 71 50 9b 63 14 ba 66 53 25 93 57 c9 de 70 e3 0a f9 95 e5 f6 30 46 8b 99 e7 52 08 31 34 2a fb 7b 19 1f 7d d2 b0 1d 12 db 90 d7 13 2b 94 d3 2c 24 3c da 5c c7 eb 72 6a b9 b9 58 16 5c 90 d7 e5 cd 92 95 32 0d 6b cf 04 8d 4e 78 08 6b 05 10 2b 3f 35 f1 9b 05 cf 25 b3 f8 b8 80 45 47 a6 3f 98 fb 9d 6d bb 59 60 bf 35 2a 6a 71 da 05 32 46 9c 40 06 81 a2 d0 24 13 09 4e 44 ad c8 6d e0 34 6a 19 a9 18 60 e4 00 e9 b7 1d ae 08 07 c3 31 50 c7 68 68 e8 50 28 40 75 d8 01 17 46 0a 23 66 bd 70 60 ba 6d fe d2 9a c3 39 9c fb a0 Data Ascii: %jy14C~U:Cn[ka kke%j6H^\|O)y,Ff* qPcfS%Wp0FR14{}+,$<\rjX\2kNxk+?5%EG?mY`5jq2F@$NDm4j`1PhhP(@uF#fp`m9
2025-06-01 05:53:08 UTC	1460	IN	Data Raw: 88 13 d2 ca b4 06 b4 39 d4 f9 dc 75 86 ec f8 71 28 61 7c 4c c7 63 c8 ea 15 e7 75 7d 6d 29 70 2a 71 c0 e4 ec e9 97 37 59 2c ef da 63 ae b1 f3 e5 0b 3b cf df 39 d7 39 fa 82 03 6e ce 5d df 9a 7e b1 21 8c f5 e5 b9 a1 86 fb 42 cd 8f 80 65 85 b7 9b da 6d 66 ca ea e3 34 46 3b 0d 3a b7 43 5e 3d 7a 57 67 f5 fc 5c 06 83 b4 c2 d8 63 75 21 29 ed dd c1 86 8d 5d 43 f3 49 fd 3d 76 02 f5 6a 5c 57 4b 0c 0f 16 4c dc ae 2c 6b d6 f7 77 f2 a8 5d 45 e3 67 7b 15 83 04 9a 73 32 62 e8 67 d8 7e c1 4c 27 14 66 da 01 f8 70 cc af 50 49 02 86 a1 cc 11 74 0c 24 7f 15 ad 28 be 9d 40 0c 81 9d a0 c6 02 69 80 3c 40 a6 20 29 90 04 80 7d 78 26 1e ec 70 98 20 80 f0 1b 08 60 00 70 d4 d7 e1 d0 c7 a1 d0 95 43 18 82 b8 25 55 45 8c a6 3c b1 98 db 86 78 7d 26 94 17 d0 3b 82 42 0d 40 0d 50 49 53 4a Data Ascii: 9uq(a\|Lcu}m)p*q7Y,c;99n]~!Bemf4F;:C^=zWg\cu!)]CI=vj\WKL,kw]Eg{s2bg~L'fpPIt$(@i<@ )}x&p `pC%UE<x}&;B@PISJ
2025-06-01 05:53:08 UTC	1460	IN	Data Raw: 9e 4c 48 88 5f 1b 99 a2 79 07 02 1f 96 7e 0e 91 7d ff 94 85 f8 7a 67 50 22 aa 5f 9d b1 ea a1 e7 40 3d e0 af d4 09 80 e0 46 08 01 02 dc 7c 87 51 31 df 61 b4 fc b5 f8 5f f9 9c 7e 37 d4 2e 33 2b bb ab b5 2d 61 e9 d4 86 25 79 97 ff 9e 60 01 ae e6 85 4f 0d 70 27 cb 1c ca cd c6 bb 4c ee e3 f1 e7 bd 04 1a c4 ed 5f ae e6 74 15 34 ce df 79 d8 bc c2 5b 3a 92 70 aa 60 87 34 ac 37 4f 07 1b c3 55 5a 75 15 93 ac 8f 49 e2 e4 eb 89 76 36 16 f0 83 b7 d5 bb 9f 67 2f 58 2c 57 77 4a 51 b7 7d ea c5 74 6c 12 68 7c 96 77 f7 76 81 a8 ad 31 99 b2 9b a5 fe 82 2e a8 87 5d 00 c3 8c c5 2b de 55 90 4a db 4b 20 93 f0 89 59 6d 27 da 83 c9 06 97 5b cf e2 8c 3a da b1 f1 9f 15 df ae f8 48 9f 72 16 a2 76 86 7d ce 3a 98 57 9f df 1b d0 21 92 e5 7e 21 70 a6 89 08 f9 40 7b 4f 81 e4 ad 37 f1 88 Data Ascii: LH_y~}zgP"_@=F\|Q1a_~7.3+-a%y`Op'L_t4y[:p`47OUZuIv6g/X,WwJQ}tlh\|wv1.]+UJK Ym'[:Hrv}:W!~!p@{O7
2025-06-01 05:53:08 UTC	1460	IN	Data Raw: ec 5b ba a1 ad f4 7e b4 36 22 6b 2a 3a ea b1 10 bb 5a d2 82 b3 0d ce 73 7e 0e e7 48 44 3b 1f 73 dd 54 69 30 7d cb f8 b3 28 bf 32 cd a8 91 6d 34 ad bb 0e d6 22 89 e7 eb 96 b3 8a bc 59 04 0a 5e bc 0b 94 99 3b ef f8 9c bb b7 31 08 30 50 61 9f 34 7d fc aa 6a 32 22 64 fa 76 01 58 be a6 de 25 8f 4c df ca 78 6c 2b 26 9a 9a 4a 74 8f a6 d3 ed aa 44 e2 79 8f 57 ad 97 78 47 09 43 fb f6 b2 69 ae fa ed 0e a6 c8 bc 2d 77 e5 1a be 7a c9 bf 7a 38 df 8f 7f 89 5f 71 93 cd f1 3e a1 da 7c 03 1a 34 f3 b5 5b 8e 92 80 7b dc 29 5e 24 de 2a fe 87 0a 59 f2 e5 dc f9 04 df 73 8a c3 c5 46 cd eb bd 03 6e a2 52 ca 4d 3c 42 8a 91 90 5a 49 6b 4e fc c5 eb 6a e7 27 5f d7 d9 92 eb 99 80 dd 9e 5b 65 18 f5 33 5f 86 4c f2 90 bb f6 e7 d2 ac 36 6f 13 62 f5 9b 39 9d 78 c6 6f 1e a6 9f 96 13 48 6b Data Ascii: [~6"k:Zs~HD;sTi0}(2m4"Y^;10Pa4}j2"dvX%Lxl+&JtDyWxGCi-wzz8_q>\|4[{)^$YsFnRM<BZIkNj'_[e3_L6ob9xoHk
2025-06-01 05:53:08 UTC	1460	IN	Data Raw: e0 22 b7 3c 63 7a e6 a3 86 23 e7 30 2c a5 42 31 a2 ae 1d 00 01 77 ff 02 a6 f0 eb 0b 87 ba f9 f4 b0 9c 8b e6 cf 6e 16 c7 b8 4c f1 8c b4 47 9e 54 c6 be 45 47 91 4e 78 c0 25 c3 da 17 f4 70 5a ff 27 b0 83 21 21 a0 e4 ae fa e7 11 5b d1 a2 1b 58 46 ba 4f bb ee 07 59 6e f4 ab 0a 81 03 c1 db 6d e1 39 50 02 d9 13 3a ab 49 21 bc e7 4b f7 77 6a 95 6b 49 fb ce 2e 4c aa 8c 55 4e a9 ed f2 4b ba 33 65 99 89 da 5f 69 11 cd d0 da 26 9d ba bf 75 33 7c 68 ce 52 23 f7 6e bc 71 bd c0 f4 4c 0b 5d 99 f0 e8 ca 66 97 be 7a a9 35 72 a3 de 49 98 95 65 3a c9 e6 ee 0c cd 45 69 a7 49 e7 1e fb 4f 4f 15 f7 a3 06 9f 47 bd ab 57 ad de 78 c8 98 dc 16 dc f3 dc dc 55 83 32 68 7c fe e1 8e ea 62 90 73 ac a2 96 77 af 48 45 bf 78 17 b3 09 a7 a0 ca 83 66 1e 5a d1 e5 90 4f 7e a6 0b 01 21 3a 95 a5 Data Ascii: "<cz#0,B1wnLGTEGNx%pZ'!![XFOYnm9P:I!KwjkI.LUNK3e_i&u3\|hR#nqL]fz5rIe:EiIOOGWxU2h\|bswHExfZO~!:
2025-06-01 05:53:08 UTC	1460	IN	Data Raw: 32 1b 0a 18 02 7a 78 07 ff b7 e4 2c d8 df 5c 0f 2a b6 bb 00 9c 87 d0 82 ba 63 31 84 2a c7 46 98 eb 69 7b ca ce 9c e6 4a 57 82 55 9d 16 93 e4 b5 57 d0 fa 9c 13 8a fb e0 26 aa cb 42 66 b1 8c b9 47 81 8f 78 e3 fb 48 3f d3 f1 e2 b2 3b da 37 b9 e7 72 09 2f 28 74 c5 3e 08 59 00 a5 23 c9 e2 00 24 d9 ad 9f 24 21 fe a8 3a df 1f 25 21 0e a8 2a 9b 7f 22 09 51 ff 59 12 22 01 43 82 45 51 0d 42 bf 2f 09 89 de 9f 4c c9 db 61 c0 ef 3e d3 70 fe f1 53 0b 5c 79 ac ed 1b 14 3c 55 e6 4d a6 39 95 45 ed 70 7c 08 dc 92 bb c1 42 6b e0 27 49 08 37 a7 00 02 f1 4d 12 f2 3a 2b a0 03 08 78 f1 a7 6c c7 af 6c 11 f6 71 b6 48 c2 c1 c2 15 65 9e c7 e2 24 04 13 c0 70 d4 8d da 51 c3 da c6 c2 de fc 1b fb 24 28 0d 00 1c 00 9f 0c c0 21 2d c4 2b f0 af 6b 41 16 01 24 3a 0d 80 44 c3 38 a6 05 59 7f Data Ascii: 2zx,\c1Fi{JWUW&BfGxH?;7r/(t>Y#$$!:%!*"QY"CEQB/La>pS\y<UM9Ep\|Bk'I7M:+xllqHe$pQ$(!-+kA$:D8Y
2025-06-01 05:53:08 UTC	1460	IN	Data Raw: 7c 24 f8 a0 ce fd 7a 40 64 78 d4 ba d0 e2 f2 bf a4 fc f8 e2 50 c0 60 d0 a5 93 cd 3c de 94 69 0f 58 bd 36 18 c4 18 88 b1 82 8a 48 29 e9 2a 82 cf 65 09 86 26 8b dc 0b 7d bc be 1c f4 58 aa f5 29 c8 ea 5a 78 49 52 be 34 5b fd 1e 8f 4e 87 e0 ce 85 57 93 e2 f3 cf 81 d3 11 8f a5 b2 a4 79 d3 68 e4 07 e8 4e 36 bd 4c 8d 0d 77 9b 0b de f5 6b e4 6f e1 7f cd 83 97 50 96 71 e7 35 a7 8f 91 df 93 06 62 9c c9 b1 75 aa 1e 01 c3 a0 d1 c7 1f 72 06 82 e0 58 00 02 d7 0a cd a4 eb a5 3e 5d c7 86 55 ab e9 22 f1 63 09 2d 9d 13 3e 49 38 57 5c d8 83 67 c1 75 c5 48 f3 65 71 9a a2 b0 a6 47 e8 32 13 f5 41 d5 cc 6d 22 a3 c4 bb 85 55 d2 db 8a a2 79 30 ce 1e a7 f3 90 19 ec 12 95 c4 54 46 a6 8f 96 54 04 f3 6d 0c 27 c7 22 b3 1e f0 47 da b5 bb ec 28 a7 bb 79 3e 7f 40 cc 97 48 c3 94 f8 d8 df Data Ascii: \|$z@dxP`<iX6H)*e&}X)ZxIR4[NWyhN6LwkoPq5burX>]U"c->I8W\guHeqG2Am"Uy0TFTm'"G(y>@H
2025-06-01 05:53:08 UTC	1460	IN	Data Raw: 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 a9 9d 26 b6 7a 21 ff 73 7a 7d 44 18 6d a3 7f b8 a4 78 23 38 6f 6b cd 97 ef 3f 75 99 b5 f5 2a e7 7c f9 a2 de ed d8 f1 6e 7b d7 b0 43 9c ac ff 11 e2 94 7d 61 09 b5 51 4e 0f 1b 03 13 b4 e1 92 7e 9e 6b d5 a1 e0 c3 e3 f1 92 12 81 23 1d 9e 5b 8c 83 b9 a6 f2 ce fc 34 44 06 ee 97 6a 1a ad 7a 2a 89 47 bd 67 a2 d1 1b 21 b0 95 e8 29 23 38 98 10 56 c4 12 82 e9 48 03 14 04 7f bf 70 42 b6 d9 b6 04 1b 03 9c 67 15 67 02 d2 9d 6a ae 97 5b 7d 39 7e 4d a2 c1 ac 9f 7c 54 6e 51 8b bf 3d a5 80 c1 91 a9 64 bb 20 52 b5 85 97 b4 95 50 0a 41 6e 51 f1 ca cb 97 e4 bf 2a 74 93 cf a7 ba 48 88 0c 5f 19 af 70 7d 15 f1 9f 24 d6 9c 85 c7 06 de 82 3c 2b c3 8b fc 4e 4e e9 0e fa 79 68 26 98 fa e0 d5 Data Ascii: "0H0&z!sz}Dmx#8ok?u\|n{C}aQN~k#[4DjzGg!)#8VHpBggj[}9~M\|TnQ=d RPAnQtH_p}$<+NNyh&
2025-06-01 05:53:08 UTC	1460	IN	Data Raw: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 55 70 64 61 74 65 20 53 69 67 6e 69 6e 67 20 43 41 20 32 2e 33 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ac 39 80 cb 34 50 ca 26 3f 5d 76 26 ca d3 8c c1 1d 5c eb 30 97 c6 66 86 26 a6 d5 5d 5f 4f cd 80 4c 0f 67 ec 25 0c bb 39 11 3b 6e 86 fd c7 21 27 60 fc 80 7c 01 89 ad e8 6e cd bd d0 47 5f 58 6d 00 3b 46 57 99 7d 16 b3 76 12 8b ca 9d 86 6c 1d 70 9a 69 d4 45 fe ce 72 ea ca ca 94 60 9d 7c 73 Data Ascii: 10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Update Signing CA 2.30"0*H094P&?]v&\0f&]_OLg%9;n!'`\|nG_Xm;FW}vlpiEr`\|s

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6220, Parent PID: 4388

General

Target ID:	0
Start time:	01:52:20
Start date:	01/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7ee090000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7028, Parent PID: 6220

General

Target ID:	2
Start time:	01:52:28
Start date:	01/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,2488983959081157426,10894814468624279180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2232 /prefetch:3
Imagebase:	0x7ff7ee090000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1800, Parent PID: 6220

General

Target ID:	3
Start time:	01:52:30
Start date:	01/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,2488983959081157426,10894814468624279180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3852 /prefetch:8
Imagebase:	0x7ff7ee090000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3264, Parent PID: 4388

General

Target ID:	6
Start time:	01:52:36
Start date:	01/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\4G1n4pmjH3.html"
Imagebase:	0x7ff7ee090000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 4G1n4pmjH3.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

AI Reasoning

Malware Configuration

Yara Signatures

Initial Sample

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6220, Parent PID: 4388

General

Chronological Activities

Analysis Process: chrome.exePID: 7028, Parent PID: 6220

General

Windows Analysis Report
4G1n4pmjH3.html