Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://104.18.42.23

Overview

General Information

Sample URL:http://104.18.42.23
Analysis ID:1467947
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2268,i,10696446724765080427,6992652642255804812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://104.18.42.23" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://104.18.42.23/HTTP Parser: No favicon
Source: http://104.18.42.23/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.42.23
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: global trafficHTTP traffic detected: GET /beacon.js HTTP/1.1Host: performance.radar.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Rl1D+xOmm1rPU1F&MD=6h3hGzNZ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /api/v1/event HTTP/1.1Host: sparrow.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Rl1D+xOmm1rPU1F&MD=6h3hGzNZ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 104.18.42.23Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/styles/main.css HTTP/1.1Host: 104.18.42.23Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://104.18.42.23/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 104.18.42.23Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://104.18.42.23/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: performance.radar.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: www.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: sparrow.cloudflare.com
Source: unknownHTTP traffic detected: POST /api/v1/event HTTP/1.1Host: sparrow.cloudflare.comConnection: keep-aliveContent-Length: 87sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Sparrow-Source-Key: c771f0e4b54944bebf4261d44bd79a1eContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: http://104.18.42.23Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 05 Jul 2024 04:08:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTVary: Accept-EncodingServer: cloudflareCF-RAY: 89e47e514a1ac484-EWRContent-Encoding: gzipData Raw: 38 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 e9 6f 1b 37 16 ff ae bf e2 85 0b 68 25 40 d4 48 b2 7c 44 1a 4d d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8d c4 98 43 4e 49 4a b2 90 f5 ff be e0 1c f2 e8 b0 9b 60 77 51 7d d0 f0 7c 7c c7 ef 1d 64 f8 ea cd fb cb db 4f 37 57 b0 70 99 8c 5a e1 2b 4a 7f 13 29 48 07 d7 57 70 fe 7b 04 a1 9f 80 44 32 6b 67 44 69 fa d9 82 c0 33 d0 92 0b 24 20 99 9a cf 08 2a fa f1 03 89 20 7c f5 1b 2a 2e d2 df 29 7d 22 55 d1 01 38 4e ea fc db 48 5d bc 40 ea e2 1b 48 cd 5d 45 cd 0f 1c 93 f2 90 0a a5 bb 94 16 c8 78 d4 0a 9d 70 12 a3 37 c2 60 e2 e0 fa 06 58 92 a0 b5 a0 b4 03 26 a5 5e 23 87 7f c3 a5 d4 4b 9e 4a 66 30 0c ca 0d ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 1f e8 05 81 a0 9e 58 38 97 53 fc 63 29 56 33 72 a9 95 43 e5 e8 ed 26 47 02 49 d9 9b 11 87 0f 2e f0 8c 4f b7 64 5e a2 f2 2b fd f8 3d bd d4 59 ce 9c 88 65 93 d0 f5 d5 ec 8a cf b1 b1 4f b1 0c 67 c4 e8 58 3b db 58 a8 b4 50 1c 1f 7a a0 74 aa bd 70 07 5b 56 02 d7 b9 36 ae b1 69 2d b8 5b cc 38 ae 44 82 b4 e8 f4 84 12 4e 30 49 6d c2 24 ce 86 25 15 29 d4 3d 18 94 33 62 dd 46 a2 5d 20 3a 02 82 cf 48 92 de 95 43 34 b1 96 c0 c2 60 3a 23 41 c2 15 4d e6 22 28 a7 82 8c 09 d5 2f e6 83 a8 d5 6a 85 36 31 22 77 51 ab 93 2e 55 e2 84 56 9d ee 17 91 76 b8 4e 96 19 2a d7 67 9c 5f ad 50 b9 77 c2 3a 54 68 da ed b5 50 5c af fb bf fe f8 ee ad 73 f9 cf f8 c7 12 ad 6b b7 ff f9 e1 fd 4f e5 7f df 3a 23 d4 5c a4 9b ee 97 15 33 80 b3 2d 6d 56 8e 24 b3 2d fd 39 ba 2b 89 be f9 8f cd 35 ef 10 34 46 1b 9a 22 f2 98 25 f7 d4 2e cd 0a 37 a4 db e3 df b0 a5 80 16 e9 f6 e2 99 c2 35 ec 32 3a 65 b3 2f e8 05 9a 90 7a 07 24 52 24 f7 c8 49 2f 37 3a 47 e3 04 da c9 97 82 ea a5 e6 38 19 0e 06 27 bd 05 ca 3c 5d ca 09 eb ad d0 58 a1 d5 64 f8 f8 38 8d fb 3a 47 d5 21 37 ef 3f dc 92 1e f1 38 b2 93 20 b0 39 33 46 af fb c9 16 cf fd 44 67 01 cb 45 b0 1a 06 c5 f1 a4 3b 8d fb 16 5d c5 d6 5b 64 1c 4d 67 17 c3 3d c2 f2 5c 8a 84 79 dd 05 9f ad 56 cf ec fa 50 9e 47 3f e8 a5 49 90 fe 0b 37 a4 47 92 f3 f3 61 3a c0 71 7c 3a 7e 3d 1e c7 18 a7 e3 d1 d9 90 8f c7 31 3f 7f cd 86 48 ba d3 96 27 a6 78 67 d7 6a 1d d6 ed 4e 93 7e e1 e6 de ec 1e 03 9d ad b6 e8 42 70 8e 9e 13 de 58 62 30 d3 2b 3c b2 ea 71 fa 2c 94 3a e4 cd fb 1f 2b 81 df 69 c6 bd 05 1a 28 f4 40 61 5f 6b 75 d2 ed bd 00 aa 2d 57 f1 d2 39 ad e8 06 ed cb 90 da df a0 34 e9 4e c9 56 5c 22 14 b0 76 bb c3 be 46 03 bd e4 88 e4 05 e4 76 c4 c5 ce ab 41 f7 b1 db e3 5f bb Data Ascii: 831Xo7h%@H|DMu\ic4(CNIJ`wQ}||dO7WpZ+J)HWp{D2kgDi3$ * |*.)}"U8NH]
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 05 Jul 2024 04:08:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTVary: Accept-EncodingServer: cloudflareCF-RAY: 89e47e56dd1c7d26-EWRContent-Encoding: gzipData Raw: 38 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 e9 6f 1b 37 16 ff ae bf e2 85 0b 68 25 40 d4 48 b2 7c 44 1a 4d d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8d c4 98 43 4e 49 4a b2 90 f5 ff be e0 1c f2 e8 b0 9b 60 77 51 7d d0 f0 7c 7c c7 ef 1d 64 f8 ea cd fb cb db 4f 37 57 b0 70 99 8c 5a e1 2b 4a 7f 13 29 48 07 d7 57 70 fe 7b 04 a1 9f 80 44 32 6b 67 44 69 fa d9 82 c0 33 d0 92 0b 24 20 99 9a cf 08 2a fa f1 03 89 20 7c f5 1b 2a 2e d2 df 29 7d 22 55 d1 01 38 4e ea fc db 48 5d bc 40 ea e2 1b 48 cd 5d 45 cd 0f 1c 93 f2 90 0a a5 bb 94 16 c8 78 d4 0a 9d 70 12 a3 37 c2 60 e2 e0 fa 06 58 92 a0 b5 a0 b4 03 26 a5 5e 23 87 7f c3 a5 d4 4b 9e 4a 66 30 0c ca 0d ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 1f e8 05 81 a0 9e 58 38 97 53 fc 63 29 56 33 72 a9 95 43 e5 e8 ed 26 47 02 49 d9 9b 11 87 0f 2e f0 8c 4f b7 64 5e a2 f2 2b fd f8 3d bd d4 59 ce 9c 88 65 93 d0 f5 d5 ec 8a cf b1 b1 4f b1 0c 67 c4 e8 58 3b db 58 a8 b4 50 1c 1f 7a a0 74 aa bd 70 07 5b 56 02 d7 b9 36 ae b1 69 2d b8 5b cc 38 ae 44 82 b4 e8 f4 84 12 4e 30 49 6d c2 24 ce 86 25 15 29 d4 3d 18 94 33 62 dd 46 a2 5d 20 3a 02 82 cf 48 92 de 95 43 34 b1 96 c0 c2 60 3a 23 41 c2 15 4d e6 22 28 a7 82 8c 09 d5 2f e6 83 a8 d5 6a 85 36 31 22 77 51 ab 93 2e 55 e2 84 56 9d ee 17 91 76 b8 4e 96 19 2a d7 67 9c 5f ad 50 b9 77 c2 3a 54 68 da ed b5 50 5c af fb bf fe f8 ee ad 73 f9 cf f8 c7 12 ad 6b b7 ff f9 e1 fd 4f e5 7f df 3a 23 d4 5c a4 9b ee 97 15 33 80 b3 2d 6d 56 8e 24 b3 2d fd 39 ba 2b 89 be f9 8f cd 35 ef 10 34 46 1b 9a 22 f2 98 25 f7 d4 2e cd 0a 37 a4 db e3 df b0 a5 80 16 e9 f6 e2 99 c2 35 ec 32 3a 65 b3 2f e8 05 9a 90 7a 07 24 52 24 f7 c8 49 2f 37 3a 47 e3 04 da c9 97 82 ea a5 e6 38 19 0e 06 27 bd 05 ca 3c 5d ca 09 eb ad d0 58 a1 d5 64 f8 f8 38 8d fb 3a 47 d5 21 37 ef 3f dc 92 1e f1 38 b2 93 20 b0 39 33 46 af fb c9 16 cf fd 44 67 01 cb 45 b0 1a 06 c5 f1 a4 3b 8d fb 16 5d c5 d6 5b 64 1c 4d 67 17 c3 3d c2 f2 5c 8a 84 79 dd 05 9f ad 56 cf ec fa 50 9e 47 3f e8 a5 49 90 fe 0b 37 a4 47 92 f3 f3 61 3a c0 71 7c 3a 7e 3d 1e c7 18 a7 e3 d1 d9 90 8f c7 31 3f 7f cd 86 48 ba d3 96 27 a6 78 67 d7 6a 1d d6 ed 4e 93 7e e1 e6 de ec 1e 03 9d ad b6 e8 42 70 8e 9e 13 de 58 62 30 d3 2b 3c b2 ea 71 fa 2c 94 3a e4 cd fb 1f 2b 81 df 69 c6 bd 05 1a 28 f4 40 61 5f 6b 75 d2 ed bd 00 aa 2d 57 f1 d2 39 ad e8 06 ed cb 90 da df a0 34 e9 4e c9 56 5c 22 14 b0 76 bb c3 be 46 03 bd e4 88 e4 05 e4 76 c4 c5 ce ab 41 f7 b1 db e3 5f bb Data Ascii: 831Xo7h%@H|DMu\ic4(CNIJ`wQ}||dO7WpZ+J)HWp{D2kgDi3$ * |*.)}"U8NH]
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: classification engineClassification label: clean0.win@16/2@10/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2268,i,10696446724765080427,6992652642255804812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://104.18.42.23"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2268,i,10696446724765080427,6992652642255804812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://104.18.42.230%Avira URL Cloudsafe
http://104.18.42.230%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://104.18.42.23/cdn-cgi/styles/main.css0%Avira URL Cloudsafe
https://sparrow.cloudflare.com/api/v1/event0%Avira URL Cloudsafe
https://performance.radar.cloudflare.com/beacon.js0%Avira URL Cloudsafe
http://104.18.42.23/favicon.ico0%Avira URL Cloudsafe
https://sparrow.cloudflare.com/api/v1/event0%VirustotalBrowse
https://performance.radar.cloudflare.com/beacon.js0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sparrow.cloudflare.com
104.18.2.57
truefalse
    		unknown
    www.cloudflare.com
    		104.16.123.96
    		truefalse
      		unknown
      performance.radar.cloudflare.com
      		104.18.30.78
      		truefalse
        		unknown
        www.google.com
        		172.217.23.100
        		truefalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://104.18.42.23/cdn-cgi/styles/main.cssfalse
          • Avira URL Cloud: safe
          		unknown
          http://104.18.42.23/favicon.icofalse
          • Avira URL Cloud: safe
          		unknown
          https://sparrow.cloudflare.com/api/v1/eventfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://104.18.42.23/false
            		unknown
            https://performance.radar.cloudflare.com/beacon.jsfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            104.18.42.23
            		unknownUnited States
            		13335CLOUDFLARENETUSfalse
            104.18.3.57
            		unknownUnited States
            		13335CLOUDFLARENETUSfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            104.18.2.57
            		sparrow.cloudflare.comUnited States
            		13335CLOUDFLARENETUSfalse
            104.18.30.78
            		performance.radar.cloudflare.comUnited States
            		13335CLOUDFLARENETUSfalse
            172.217.23.100
            		www.google.comUnited States
            		15169GOOGLEUSfalse

            Private

            IP
            192.168.2.4

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1467947
            Start date and time:2024-07-05 06:07:27 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 3m 6s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:http://104.18.42.23
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:8
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:CLEAN
            Classification:clean0.win@16/2@10/7
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 142.250.181.227, 64.233.166.84, 216.58.206.46, 34.104.35.123, 93.184.221.240, 192.229.221.95, 142.250.185.99
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtSetInformationFile calls found.

            Simulations

            Behavior and APIs

            No simulations

            LLM Input / Output

            InputOutput
            URL: http://104.18.42.23/ Model: Perplexity: mixtral-8x7b-instruct
            {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title 'Direct IP access not allowed | Cloudflare' does not contain any form of login request.","The text 'Error 1003 Ray I D: 8Se47eS14aIac484  2024-07-05 Direct IP access not allowed What happened? You've requested an IP address that is part of the Cloudflare network. A valid Host header must be supplied to reach the desired website. What can I do? If you are interested in learning more about Cloudflare, please visit our website.' does not create a sense of urgency.","The text does not contain any CAPTCHA or anti-robot detection mechanism.","The text does not contain any explicit request for sensitive information such as passwords, email addresses, usernames, phone numbers or credit card numbers (CVV)."]}
            Title: Direct IP access not allowed | Cloudflare OCR: Error 1003 Ray I D: 8Se47eS14aIac484  2024-07-05 Direct IP access not allowed What happened? You've requested an IP address that is part of the Cloudflare network. A valid Host header must be supplied to reach the desired website. What can I do? If you are interested in learning more about Cloudflare, please visit our website. Was this page helpful? Cloudflare Ray ID: 89e47e514a1ac484  Your IP: Click to reveal  Performance & security by Cloudflare
            URL: http://104.18.42.23/ Model: Perplexity: mixtral-8x7b-instruct
            {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form as there is no explicit request for sensitive information such as passwords, email addresses, usernames, phone numbers or credit card numbers (CVV).","The text does not create a sense of urgency or interest as it only provides information about the error and does not prompt the user to take any action.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}
            Title: Direct IP access not allowed | Cloudflare OCR: Error 1003 Ray I D: 8Se47eS14aIac484  2024-07-05 Direct IP access not allowed What happened? You've requested an IP address that is part of the Cloudflare network. A valid Host header must be supplied to reach the desired website. What can I do? If you are interested in learning more about Cloudflare, please visit our website. Thank you for your feedback! Cloudflare Ray 'D: 89e47e514a1ac484  Your 19:8.46.123.33  Performance & security by Cloudflare

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            Chrome Cache Entry: 43

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:gzip compressed data, from Unix, original size modulo 2^32 8013
            Category:downloaded
            Size (bytes):2176
            Entropy (8bit):7.907971765476445
            Encrypted:false
            SSDEEP:48:Xsv38LcH9hWn0UEA17rcIkkcYkkZOa458seFKtDNa14DrG2lRZ+kUh:879eEA17NLciOz7YkDC4D3RZA
            MD5:98EA0B5620AC910FDF2E2859AAAF0EA8
            SHA1:D0AFBF017526BB929C0BE2700DB376D59FA21455
            SHA-256:45C596E0856F5D0E1B4B70BCF1DBBC00F578898D3BFD743DED5211ED22A277DC
            SHA-512:4BDD491B0DBC7BCAB4543E49C3633E9358C4BB4B18A36E3FB47C960BC12884B13DE162FC2304D21CBF3F9F292C066615784CFA7BC5A8019CC881C371F6C45BF3
            Malicious:false
            Reputation:low
            URL:http://104.18.42.23/cdn-cgi/styles/main.css
            Preview:...........YK.....W......5z..n.M. {..2...}.......n.#..|I.,7..M.`....b.X|T...Y-0..wgR.C........| .:..=b...&a......T.(g...,.[*.g.1.n=..a..Z..7r..........dk.........$......p..... .zk...&..!..)Q..o=...'...J.(:.p\.S...C5..2J..V\)$.40....,0%..e.!,$X.........eO.LL..3..cW......V.....s../pFa.T....(...5...K.@.J..D..~N..\.\*.X-....?.....K2&.._.Z...So%...&..q...8..I.mp.....A..g..I......0....l.".....I...;.aj^.(.,E...@a.;..;$a,.C..};.w.C...=.P...|".A.O....R.P.WSg...h;...S...@.............{.....|Oj.&..C..v.`.".~uA.$...#....LI.......-.l..t....z.OC..G..:.J....r......z.A...`..N.....Q\.....pPEG=T7d.`o.K....O.Nt....t...d.........R..m.h30.....$i.6rE.r....e..)...4..;.7..w...p..fZZab......n.E...r....`."wJ)P..5...3..MgTC.J..N.....S;.xD..)....8.8?...c......8.M ....v.O.....&..j+.S.sY...+3..}...@.9.w.fE..v.../^........Q{.sh..Jg9.a......Ew..Z.L.n.....#.H...c. w....}G...y.=..K.)......L..-.(%MK.T.^Hy..fg...?Kg....Eg.m.C.........(.........D.$....zI...I......<........

            Static File Info

            No static file info

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 5, 2024 06:08:13.024540901 CEST49675443192.168.2.4173.222.162.32
            Jul 5, 2024 06:08:21.527354002 CEST4973580192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:21.527612925 CEST4973680192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:21.532413960 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:21.532439947 CEST8049736104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:21.532499075 CEST4973580192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:21.532529116 CEST4973680192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:21.652538061 CEST4973680192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:21.657463074 CEST8049736104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.015187979 CEST8049736104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.015204906 CEST8049736104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.015217066 CEST8049736104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.015382051 CEST4973680192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:22.015693903 CEST8049736104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.015747070 CEST4973680192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:22.016179085 CEST4973680192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:22.020900011 CEST8049736104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.031200886 CEST4973580192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:22.035984993 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.042833090 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.042882919 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.043052912 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.043179989 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.043201923 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.129750967 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.129767895 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.129784107 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.129933119 CEST4973580192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:22.169480085 CEST4973580192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:22.544435978 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.544692993 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.544711113 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.545589924 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.545656919 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.547054052 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.547116995 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.547281027 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.547291040 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.600385904 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.632519960 CEST49675443192.168.2.4173.222.162.32
            Jul 5, 2024 06:08:22.702327013 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.702358007 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.702383995 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.702408075 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.702410936 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.702424049 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.702447891 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.702532053 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.702562094 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.702580929 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.702588081 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.702625990 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.702627897 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.702672958 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.705394983 CEST49737443192.168.2.4104.18.30.78
            Jul 5, 2024 06:08:22.705414057 CEST44349737104.18.30.78192.168.2.4
            Jul 5, 2024 06:08:22.801940918 CEST4973580192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:22.806894064 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.904556036 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.904575109 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.904588938 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.904614925 CEST4973580192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:22.904747963 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:22.904793978 CEST4973580192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:22.906574965 CEST4973580192.168.2.4104.18.42.23
            Jul 5, 2024 06:08:22.911345005 CEST8049735104.18.42.23192.168.2.4
            Jul 5, 2024 06:08:24.254803896 CEST49740443192.168.2.4172.217.23.100
            Jul 5, 2024 06:08:24.254847050 CEST44349740172.217.23.100192.168.2.4
            Jul 5, 2024 06:08:24.254911900 CEST49740443192.168.2.4172.217.23.100
            Jul 5, 2024 06:08:24.255172014 CEST49740443192.168.2.4172.217.23.100
            Jul 5, 2024 06:08:24.255191088 CEST44349740172.217.23.100192.168.2.4
            Jul 5, 2024 06:08:24.693598986 CEST49741443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:24.693636894 CEST44349741184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:24.693708897 CEST49741443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:24.697295904 CEST49741443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:24.697307110 CEST44349741184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:24.932421923 CEST44349740172.217.23.100192.168.2.4
            Jul 5, 2024 06:08:24.932965040 CEST49740443192.168.2.4172.217.23.100
            Jul 5, 2024 06:08:24.932979107 CEST44349740172.217.23.100192.168.2.4
            Jul 5, 2024 06:08:24.933828115 CEST44349740172.217.23.100192.168.2.4
            Jul 5, 2024 06:08:24.933891058 CEST49740443192.168.2.4172.217.23.100
            Jul 5, 2024 06:08:24.936053038 CEST49740443192.168.2.4172.217.23.100
            Jul 5, 2024 06:08:24.936103106 CEST44349740172.217.23.100192.168.2.4
            Jul 5, 2024 06:08:24.990838051 CEST49740443192.168.2.4172.217.23.100
            Jul 5, 2024 06:08:24.990844965 CEST44349740172.217.23.100192.168.2.4
            Jul 5, 2024 06:08:25.037698030 CEST49740443192.168.2.4172.217.23.100
            Jul 5, 2024 06:08:25.383910894 CEST44349741184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:25.383980989 CEST49741443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:25.387398005 CEST49741443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:25.387406111 CEST44349741184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:25.387607098 CEST44349741184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:25.426171064 CEST49741443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:25.472498894 CEST44349741184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:25.659054995 CEST44349741184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:25.659101963 CEST44349741184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:25.659184933 CEST49741443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:25.659898043 CEST49741443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:25.659909964 CEST44349741184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:25.699105978 CEST49742443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:25.699120998 CEST44349742184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:25.699258089 CEST49742443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:25.699742079 CEST49742443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:25.699750900 CEST44349742184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:26.348939896 CEST44349742184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:26.348999023 CEST49742443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:26.350792885 CEST49742443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:26.350800037 CEST44349742184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:26.350996017 CEST44349742184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:26.352348089 CEST49742443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:26.392540932 CEST44349742184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:26.628032923 CEST44349742184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:26.628077984 CEST44349742184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:26.628133059 CEST49742443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:26.629689932 CEST49742443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:26.629704952 CEST44349742184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:26.629749060 CEST49742443192.168.2.4184.28.90.27
            Jul 5, 2024 06:08:26.629757881 CEST44349742184.28.90.27192.168.2.4
            Jul 5, 2024 06:08:34.838255882 CEST44349740172.217.23.100192.168.2.4
            Jul 5, 2024 06:08:34.838310003 CEST44349740172.217.23.100192.168.2.4
            Jul 5, 2024 06:08:34.838362932 CEST49740443192.168.2.4172.217.23.100
            Jul 5, 2024 06:08:34.993463039 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:34.993493080 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:34.993658066 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:34.995029926 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:34.995043993 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:35.792947054 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:35.793051004 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:35.795968056 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:35.795974970 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:35.796179056 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:35.838886023 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:36.166169882 CEST49740443192.168.2.4172.217.23.100
            Jul 5, 2024 06:08:36.166196108 CEST44349740172.217.23.100192.168.2.4
            Jul 5, 2024 06:08:36.510760069 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:36.552503109 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:36.771996975 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:36.772015095 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:36.772021055 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:36.772041082 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:36.772073030 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:36.772083044 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:36.772094011 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:36.772110939 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:36.772133112 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:36.772758961 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:36.772818089 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:36.772823095 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:36.773036957 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:36.773089886 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:37.474725008 CEST49743443192.168.2.440.127.169.103
            Jul 5, 2024 06:08:37.474739075 CEST4434974340.127.169.103192.168.2.4
            Jul 5, 2024 06:08:46.848249912 CEST49749443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:46.848288059 CEST44349749104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:46.848404884 CEST49749443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:46.848630905 CEST49749443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:46.848644018 CEST44349749104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:47.328824997 CEST44349749104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:47.329088926 CEST49749443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:47.329106092 CEST44349749104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:47.329942942 CEST44349749104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:47.330193043 CEST49749443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:47.334045887 CEST49749443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:47.334096909 CEST44349749104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:47.334418058 CEST49749443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:47.334424019 CEST44349749104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:47.382958889 CEST49749443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:47.478950977 CEST44349749104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:47.478997946 CEST44349749104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:47.479075909 CEST49749443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:47.480433941 CEST49750443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:47.480448008 CEST44349750104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:47.480637074 CEST49750443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:47.480760098 CEST49749443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:47.480767965 CEST44349749104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:47.481055021 CEST49750443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:47.481065035 CEST44349750104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:48.006154060 CEST44349750104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:48.006448030 CEST49750443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:48.006472111 CEST44349750104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:48.006798029 CEST44349750104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:48.007169962 CEST49750443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:48.007239103 CEST44349750104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:48.007335901 CEST49750443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:48.048506021 CEST44349750104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:48.160413980 CEST44349750104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:48.160461903 CEST44349750104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:48.160667896 CEST49750443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:48.160887003 CEST49750443192.168.2.4104.18.2.57
            Jul 5, 2024 06:08:48.160897970 CEST44349750104.18.2.57192.168.2.4
            Jul 5, 2024 06:08:48.173557997 CEST49751443192.168.2.4104.18.3.57
            Jul 5, 2024 06:08:48.173588037 CEST44349751104.18.3.57192.168.2.4
            Jul 5, 2024 06:08:48.173777103 CEST49751443192.168.2.4104.18.3.57
            Jul 5, 2024 06:08:48.173979044 CEST49751443192.168.2.4104.18.3.57
            Jul 5, 2024 06:08:48.173994064 CEST44349751104.18.3.57192.168.2.4
            Jul 5, 2024 06:08:48.653100967 CEST44349751104.18.3.57192.168.2.4
            Jul 5, 2024 06:08:48.653366089 CEST49751443192.168.2.4104.18.3.57
            Jul 5, 2024 06:08:48.653378963 CEST44349751104.18.3.57192.168.2.4
            Jul 5, 2024 06:08:48.654230118 CEST44349751104.18.3.57192.168.2.4
            Jul 5, 2024 06:08:48.654349089 CEST49751443192.168.2.4104.18.3.57
            Jul 5, 2024 06:08:48.654596090 CEST49751443192.168.2.4104.18.3.57
            Jul 5, 2024 06:08:48.654649019 CEST44349751104.18.3.57192.168.2.4
            Jul 5, 2024 06:08:48.654756069 CEST49751443192.168.2.4104.18.3.57
            Jul 5, 2024 06:08:48.654761076 CEST44349751104.18.3.57192.168.2.4
            Jul 5, 2024 06:08:48.695435047 CEST49751443192.168.2.4104.18.3.57
            Jul 5, 2024 06:08:48.806866884 CEST44349751104.18.3.57192.168.2.4
            Jul 5, 2024 06:08:48.806914091 CEST44349751104.18.3.57192.168.2.4
            Jul 5, 2024 06:08:48.807178020 CEST49751443192.168.2.4104.18.3.57
            Jul 5, 2024 06:08:48.814892054 CEST49751443192.168.2.4104.18.3.57
            Jul 5, 2024 06:08:48.814903975 CEST44349751104.18.3.57192.168.2.4
            Jul 5, 2024 06:09:13.910995960 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:13.911039114 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:13.911094904 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:13.911488056 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:13.911508083 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:14.691986084 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:14.692099094 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:14.697253942 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:14.697276115 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:14.697459936 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:14.714914083 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:14.760508060 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:15.018996954 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:15.019013882 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:15.019026995 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:15.019171953 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:15.019191980 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:15.019304037 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:15.020173073 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:15.020209074 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:15.020246029 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:15.020272970 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:15.020299911 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:15.020299911 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:15.024950981 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:15.024950981 CEST49752443192.168.2.440.127.169.103
            Jul 5, 2024 06:09:15.024965048 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:15.024971962 CEST4434975240.127.169.103192.168.2.4
            Jul 5, 2024 06:09:24.295634985 CEST49754443192.168.2.4172.217.23.100
            Jul 5, 2024 06:09:24.295675039 CEST44349754172.217.23.100192.168.2.4
            Jul 5, 2024 06:09:24.295870066 CEST49754443192.168.2.4172.217.23.100
            Jul 5, 2024 06:09:24.296583891 CEST49754443192.168.2.4172.217.23.100
            Jul 5, 2024 06:09:24.296600103 CEST44349754172.217.23.100192.168.2.4
            Jul 5, 2024 06:09:24.990895033 CEST44349754172.217.23.100192.168.2.4
            Jul 5, 2024 06:09:24.991231918 CEST49754443192.168.2.4172.217.23.100
            Jul 5, 2024 06:09:24.991266966 CEST44349754172.217.23.100192.168.2.4
            Jul 5, 2024 06:09:24.991527081 CEST44349754172.217.23.100192.168.2.4
            Jul 5, 2024 06:09:24.992664099 CEST49754443192.168.2.4172.217.23.100
            Jul 5, 2024 06:09:24.992727995 CEST44349754172.217.23.100192.168.2.4
            Jul 5, 2024 06:09:25.039850950 CEST49754443192.168.2.4172.217.23.100
            Jul 5, 2024 06:09:34.885066986 CEST44349754172.217.23.100192.168.2.4
            Jul 5, 2024 06:09:34.885123968 CEST44349754172.217.23.100192.168.2.4
            Jul 5, 2024 06:09:34.885309935 CEST49754443192.168.2.4172.217.23.100
            Jul 5, 2024 06:09:36.165105104 CEST49754443192.168.2.4172.217.23.100
            Jul 5, 2024 06:09:36.165142059 CEST44349754172.217.23.100192.168.2.4

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 5, 2024 06:08:19.833539009 CEST53582661.1.1.1192.168.2.4
            Jul 5, 2024 06:08:19.927407026 CEST53624331.1.1.1192.168.2.4
            Jul 5, 2024 06:08:20.922527075 CEST53527961.1.1.1192.168.2.4
            Jul 5, 2024 06:08:22.030879021 CEST5323653192.168.2.41.1.1.1
            Jul 5, 2024 06:08:22.031202078 CEST6415253192.168.2.41.1.1.1
            Jul 5, 2024 06:08:22.040479898 CEST53641521.1.1.1192.168.2.4
            Jul 5, 2024 06:08:22.042418957 CEST53532361.1.1.1192.168.2.4
            Jul 5, 2024 06:08:24.245584011 CEST5756953192.168.2.41.1.1.1
            Jul 5, 2024 06:08:24.245829105 CEST6368853192.168.2.41.1.1.1
            Jul 5, 2024 06:08:24.252286911 CEST53575691.1.1.1192.168.2.4
            Jul 5, 2024 06:08:24.252696037 CEST53636881.1.1.1192.168.2.4
            Jul 5, 2024 06:08:28.860555887 CEST5375553192.168.2.41.1.1.1
            Jul 5, 2024 06:08:28.860692024 CEST6226453192.168.2.41.1.1.1
            Jul 5, 2024 06:08:28.867371082 CEST53537551.1.1.1192.168.2.4
            Jul 5, 2024 06:08:28.868731022 CEST53622641.1.1.1192.168.2.4
            Jul 5, 2024 06:08:38.016648054 CEST53515381.1.1.1192.168.2.4
            Jul 5, 2024 06:08:39.892714977 CEST138138192.168.2.4192.168.2.255
            Jul 5, 2024 06:08:46.839842081 CEST5202953192.168.2.41.1.1.1
            Jul 5, 2024 06:08:46.840127945 CEST5612053192.168.2.41.1.1.1
            Jul 5, 2024 06:08:46.847137928 CEST53561201.1.1.1192.168.2.4
            Jul 5, 2024 06:08:46.847835064 CEST53520291.1.1.1192.168.2.4
            Jul 5, 2024 06:08:48.165389061 CEST5801753192.168.2.41.1.1.1
            Jul 5, 2024 06:08:48.165534973 CEST6200253192.168.2.41.1.1.1
            Jul 5, 2024 06:08:48.172732115 CEST53580171.1.1.1192.168.2.4
            Jul 5, 2024 06:08:48.173130035 CEST53620021.1.1.1192.168.2.4
            Jul 5, 2024 06:08:56.824301004 CEST53633771.1.1.1192.168.2.4
            Jul 5, 2024 06:09:19.504133940 CEST53574221.1.1.1192.168.2.4
            Jul 5, 2024 06:09:19.813119888 CEST53550441.1.1.1192.168.2.4

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jul 5, 2024 06:08:22.030879021 CEST192.168.2.41.1.1.10xd686Standard query (0)performance.radar.cloudflare.comA (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:22.031202078 CEST192.168.2.41.1.1.10xe7abStandard query (0)performance.radar.cloudflare.com65IN (0x0001)false
            Jul 5, 2024 06:08:24.245584011 CEST192.168.2.41.1.1.10x473aStandard query (0)www.google.comA (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:24.245829105 CEST192.168.2.41.1.1.10xeaefStandard query (0)www.google.com65IN (0x0001)false
            Jul 5, 2024 06:08:28.860555887 CEST192.168.2.41.1.1.10x8bb4Standard query (0)www.cloudflare.comA (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:28.860692024 CEST192.168.2.41.1.1.10xb750Standard query (0)www.cloudflare.com65IN (0x0001)false
            Jul 5, 2024 06:08:46.839842081 CEST192.168.2.41.1.1.10x10edStandard query (0)sparrow.cloudflare.comA (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:46.840127945 CEST192.168.2.41.1.1.10x1953Standard query (0)sparrow.cloudflare.com65IN (0x0001)false
            Jul 5, 2024 06:08:48.165389061 CEST192.168.2.41.1.1.10x6e93Standard query (0)sparrow.cloudflare.comA (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:48.165534973 CEST192.168.2.41.1.1.10x57d9Standard query (0)sparrow.cloudflare.com65IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jul 5, 2024 06:08:22.040479898 CEST1.1.1.1192.168.2.40xe7abNo error (0)performance.radar.cloudflare.com65IN (0x0001)false
            Jul 5, 2024 06:08:22.042418957 CEST1.1.1.1192.168.2.40xd686No error (0)performance.radar.cloudflare.com104.18.30.78A (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:22.042418957 CEST1.1.1.1192.168.2.40xd686No error (0)performance.radar.cloudflare.com104.18.31.78A (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:24.252286911 CEST1.1.1.1192.168.2.40x473aNo error (0)www.google.com172.217.23.100A (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:24.252696037 CEST1.1.1.1192.168.2.40xeaefNo error (0)www.google.com65IN (0x0001)false
            Jul 5, 2024 06:08:28.867371082 CEST1.1.1.1192.168.2.40x8bb4No error (0)www.cloudflare.com104.16.123.96A (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:28.867371082 CEST1.1.1.1192.168.2.40x8bb4No error (0)www.cloudflare.com104.16.124.96A (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:28.868731022 CEST1.1.1.1192.168.2.40xb750No error (0)www.cloudflare.com65IN (0x0001)false
            Jul 5, 2024 06:08:46.847137928 CEST1.1.1.1192.168.2.40x1953No error (0)sparrow.cloudflare.com65IN (0x0001)false
            Jul 5, 2024 06:08:46.847835064 CEST1.1.1.1192.168.2.40x10edNo error (0)sparrow.cloudflare.com104.18.2.57A (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:46.847835064 CEST1.1.1.1192.168.2.40x10edNo error (0)sparrow.cloudflare.com104.18.3.57A (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:48.172732115 CEST1.1.1.1192.168.2.40x6e93No error (0)sparrow.cloudflare.com104.18.3.57A (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:48.172732115 CEST1.1.1.1192.168.2.40x6e93No error (0)sparrow.cloudflare.com104.18.2.57A (IP address)IN (0x0001)false
            Jul 5, 2024 06:08:48.173130035 CEST1.1.1.1192.168.2.40x57d9No error (0)sparrow.cloudflare.com65IN (0x0001)false

            HTTP Request Dependency Graph

            • performance.radar.cloudflare.com
            • fs.microsoft.com
            • slscr.update.microsoft.com
            • sparrow.cloudflare.com
            • 104.18.42.23

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449736104.18.42.2380732C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Jul 5, 2024 06:08:21.652538061 CEST427OUTGET / HTTP/1.1
            Host: 104.18.42.23
            Connection: keep-alive
            Upgrade-Insecure-Requests: 1
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Jul 5, 2024 06:08:22.015187979 CEST1236INHTTP/1.1 403 Forbidden
            Date: Fri, 05 Jul 2024 04:08:21 GMT
            Content-Type: text/html; charset=UTF-8
            Transfer-Encoding: chunked
            Connection: close
            X-Frame-Options: SAMEORIGIN
            Referrer-Policy: same-origin
            Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
            Expires: Thu, 01 Jan 1970 00:00:01 GMT
            Vary: Accept-Encoding
            Server: cloudflare
            CF-RAY: 89e47e514a1ac484-EWR
            Content-Encoding: gzip
            Data Raw: 38 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 e9 6f 1b 37 16 ff ae bf e2 85 0b 68 25 40 d4 48 b2 7c 44 1a 4d d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8d c4 98 43 4e 49 4a b2 90 f5 ff be e0 1c f2 e8 b0 9b 60 77 51 7d d0 f0 7c 7c c7 ef 1d 64 f8 ea cd fb cb db 4f 37 57 b0 70 99 8c 5a e1 2b 4a 7f 13 29 48 07 d7 57 70 fe 7b 04 a1 9f 80 44 32 6b 67 44 69 fa d9 82 c0 33 d0 92 0b 24 20 99 9a cf 08 2a fa f1 03 89 20 7c f5 1b 2a 2e d2 df 29 7d 22 55 d1 01 38 4e ea fc db 48 5d bc 40 ea e2 1b 48 cd 5d 45 cd 0f 1c 93 f2 90 0a a5 bb 94 16 c8 78 d4 0a 9d 70 12 a3 37 c2 60 e2 e0 fa 06 58 92 a0 b5 a0 b4 03 26 a5 5e 23 87 7f c3 a5 d4 4b 9e 4a 66 30 0c ca 0d ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 1f e8 05 81 a0 9e 58 38 97 53 fc 63 29 56 33 72 a9 95 43 e5 e8 ed 26 47 02 49 d9 9b 11 87 0f 2e f0 8c 4f b7 64 5e a2 f2 2b fd f8 3d bd d4 59 ce 9c 88 65 93 d0 f5 d5 ec 8a cf b1 b1 4f b1 0c 67 c4 e8 58 3b db 58 a8 b4 50 1c 1f 7a a0 74 aa bd 70 07 5b 56 02 d7 b9 36 ae b1 69 2d b8 5b cc 38 ae 44 82 b4 e8 f4 84 12 4e 30 [TRUNCATED]
            Data Ascii: 831Xo7h%@H|DMu\ic4(CNIJ`wQ}||dO7WpZ+J)HWp{D2kgDi3$ * |*.)}"U8NH]@H]Exp7`X&^#KJf00C Y0cX8Sc)V3rC&GI.Od^+=YeOgX;XPztp[V6i-[8DN0Im$%)=3bF] :HC4`:#AM"(/j61"wQ.UVvN*g_Pw:ThP\skO:#\3-mV$-9+54F"%.752:e/z$R$I/7:G8'<]Xd8:G!7?8 93FDgE;][dMg=\yVPG?I7Ga:q|:~=1?H'xgjN~BpXb0+<q,:+i(@a_ku-W94NV\"vFvA_
            Jul 5, 2024 06:08:22.015204906 CEST1236INData Raw: 7a d8 7d ec 76 1f bb 8f 8f dd 4e 77 da 0a 83 da 93 6b 9f 06 8e 29 1a b0 26 99 6d 81 99 a3 49 b5 c9 98 4a b0 6f 18 67 66 1f a2 31 b2 44 ab fe 67 4b a2 27 8a 61 50 05 f1 58 f3 4d d4 02 08 b9 58 55 21 87 ae 0d cb 73 34 c4 8f 57 33 55 82 48 52 ca 24
            Data Ascii: z}vNwk)&mIJogf1DgK'aPXMXU!s4W3UHR$u6D{URTI(1SV2>X]F"0T0b`bGd2u.NCpr>=+t4.F4]JYLY[aMU()X2>|/Rbp=y
            Jul 5, 2024 06:08:22.015217066 CEST82INData Raw: 5e aa 7d 68 f5 ef a5 10 f4 77 22 a9 7f 36 6d 35 a2 70 b9 e6 6f fb 57 d8 62 dd e1 9a 3a 08 17 54 9e ec dd 02 a8 1e ee ee 92 f4 ae 2e a4 bc d1 67 f0 e5 71 da 2a 30 b2 f3 8a 10 94 b7 fd 30 28 df bc ff 03 5e 28 95 eb 04 17 00 00 0d 0a 30 0d 0a 0d 0a
            Data Ascii: ^}hw"6m5poWb:T.gq*00(^(0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449735104.18.42.2380732C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            Jul 5, 2024 06:08:22.031200886 CEST334OUTGET /cdn-cgi/styles/main.css HTTP/1.1
            Host: 104.18.42.23
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: text/css,*/*;q=0.1
            Referer: http://104.18.42.23/
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Jul 5, 2024 06:08:22.129750967 CEST1236INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 04:08:22 GMT
            Content-Type: text/css
            Transfer-Encoding: chunked
            Connection: keep-alive
            Last-Modified: Fri, 28 Jun 2024 11:25:31 GMT
            ETag: W/"667e9dab-1f4d"
            Server: cloudflare
            CF-RAY: 89e47e520fec7d26-EWR
            X-Frame-Options: DENY
            X-Content-Type-Options: nosniff
            Vary: Accept-Encoding
            Expires: Fri, 05 Jul 2024 06:08:22 GMT
            Cache-Control: max-age=7200
            Cache-Control: public
            Content-Encoding: gzip
            Data Raw: 38 38 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e5 59 4b 8f e3 b8 11 be e7 57 18 db 18 a0 bd 10 35 7a d8 ee 6e e9 92 4d 90 20 7b c8 1e 32 08 90 00 7d a1 a4 92 cd 98 12 05 8a 6e db 23 e8 bf 07 7c 49 94 2c 37 ba 83 4d 80 60 c7 a3 19 b1 be 62 a9 58 7c 54 b1 ca cf 59 2d 30 a9 81 77 67 52 88 43 12 06 c1 97 de cf f6 e8 7c 20 02 3a 84 b2 3d 62 0d ce 89 b8 26 61 9a e1 fc b8 e7 ec 54 17 28 67 94 f1 e4 a1 2c cb 5b 2a df 67 f8 31 da 6e 3d fb bc 61 fe e8 8a 5a af d5 37 72 a8 05 f0 ce e9 df b0 96 08 c2 ea 64 6b d4 a8 19 e2 d0 00 16 2e 97 a6 24 03 d6 fb 19 e3 05 70 b4 e7 f8 8a e2 20 90 7a 6b 8a a3 bb 26 18 bd 21 93 bf 29 51 ab 1d 6f 3d fb 18 b5 27 92 a4 ea 4a 0b 28 3a 83 70 5c 90 53 9b f8 d1 96 43 35 e8 d2 32 4a 06 96 56 5c 29 24 8a 34 30 04 16 d4 96 0f 2c 30 25 87 cd 65 e8 21 2c 24 58 e3 c2 f9 89 b7 8c a3 86 11 65 4f dd 4c 4c b3 f7 33 ca f2 63 57 90 b6 a1 f8 9a a8 56 ef 93 9a 92 1a d0 14 73 89 bd 2f 70 46 61 c0 54 ab f7 0f a4 28 a0 1e a8 35 ab a1 f7 4b ca b0 40 14 4a d1 a9 d7 44 be f6 7e 4e 01 f3 92 5c 12 5c 2a bd [TRUNCATED]
            Data Ascii: 880YKW5znM {2}n#|I,7M`bX|TY-0wgRC| :=b&aT(g,[*g1n=aZ7rdk.$p zk&!)Qo='J(:p\SC52JV\)$40,0%e!,$XeOLL3cWVs/pFaT(5K@JD~N\\*X-?K2&_ZSo%&q8ImpAgI0l"I;aj^(,E@a;;$a,C.};wC=P|"AORPWSgh;S@{|Oj&Cv`"~uA$#LI-ltzOCG:JrzA`NQ\pPEG=T7d`oKONtt.dRm.h30$i6rEre)4;7wpfZZabnEr`"wJ)P53MgTCJNS;xD)88?c
            Jul 5, 2024 06:08:22.129767895 CEST1236INData Raw: 38 b6 4d 20 7f a9 e3 d1 76 1b 4f ff d5 ee cc ed 26 9d 99 6a 2b c7 b9 53 8e 73 59 ec cb cb 8b 2b 33 dc c6 9e 7d de 11 cb a1 40 c0 39 e3 77 e5 66 45 b4 89 76 13 d1 cf 2f 5e bc f3 e2 e7 f7 f5 05 a8 51 7b ca 73 68 db fb 4a 67 39 8e 61 aa f7 d6 8b 82
            Data Ascii: 8M vO&j+SsY+3}@9wfEv/^Q{shJg9aEwZLn#Hc w}Gy=K)L-(%MKT^Hyfg?KgEgmC(D$zII.<R32vAMW
            Jul 5, 2024 06:08:22.129784107 CEST164INData Raw: 9a 5f 09 7c a0 dc 24 d9 16 97 81 04 74 85 49 b6 4d 85 69 84 de 2d 91 48 86 0a 05 c3 0d de 50 c4 40 52 cb c2 92 ef 17 18 8a d7 64 96 41 57 a4 8f 67 bb 15 fb c7 d7 97 62 e7 e3 17 0d 68 bf 9b b9 d9 eb 79 71 41 da 84 49 6d 9d a1 a9 ee 28 e8 26 62 54
            Data Ascii: _|$tIMi-HP@RdAWgbhyqAIm(&bTZec(V+rh,bYx6C@c?e~.[~o#nM0
            Jul 5, 2024 06:08:22.801940918 CEST368OUTGET /favicon.ico HTTP/1.1
            Host: 104.18.42.23
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
            Referer: http://104.18.42.23/
            Accept-Encoding: gzip, deflate
            Accept-Language: en-US,en;q=0.9
            Jul 5, 2024 06:08:22.904556036 CEST1236INHTTP/1.1 403 Forbidden
            Date: Fri, 05 Jul 2024 04:08:22 GMT
            Content-Type: text/html; charset=UTF-8
            Transfer-Encoding: chunked
            Connection: close
            X-Frame-Options: SAMEORIGIN
            Referrer-Policy: same-origin
            Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
            Expires: Thu, 01 Jan 1970 00:00:01 GMT
            Vary: Accept-Encoding
            Server: cloudflare
            CF-RAY: 89e47e56dd1c7d26-EWR
            Content-Encoding: gzip
            Data Raw: 38 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 e9 6f 1b 37 16 ff ae bf e2 85 0b 68 25 40 d4 48 b2 7c 44 1a 4d d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8d c4 98 43 4e 49 4a b2 90 f5 ff be e0 1c f2 e8 b0 9b 60 77 51 7d d0 f0 7c 7c c7 ef 1d 64 f8 ea cd fb cb db 4f 37 57 b0 70 99 8c 5a e1 2b 4a 7f 13 29 48 07 d7 57 70 fe 7b 04 a1 9f 80 44 32 6b 67 44 69 fa d9 82 c0 33 d0 92 0b 24 20 99 9a cf 08 2a fa f1 03 89 20 7c f5 1b 2a 2e d2 df 29 7d 22 55 d1 01 38 4e ea fc db 48 5d bc 40 ea e2 1b 48 cd 5d 45 cd 0f 1c 93 f2 90 0a a5 bb 94 16 c8 78 d4 0a 9d 70 12 a3 37 c2 60 e2 e0 fa 06 58 92 a0 b5 a0 b4 03 26 a5 5e 23 87 7f c3 a5 d4 4b 9e 4a 66 30 0c ca 0d ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 1f e8 05 81 a0 9e 58 38 97 53 fc 63 29 56 33 72 a9 95 43 e5 e8 ed 26 47 02 49 d9 9b 11 87 0f 2e f0 8c 4f b7 64 5e a2 f2 2b fd f8 3d bd d4 59 ce 9c 88 65 93 d0 f5 d5 ec 8a cf b1 b1 4f b1 0c 67 c4 e8 58 3b db 58 a8 b4 50 1c 1f 7a a0 74 aa bd 70 07 5b 56 02 d7 b9 36 ae b1 69 2d b8 5b cc 38 ae 44 82 b4 e8 f4 84 12 4e 30 [TRUNCATED]
            Data Ascii: 831Xo7h%@H|DMu\ic4(CNIJ`wQ}||dO7WpZ+J)HWp{D2kgDi3$ * |*.)}"U8NH]@H]Exp7`X&^#KJf00C Y0cX8Sc)V3rC&GI.Od^+=YeOgX;XPztp[V6i-[8DN0Im$%)=3bF] :HC4`:#AM"(/j61"wQ.UVvN*g_Pw:ThP\skO:#\3-mV$-9+54F"%.752:e/z$R$I/7:G8'<]Xd8:G!7?8 93FDgE;][dMg=\yVPG?I7Ga:q|:~=1?H'xgjN~BpXb0+<q,:+i(@a_ku-W94NV\"vFvA_
            Jul 5, 2024 06:08:22.904575109 CEST224INData Raw: 7a d8 7d ec 76 1f bb 8f 8f dd 4e 77 da 0a 83 da 93 6b 9f 06 8e 29 1a b0 26 99 6d 81 99 a3 49 b5 c9 98 4a b0 6f 18 67 66 1f a2 31 b2 44 ab fe 67 4b a2 27 8a 61 50 05 f1 58 f3 4d d4 02 08 b9 58 55 21 87 ae 0d cb 73 34 c4 8f 57 33 55 82 48 52 ca 24
            Data Ascii: z}vNwk)&mIJogf1DgK'aPXMXU!s4W3UHR$u6D{URTI(1SV2>X]F"0T0b`bGd2u.NCpr>=+t4.F4]JYLY[aMU()X2>|/
            Jul 5, 2024 06:08:22.904588938 CEST1094INData Raw: 8b e9 08 52 ad 1c 95 62 be 70 e0 93 17 3d 1b f8 a9 a2 79 f2 20 cb b1 58 7a 8c 71 66 ee 41 22 e3 42 cd a9 f3 3b 9a a7 02 84 36 67 ea 50 8d 5e 13 24 ba f2 9f d0 07 2b 75 b8 29 f2 51 ef 60 32 0c 16 c3 66 b7 20 ff a2 60 8b 8a 39 c3 36 54 f0 52 b4 4c
            Data Ascii: Rbp=y XzqfA"B;6gP^$+u)Q`2f `96TRL+]J1<,6Z=x6pfq|gs>:vrz`4s:8x2Frp1(yg^lZ9z+0XJFzb,jZ;El}g`.+"K%](


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449737104.18.30.78443732C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-07-05 04:08:22 UTC505OUTGET /beacon.js HTTP/1.1
            Host: performance.radar.cloudflare.com
            Connection: keep-alive
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            sec-ch-ua-mobile: ?0
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            sec-ch-ua-platform: "Windows"
            Accept: */*
            Sec-Fetch-Site: cross-site
            Sec-Fetch-Mode: no-cors
            Sec-Fetch-Dest: script
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-07-05 04:08:22 UTC787INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 04:08:22 GMT
            Content-Type: text/javascript;charset=UTF-8
            Content-Length: 10027
            Connection: close
            Access-Control-Allow-Origin: *
            Cache-Control: no-store, max-age=0
            access-control-allow-headers: *
            access-control-allow-methods: *
            referrer-policy: no-referrer
            timing-allow-origin: *
            Set-Cookie: __cf_bm=DWLNdrynKBT0PMNUzK18DQS7TSM.A3MzyuXQV1l.6CU-1720152502-1.0.1.1-Sk53L3rtZ_Xw.VEN0TpARtrH3QS67ZZncCPp3aL3Kny7PUgOf.0nND73FL8vSQiimOc0yz.w.C8GoDEqUzkcRA; path=/; expires=Fri, 05-Jul-24 04:38:22 GMT; domain=.radar.cloudflare.com; HttpOnly; Secure; SameSite=None
            Strict-Transport-Security: max-age=15552000; includeSubDomains
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e47e555ae70f64-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 04:08:22 UTC582INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6c 65 74 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 42 4f 44 59 22 29 5b 30 5d 3b 69 66 28 65 29 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 70 61 6e 22 29 3b 74 2e 77 69 64 74 68 3d 30 2c 74 2e 68 65 69 67 68 74 3d 30 2c 74 2e 73 74 79 6c 65 2e 73 65 74 50 72 6f 70 65 72 74 79 28 22 64 69 73 70 6c 61 79 22 2c 22 6e 6f 6e 65 22 2c 22 69 6d 70 6f 72 74 61 6e 74 22 29 2c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 63 6f 6e 73 74 20 72 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 74 65 72 6d 22 29 2c 6e 3d 28 65 2c 74 3d 22 44 65 74 61
            Data Ascii: !function(){"use strict";let e=document.getElementsByTagName("BODY")[0];if(e){var t=document.createElement("span");t.width=0,t.height=0,t.style.setProperty("display","none","important"),e.appendChild(t)}const r=document.getElementById("term"),n=(e,t="Deta
            2024-07-05 04:08:22 UTC1369INData Raw: 61 74 65 29 2e 74 6f 49 53 4f 53 74 72 69 6e 67 28 29 7d 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 73 67 22 3e 24 7b 65 7d 3c 73 70 61 6e 3e 3c 2f 70 3e 60 29 7d 2c 61 3d 65 3d 3e 6e 65 77 20 50 72 6f 6d 69 73 65 28 28 74 3d 3e 73 65 74 54 69 6d 65 6f 75 74 28 74 2c 65 29 29 29 2c 6f 3d 28 29 3d 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 31 65 38 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2b 31 2c 73 3d 61 73 79 6e 63 20 65 3d 3e 6e 65 77 20 50 72 6f 6d 69 73 65 28 28 28 72 2c 6e 29 3d 3e 7b 76 61 72 20 61 3d 21 31 3b 6c 65 74 20 73 3d 60 24 7b 65 7d 24 7b 2d 31 21 3d 3d 65 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 3f 22 26 22 3a 22 3f 22 7d 72 3d 24 7b 6f 28 29 7d 60 3b 69 66 28 74 29 7b 76 61 72 20 69 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65
            Data Ascii: ate).toISOString()}</span><span class="msg">${e}<span></p>`)},a=e=>new Promise((t=>setTimeout(t,e))),o=()=>Math.floor(1e8*Math.random())+1,s=async e=>new Promise(((r,n)=>{var a=!1;let s=`${e}${-1!==e.indexOf("?")?"&":"?"}r=${o()}`;if(t){var i=document.cre
            2024-07-05 04:08:22 UTC1369INData Raw: 21 31 3b 69 66 28 21 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 28 29 2e 73 6f 6d 65 28 28 65 3d 3e 65 2e 6e 61 6d 65 2e 6d 61 74 63 68 28 2f 5e 68 74 74 70 73 3a 5c 2f 5c 2f 70 65 72 66 6f 72 6d 61 6e 63 65 5c 2e 72 61 64 61 72 5c 2e 28 3f 3a 73 74 61 67 69 6e 67 5c 2e 29 3f 63 6c 6f 75 64 66 6c 61 72 65 5c 2e 63 6f 6d 5c 2f 62 65 61 63 6f 6e 5c 2e 6a 73 24 2f 29 29 29 29 72 65 74 75 72 6e 21 31 3b 69 66 28 22 68 74 74 70 73 3a 22 21 3d 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 29 72 65 74 75 72 6e 21 31 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 70 65 72 66 6f 72 6d 61 6e 63 65 29 72 65 74 75 72 6e 21 31 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 70 65 72 66 6f 72 6d 61 6e 63 65 2e 63 6c 65 61 72
            Data Ascii: !1;if(!performance.getEntries().some((e=>e.name.match(/^https:\/\/performance\.radar\.(?:staging\.)?cloudflare\.com\/beacon\.js$/))))return!1;if("https:"!==location.protocol)return!1;if(void 0===performance)return!1;if("function"!=typeof performance.clear
            2024-07-05 04:08:22 UTC1369INData Raw: 3b 73 2e 74 61 72 67 65 74 4f 62 6a 65 63 74 48 61 73 68 3d 6f 5b 75 5d 2e 64 69 67 65 73 74 2c 73 2e 74 61 72 67 65 74 4f 62 6a 65 63 74 48 61 73 68 7c 7c 28 73 2e 74 61 72 67 65 74 4f 62 6a 65 63 74 48 61 73 68 3d 22 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 22 29 2c 6e 28 74 29 2c 65 2e 65 78 74 72 61 26 26 65 2e 65 78 74 72 61 2e 66 61 69 6c 75 72 65 26 26 21 72 2e 63 61 6e 46 61 69 6c 3f 64 2b 2b 3a 6d 2e 70 75 73 68 28 73 29 7d 29 29 2e 63 61 74 63 68 28 28 65 3d 3e 7b 6e 28 65 29 7d 29 29 2c 64 3e 33 29 72 65 74 75 72 6e 20 76 6f 69 64 20 6e 28 22 54 6f 6f 20 6d 61 6e 79 20 66 61 69 6c 65 64 20 6d 65
            Data Ascii: ;s.targetObjectHash=o[u].digest,s.targetObjectHash||(s.targetObjectHash="0000000000000000000000000000000000000000000000000000000000000000"),n(t),e.extra&&e.extra.failure&&!r.canFail?d++:m.push(s)})).catch((e=>{n(e)})),d>3)return void n("Too many failed me
            2024-07-05 04:08:22 UTC1369INData Raw: 72 43 6f 64 65 3a 72 2c 6d 65 61 73 75 72 65 6d 65 6e 74 73 3a 68 7d 2c 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 70 65 72 66 6f 72 6d 61 6e 63 65 2e 72 61 64 61 72 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 70 69 2f 62 65 61 63 6f 6e 22 2c 7b 6d 65 74 68 6f 64 3a 22 50 4f 53 54 22 2c 72 65 66 65 72 72 65 72 3a 22 22 2c 72 65 66 65 72 72 65 72 50 6f 6c 69 63 79 3a 22 6e 6f 2d 72 65 66 65 72 72 65 72 22 2c 68 65 61 64 65 72 73 3a 7b 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2c 22 58 2d 53 75 62 6d 69 74 2d 54 6f 6b 65 6e 22 3a 22 31 37 32 30 31 35 32 35 30 32 2d 35 38 34 32 30 31 61 31 30 65 62 62 35 33 33 38 31 30 36 65 65 63 64 35 31 63 34 35 34
            Data Ascii: rCode:r,measurements:h},fetch("https://performance.radar.cloudflare.com/api/beacon",{method:"POST",referrer:"",referrerPolicy:"no-referrer",headers:{"Content-Type":"application/json;charset=UTF-8","X-Submit-Token":"1720152502-584201a10ebb5338106eecd51c454
            2024-07-05 04:08:22 UTC1369INData Raw: 74 61 72 67 65 74 4e 61 6d 65 22 3a 22 77 72 6b 2d 66 61 73 74 6c 79 2d 6a 73 2d 62 75 73 79 2d 6c 6f 6f 70 2d 68 61 72 64 22 2c 22 65 73 22 3a 33 30 32 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 65 78 61 63 74 6c 79 2d 68 75 67 65 2d 61 72 61 63 68 6e 69 64 2e 65 64 67 65 63 6f 6d 70 75 74 65 2e 61 70 70 2f 3f 74 65 73 74 3d 32 38 32 30 36 35 36 61 61 36 33 65 64 35 34 36 33 64 30 61 62 65 37 65 30 35 32 30 64 63 62 66 65 61 62 64 62 38 66 34 39 39 63 37 62 35 32 32 38 33 38 38 63 63 36 34 65 32 30 33 36 37 34 39 26 69 6d 67 3d 31 22 2c 22 64 69 67 65 73 74 22 3a 22 32 38 32 30 36 35 36 61 61 36 33 65 64 35 34 36 33 64 30 61 62 65 37 65 30 35 32 30 64 63 62 66 65 61 62 64 62 38 66 34 39 39 63 37 62 35 32 32 38 33 38 38 63 63 36 34 65 32 30 33 36 37
            Data Ascii: targetName":"wrk-fastly-js-busy-loop-hard","es":302,"url":"https://exactly-huge-arachnid.edgecompute.app/?test=2820656aa63ed5463d0abe7e0520dcbfeabdb8f499c7b5228388cc64e2036749&img=1","digest":"2820656aa63ed5463d0abe7e0520dcbfeabdb8f499c7b5228388cc64e20367
            2024-07-05 04:08:22 UTC1369INData Raw: 73 74 2e 63 6f 6d 2f 69 6d 67 2f 31 36 39 39 39 2f 72 32 30 2d 31 30 30 4b 42 2e 70 6e 67 22 2c 22 64 69 67 65 73 74 22 3a 22 32 37 62 63 65 39 65 38 35 65 61 66 33 35 36 37 61 34 36 39 35 62 61 32 62 36 31 32 65 33 32 36 31 35 33 39 34 64 38 30 64 30 61 33 61 32 64 63 62 30 37 62 31 66 62 66 64 66 61 62 61 62 63 37 22 2c 22 73 69 7a 65 22 3a 31 30 32 34 30 30 7d 2c 7b 22 74 61 72 67 65 74 4e 61 6d 65 22 3a 22 6c 69 6d 65 6c 69 67 68 74 22 2c 22 65 73 22 3a 33 33 30 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 70 31 37 30 30 33 2e 63 65 64 65 78 69 73 2d 74 65 73 74 2e 63 6f 6d 2f 69 6d 67 2f 31 37 30 30 33 2f 72 32 30 2d 31 30 30 4b 42 2e 70 6e 67 22 2c 22 64 69 67 65 73 74 22 3a 22 32 37 62 63 65 39 65 38 35 65 61 66 33 35 36 37 61 34 36 39 35 62 61
            Data Ascii: st.com/img/16999/r20-100KB.png","digest":"27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7","size":102400},{"targetName":"limelight","es":330,"url":"https://p17003.cedexis-test.com/img/17003/r20-100KB.png","digest":"27bce9e85eaf3567a4695ba
            2024-07-05 04:08:22 UTC1231INData Raw: 34 30 31 36 63 34 61 61 66 32 38 32 66 62 62 36 61 65 32 65 61 38 66 62 63 62 66 31 33 39 63 36 34 31 63 32 39 31 37 30 39 31 38 35 62 38 66 62 38 61 33 38 39 31 33 31 37 37 62 39 62 33 33 26 69 6d 67 3d 31 22 2c 22 64 69 67 65 73 74 22 3a 22 31 34 30 31 36 63 34 61 61 66 32 38 32 66 62 62 36 61 65 32 65 61 38 66 62 63 62 66 31 33 39 63 36 34 31 63 32 39 31 37 30 39 31 38 35 62 38 66 62 38 61 33 38 39 31 33 31 37 37 62 39 62 33 33 22 7d 5d 2c 22 6e 75 6d 5f 74 61 72 67 65 74 73 22 3a 34 2c 22 6e 75 6d 5f 62 79 74 65 73 22 3a 30 7d 2c 7b 22 6e 61 6d 65 22 3a 22 67 72 6f 75 70 2d 63 64 6e 2d 30 32 22 2c 22 72 61 74 65 22 3a 30 2e 38 2c 22 70 72 65 66 69 78 22 3a 22 22 2c 22 63 61 6e 46 61 69 6c 22 3a 66 61 6c 73 65 2c 22 61 6c 6c 6f 77 4d 6f 62 69 6c 65 22
            Data Ascii: 4016c4aaf282fbb6ae2ea8fbcbf139c641c291709185b8fb8a38913177b9b33&img=1","digest":"14016c4aaf282fbb6ae2ea8fbcbf139c641c291709185b8fb8a38913177b9b33"}],"num_targets":4,"num_bytes":0},{"name":"group-cdn-02","rate":0.8,"prefix":"","canFail":false,"allowMobile"


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449741184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-07-05 04:08:25 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-07-05 04:08:25 UTC467INHTTP/1.1 200 OK
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-weu-z1
            Cache-Control: public, max-age=216142
            Date: Fri, 05 Jul 2024 04:08:25 GMT
            Connection: close
            X-CID: 2


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.449742184.28.90.27443
            TimestampBytes transferredDirectionData
            2024-07-05 04:08:26 UTC239OUTGET /fs/windows/config.json HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            Accept-Encoding: identity
            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
            Range: bytes=0-2147483646
            User-Agent: Microsoft BITS/7.8
            Host: fs.microsoft.com
            2024-07-05 04:08:26 UTC515INHTTP/1.1 200 OK
            ApiVersion: Distribute 1.1
            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
            Content-Type: application/octet-stream
            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
            Server: ECAcc (lpl/EF06)
            X-CID: 11
            X-Ms-ApiVersion: Distribute 1.2
            X-Ms-Region: prod-weu-z1
            Cache-Control: public, max-age=216157
            Date: Fri, 05 Jul 2024 04:08:26 GMT
            Content-Length: 55
            Connection: close
            X-CID: 2
            2024-07-05 04:08:26 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.44974340.127.169.103443
            TimestampBytes transferredDirectionData
            2024-07-05 04:08:36 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Rl1D+xOmm1rPU1F&MD=6h3hGzNZ HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
            Host: slscr.update.microsoft.com
            2024-07-05 04:08:36 UTC560INHTTP/1.1 200 OK
            Cache-Control: no-cache
            Pragma: no-cache
            Content-Type: application/octet-stream
            Expires: -1
            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
            MS-CorrelationId: 1f1f94de-53b9-422f-971c-3833d159395b
            MS-RequestId: d4b8bfd1-5fa1-4179-8fe9-9793d898b69f
            MS-CV: F14BENsCTEKjrrWO.0
            X-Microsoft-SLSClientCache: 2880
            Content-Disposition: attachment; filename=environment.cab
            X-Content-Type-Options: nosniff
            Date: Fri, 05 Jul 2024 04:08:35 GMT
            Connection: close
            Content-Length: 24490
            2024-07-05 04:08:36 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
            2024-07-05 04:08:36 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.449749104.18.2.57443732C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-07-05 04:08:47 UTC499OUTOPTIONS /api/v1/event HTTP/1.1
            Host: sparrow.cloudflare.com
            Connection: keep-alive
            Accept: */*
            Access-Control-Request-Method: POST
            Access-Control-Request-Headers: content-type,sparrow-source-key
            Origin: http://104.18.42.23
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Sec-Fetch-Mode: cors
            Sec-Fetch-Site: cross-site
            Sec-Fetch-Dest: empty
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-07-05 04:08:47 UTC413INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 04:08:47 GMT
            Content-Type: text/plain;charset=UTF-8
            Content-Length: 8
            Connection: close
            Access-Control-Allow-Origin: http://104.18.42.23
            Vary: Origin
            access-control-allow-headers: Content-Type, Sparrow-Client-ID, Sparrow-Source-Key, Origin
            access-control-allow-methods: POST, OPTIONS
            access-control-max-age: 600
            Server: cloudflare
            CF-RAY: 89e47ef05ef15e6a-EWR
            2024-07-05 04:08:47 UTC8INData Raw: 53 75 63 63 65 73 73 2e
            Data Ascii: Success.


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.449750104.18.2.57443732C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-07-05 04:08:48 UTC630OUTPOST /api/v1/event HTTP/1.1
            Host: sparrow.cloudflare.com
            Connection: keep-alive
            Content-Length: 87
            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
            Sparrow-Source-Key: c771f0e4b54944bebf4261d44bd79a1e
            Content-Type: application/json
            sec-ch-ua-mobile: ?0
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            sec-ch-ua-platform: "Windows"
            Accept: */*
            Origin: http://104.18.42.23
            Sec-Fetch-Site: cross-site
            Sec-Fetch-Mode: cors
            Sec-Fetch-Dest: empty
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-07-05 04:08:48 UTC87OUTData Raw: 7b 22 65 76 65 6e 74 22 3a 22 66 65 65 64 62 61 63 6b 20 63 6c 69 63 6b 65 64 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 65 72 72 6f 72 43 6f 64 65 22 3a 31 30 30 33 2c 22 68 65 6c 70 66 75 6c 22 3a 74 72 75 65 2c 22 76 65 72 73 69 6f 6e 22 3a 31 7d 7d
            Data Ascii: {"event":"feedback clicked","properties":{"errorCode":1003,"helpful":true,"version":1}}
            2024-07-05 04:08:48 UTC413INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 04:08:48 GMT
            Content-Type: text/plain;charset=UTF-8
            Content-Length: 2
            Connection: close
            Access-Control-Allow-Origin: http://104.18.42.23
            Vary: Origin
            access-control-allow-headers: Content-Type, Sparrow-Client-ID, Sparrow-Source-Key, Origin
            access-control-allow-methods: POST, OPTIONS
            access-control-max-age: 600
            Server: cloudflare
            CF-RAY: 89e47ef49d254325-EWR
            2024-07-05 04:08:48 UTC2INData Raw: 4f 4b
            Data Ascii: OK


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.449751104.18.3.57443732C:\Program Files\Google\Chrome\Application\chrome.exe
            TimestampBytes transferredDirectionData
            2024-07-05 04:08:48 UTC358OUTGET /api/v1/event HTTP/1.1
            Host: sparrow.cloudflare.com
            Connection: keep-alive
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
            Accept: */*
            Sec-Fetch-Site: none
            Sec-Fetch-Mode: cors
            Sec-Fetch-Dest: empty
            Accept-Encoding: gzip, deflate, br
            Accept-Language: en-US,en;q=0.9
            2024-07-05 04:08:48 UTC195INHTTP/1.1 401 Unauthorized
            Date: Fri, 05 Jul 2024 04:08:48 GMT
            Content-Type: text/plain;charset=UTF-8
            Content-Length: 12
            Connection: close
            Server: cloudflare
            CF-RAY: 89e47ef8ac0819bf-EWR
            2024-07-05 04:08:48 UTC12INData Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64
            Data Ascii: Unauthorized


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.44975240.127.169.103443
            TimestampBytes transferredDirectionData
            2024-07-05 04:09:14 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Rl1D+xOmm1rPU1F&MD=6h3hGzNZ HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
            Host: slscr.update.microsoft.com
            2024-07-05 04:09:15 UTC560INHTTP/1.1 200 OK
            Cache-Control: no-cache
            Pragma: no-cache
            Content-Type: application/octet-stream
            Expires: -1
            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
            ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
            MS-CorrelationId: 80cbdf6a-3306-4fae-a1b4-7a66b93dc097
            MS-RequestId: 7b254f6e-5079-475f-8b88-0f77398fbfdc
            MS-CV: bhHtwsaGekGaR8DC.0
            X-Microsoft-SLSClientCache: 1440
            Content-Disposition: attachment; filename=environment.cab
            X-Content-Type-Options: nosniff
            Date: Fri, 05 Jul 2024 04:09:14 GMT
            Connection: close
            Content-Length: 30005
            2024-07-05 04:09:15 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
            Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
            2024-07-05 04:09:15 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
            Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:00:08:15
            Start date:05/07/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:2
            Start time:00:08:18
            Start date:05/07/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2268,i,10696446724765080427,6992652642255804812,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:3
            Start time:00:08:20
            Start date:05/07/2024
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://104.18.42.23"
            Imagebase:0x7ff76e190000
            File size:3'242'272 bytes
            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            Disassembly

            No disassembly