Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://www.luckyfriends.com?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd

Overview

General Information

Sample URL:https://www.luckyfriends.com?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd
Analysis ID:1573580
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 --field-trial-handle=2624,i,10942704291163121243,16698645885157547879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.luckyfriends.com?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.luckyfriends.com/?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fdHTTP Parser: No favicon
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd HTTP/1.1Host: www.luckyfriends.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.luckyfriends.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.luckyfriends.com/?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fdAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.luckyfriends.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: www.luckyfriends.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 12 Dec 2024 09:21:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 8f0ca4e748c04366-EWR
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: classification engineClassification label: clean0.win@16/5@6/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 --field-trial-handle=2624,i,10942704291163121243,16698645885157547879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.luckyfriends.com?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 --field-trial-handle=2624,i,10942704291163121243,16698645885157547879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1573580 URL: https://www.luckyfriends.co... Startdate: 12/12/2024 Architecture: WINDOWS Score: 0 5 chrome.exe 1 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.22 unknown unknown 5->13 15 192.168.2.4, 138, 443, 49224 unknown unknown 5->15 17 239.255.255.250 unknown Reserved 5->17 10 chrome.exe 5->10         started        process4 dnsIp5 19 www.google.com 142.250.181.132, 443, 49737, 49773 GOOGLEUS United States 10->19 21 www.luckyfriends.com 92.53.191.163, 443, 49739, 49740 ARIOSI Slovenia 10->21

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.luckyfriends.com?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.luckyfriends.com/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.181.132
truefalse
    		high
    www.luckyfriends.com
    		92.53.191.163
    		truefalse
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://www.luckyfriends.com/favicon.icofalse
      • Avira URL Cloud: safe
      		unknown
      https://www.luckyfriends.com/?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fdfalse
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        142.250.181.132
        		www.google.comUnited States
        		15169GOOGLEUSfalse
        92.53.191.163
        		www.luckyfriends.comSlovenia
        		44647ARIOSIfalse

        Private

        IP
        192.168.2.22
        192.168.2.4

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1573580
        Start date and time:2024-12-12 10:20:21 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 2m 59s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:browseurl.jbs
        Sample URL:https://www.luckyfriends.com?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:8
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:CLEAN
        Classification:clean0.win@16/5@6/5
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.17.78, 64.233.163.84, 172.217.17.46, 199.232.210.172, 192.229.221.95, 172.217.17.67, 23.218.208.109, 52.149.20.212, 13.107.246.63
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
        • Not all processes where analyzed, report is missing behavior information
        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
        • VT rate limit hit for: https://www.luckyfriends.com?stag=15519_675594975dedc648db894c8a&amp;clickid=wbab3adshur5ck563122341l&amp;http_referrer=https://s.optvz.com/&amp;tracking_link=http://luckyfriendsplay.com/j7ad6a0fd

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        Chrome Cache Entry: 45

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):4286
        Entropy (8bit):4.592949409734008
        Encrypted:false
        SSDEEP:48:eXHaDRQdftLPOIG502Ec6b+6A9a2/FKW/GxNKb3cGoKUUKRtEGo:20RGMD51Ec6bSNtuecdbRtvo
        MD5:9891F416A17D8F7DC604868AB1933381
        SHA1:8BDF375199372FF534BAEC14C3696176B22196EC
        SHA-256:7D0647C1C486FF66BEA14A6217D702A6637655DB07ED74E68028938F25A0CA6C
        SHA-512:A0A086DD75ADEF1EDC6D080229048F8CA11448D8AB4BA51B723FD1E97E92C4138D803A952D22189B0F02B507CA094DCD8E0BA4A5CDC27A913BC804503698106E
        Malicious:false
        Reputation:low
        Preview:...... .... .........(... ...@..... .........................................h@8 h@;.i@<.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h@;.h@<.h@<@........................p@@.h@<.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h@<.p@@.............p@@.i?;.h?;.h?;.h?;.qD?..LF..NH..OH..OH..OH..OH..OH..OH..OH..OH..OH..OH..OI..OH..NH..OI..PK..PJ.mC?.h?;.h?;.h?;.i?;.p@@.........h@<.h?;.h?;.qD?..YQ..YQ..OH..NH..OH..OH..OH..OH..NH..NH..OH..OH..OH..OH..OH..OH..OI..QJ..TM..VO..f^..um.wJE.h?;.h?;.h@<.....h@<@h?;.h?;.qD?..^U.qE@.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.wJF....zMH.h?;.h?;.h@@ h@<.h?;.h?;..\S.qE@.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.lC?.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.zMI.....h?;.h?;.h?;.h?;.h?;.mB=..VO.h?;.h?;..[U..kg..^^.h?;..d^..aY..x..oHF..PK..vo..XU.xV_.h?;..xq..|...}..h?;.h?;.vLJ..x}.h?;.h?;.....uOO.h?;.g?;.h?;.h?;..LF..OI.h?;.h?;..k~..j..h?;.h?;...

        Chrome Cache Entry: 46

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, ASCII text, with very long lines (64631)
        Category:downloaded
        Size (bytes):283457
        Entropy (8bit):6.010327383273613
        Encrypted:false
        SSDEEP:6144:R34mN/h4DBRVYhXUP3sQKOgrbyHdkUuBDI5+IL5gPHm4KZVJoLNqknDl:imD4DSgs0grbyHR4DEb1gPHm4KFwNqkB
        MD5:E4ADBB9885C87E6AD5003FD7A4BCA5BC
        SHA1:669C51A1EA5688DFFB0D2D2AA59BC9C720298BE4
        SHA-256:A349E9F8FEEC107094B0643D9E9A8E8FD9A28BA3C21017B6CCED245AAF08821B
        SHA-512:D7D3C94EDEE53A1D1A3C24C7EFA143F80F9FC377ADD773EA4172287FE6E48D01ACDD3DEEAC2E7FD8CB7EF87508FAB2B62E4D12CEBF7CE53EBD14F986BFC6B6C2
        Malicious:false
        Reputation:low
        URL:https://www.luckyfriends.com/?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd
        Preview:<!DOCTYPE html>.<html>.<head lang="en">. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>. <title></title>. <style>. body {. text-align: center;. font-family: 'Times New Roman', Times, serif;. padding: 20px 50px;. margin: 0;. display: flex;. min-height: 100vh;. flex-direction: column;. align-items: center;. justify-content: center;. box-sizing: border-box;. }.. h1 {. color: #28559C;. font-size: 32px;. margin: 0;. }.. .content {. padding: 20px;. }.. img {. display: block;. max-width: 1200px;. margin: 0 auto;. }. </style>.</head>.<body>.<h1>US players are not allowed to visit this casino</h1>..<div class="content">. <img. src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4wAAAJkCAYAAABaqq/5AAAACXBIWXMA

        Chrome Cache Entry: 47

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
        Category:downloaded
        Size (bytes):4286
        Entropy (8bit):4.592949409734008
        Encrypted:false
        SSDEEP:48:eXHaDRQdftLPOIG502Ec6b+6A9a2/FKW/GxNKb3cGoKUUKRtEGo:20RGMD51Ec6bSNtuecdbRtvo
        MD5:9891F416A17D8F7DC604868AB1933381
        SHA1:8BDF375199372FF534BAEC14C3696176B22196EC
        SHA-256:7D0647C1C486FF66BEA14A6217D702A6637655DB07ED74E68028938F25A0CA6C
        SHA-512:A0A086DD75ADEF1EDC6D080229048F8CA11448D8AB4BA51B723FD1E97E92C4138D803A952D22189B0F02B507CA094DCD8E0BA4A5CDC27A913BC804503698106E
        Malicious:false
        Reputation:low
        URL:https://www.luckyfriends.com/favicon.ico
        Preview:...... .... .........(... ...@..... .........................................h@8 h@;.i@<.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h@;.h@<.h@<@........................p@@.h@<.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h@<.p@@.............p@@.i?;.h?;.h?;.h?;.qD?..LF..NH..OH..OH..OH..OH..OH..OH..OH..OH..OH..OH..OI..OH..NH..OI..PK..PJ.mC?.h?;.h?;.h?;.i?;.p@@.........h@<.h?;.h?;.qD?..YQ..YQ..OH..NH..OH..OH..OH..OH..NH..NH..OH..OH..OH..OH..OH..OH..OI..QJ..TM..VO..f^..um.wJE.h?;.h?;.h@<.....h@<@h?;.h?;.qD?..^U.qE@.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.wJF....zMH.h?;.h?;.h@@ h@<.h?;.h?;..\S.qE@.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.lC?.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.h?;.zMI.....h?;.h?;.h?;.h?;.h?;.mB=..VO.h?;.h?;..[U..kg..^^.h?;..d^..aY..x..oHF..PK..vo..XU.xV_.h?;..xq..|...}..h?;.h?;.vLJ..x}.h?;.h?;.....uOO.h?;.g?;.h?;.h?;..LF..OI.h?;.h?;..k~..j..h?;.h?;...

        Static File Info

        No static file info

        Network Behavior

        Download Network PCAP: filteredfull

        Network Port Distribution

        • Total Packets: 140
        • 443 (HTTPS)
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Dec 12, 2024 10:21:18.626770973 CET49675443192.168.2.4173.222.162.32
        Dec 12, 2024 10:21:21.970174074 CET49737443192.168.2.4142.250.181.132
        Dec 12, 2024 10:21:21.970213890 CET44349737142.250.181.132192.168.2.4
        Dec 12, 2024 10:21:21.970298052 CET49737443192.168.2.4142.250.181.132
        Dec 12, 2024 10:21:21.970519066 CET49737443192.168.2.4142.250.181.132
        Dec 12, 2024 10:21:21.970532894 CET44349737142.250.181.132192.168.2.4
        Dec 12, 2024 10:21:23.664932966 CET44349737142.250.181.132192.168.2.4
        Dec 12, 2024 10:21:23.665242910 CET49737443192.168.2.4142.250.181.132
        Dec 12, 2024 10:21:23.665260077 CET44349737142.250.181.132192.168.2.4
        Dec 12, 2024 10:21:23.666116953 CET44349737142.250.181.132192.168.2.4
        Dec 12, 2024 10:21:23.666172981 CET49737443192.168.2.4142.250.181.132
        Dec 12, 2024 10:21:23.668100119 CET49737443192.168.2.4142.250.181.132
        Dec 12, 2024 10:21:23.668158054 CET44349737142.250.181.132192.168.2.4
        Dec 12, 2024 10:21:23.720561028 CET49737443192.168.2.4142.250.181.132
        Dec 12, 2024 10:21:23.720583916 CET44349737142.250.181.132192.168.2.4
        Dec 12, 2024 10:21:23.767411947 CET49737443192.168.2.4142.250.181.132
        Dec 12, 2024 10:21:24.155493021 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:24.155565023 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:24.155628920 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:24.155872107 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:24.155919075 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:24.155966043 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:24.156044006 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:24.156074047 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:24.156245947 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:24.156261921 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.370788097 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.371052980 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:25.371068001 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.372102022 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.375015020 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:25.375785112 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:25.375842094 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.375960112 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:25.377892971 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.378149033 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:25.378175974 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.379829884 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.380606890 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:25.380606890 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:25.380698919 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.419365883 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.423547029 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:25.423558950 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.423573017 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:25.423602104 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:25.477503061 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:25.477591991 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.168355942 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.222677946 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.222697973 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.277179956 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.511790991 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.511957884 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.512080908 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.512142897 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.512159109 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.512203932 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.519757986 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.528153896 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.528211117 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.528223038 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.536591053 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.536648989 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.536655903 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.544956923 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.545654058 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.545660973 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.590114117 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.590120077 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.637248039 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.704128981 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.708067894 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.708148003 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.708153009 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.708180904 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.708678961 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.715432882 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.723575115 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.723639965 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.723654032 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.731597900 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.731657028 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.731663942 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.739288092 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.739366055 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.739378929 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.746927023 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.746999979 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.747019053 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.761574030 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.761652946 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.761702061 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.761717081 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.761779070 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.769609928 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.775517941 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.775595903 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.775768042 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.775831938 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.775902033 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.782449961 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.833082914 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.833152056 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.879760027 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.898972988 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.899158001 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.899240971 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.899240971 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.899269104 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.900865078 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.903165102 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.912406921 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.912427902 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.912484884 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.912516117 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.912653923 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.922454119 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.922518969 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.922533035 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.922590971 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.927186966 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.927252054 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.935199022 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.935215950 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.935262918 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.939183950 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.939250946 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.939264059 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.939317942 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.947526932 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.947546959 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.947613955 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.956691027 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.956772089 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.956785917 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.956857920 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.967185020 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.967262030 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.969579935 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.969650984 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.978388071 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.978466034 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:26.983195066 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:26.983277082 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.144021988 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.144129038 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.151212931 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.151304960 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.151787043 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.151865959 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.159203053 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.159286022 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.166467905 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.166548014 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.171561003 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.171636105 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.175182104 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.175259113 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.181544065 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.181639910 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.184967041 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.185050011 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.191673994 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.191764116 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.198581934 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.198674917 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.205303907 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.205388069 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.208384991 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.208462954 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.215234041 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.215305090 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.221865892 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.221961021 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.225075960 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.225151062 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.231556892 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.231661081 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.238810062 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.238898993 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.242436886 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.242506027 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.250010014 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.250092030 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.253616095 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.253700018 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.260114908 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.260193110 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.266712904 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.266777039 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.335568905 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.335669994 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.339565992 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.339647055 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.343780994 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.343862057 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.349438906 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.349524021 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.355200052 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.355278969 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.358285904 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.358377934 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.360893965 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.360976934 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.377665997 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.377691984 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.377736092 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.377748013 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.377768040 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.377798080 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.377808094 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.379039049 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.391427994 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.391477108 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.391534090 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.391544104 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.391575098 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.391597033 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.391602993 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.401693106 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.401743889 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.401770115 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.401781082 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.401808977 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.411222935 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.411283016 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.411304951 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.411324024 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.411343098 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.411528111 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.411587954 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.437942982 CET49739443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.437972069 CET4434973992.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.476115942 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.519325972 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.816564083 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.816706896 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.816761017 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.816781998 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.816880941 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.816929102 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.816936016 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.817028999 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.817079067 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.817596912 CET49740443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.817609072 CET4434974092.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.960241079 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.960288048 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:27.960350990 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.960515022 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:27.960522890 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.174752951 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.175017118 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:29.175043106 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.178577900 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.178675890 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:29.179039001 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:29.179163933 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:29.179208994 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.220129013 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:29.220154047 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.267034054 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:29.617623091 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.617738962 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.617799044 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:29.617820024 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.617849112 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.617896080 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:29.617944956 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.618088961 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:29.618139982 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:29.619198084 CET49742443192.168.2.492.53.191.163
        Dec 12, 2024 10:21:29.619214058 CET4434974292.53.191.163192.168.2.4
        Dec 12, 2024 10:21:33.361104012 CET44349737142.250.181.132192.168.2.4
        Dec 12, 2024 10:21:33.361272097 CET44349737142.250.181.132192.168.2.4
        Dec 12, 2024 10:21:33.361330032 CET49737443192.168.2.4142.250.181.132
        Dec 12, 2024 10:21:34.205693960 CET49737443192.168.2.4142.250.181.132
        Dec 12, 2024 10:21:34.205722094 CET44349737142.250.181.132192.168.2.4
        Dec 12, 2024 10:22:21.894253969 CET49773443192.168.2.4142.250.181.132
        Dec 12, 2024 10:22:21.894289017 CET44349773142.250.181.132192.168.2.4
        Dec 12, 2024 10:22:21.894377947 CET49773443192.168.2.4142.250.181.132
        Dec 12, 2024 10:22:21.894668102 CET49773443192.168.2.4142.250.181.132
        Dec 12, 2024 10:22:21.894680977 CET44349773142.250.181.132192.168.2.4
        Dec 12, 2024 10:22:23.583487034 CET44349773142.250.181.132192.168.2.4
        Dec 12, 2024 10:22:23.583782911 CET49773443192.168.2.4142.250.181.132
        Dec 12, 2024 10:22:23.583803892 CET44349773142.250.181.132192.168.2.4
        Dec 12, 2024 10:22:23.584104061 CET44349773142.250.181.132192.168.2.4
        Dec 12, 2024 10:22:23.584386110 CET49773443192.168.2.4142.250.181.132
        Dec 12, 2024 10:22:23.584445953 CET44349773142.250.181.132192.168.2.4
        Dec 12, 2024 10:22:23.626636028 CET49773443192.168.2.4142.250.181.132
        Dec 12, 2024 10:22:33.286880016 CET44349773142.250.181.132192.168.2.4
        Dec 12, 2024 10:22:33.287024975 CET44349773142.250.181.132192.168.2.4
        Dec 12, 2024 10:22:33.287075996 CET49773443192.168.2.4142.250.181.132
        Dec 12, 2024 10:22:34.207282066 CET49773443192.168.2.4142.250.181.132
        Dec 12, 2024 10:22:34.207314014 CET44349773142.250.181.132192.168.2.4
        TimestampSource PortDest PortSource IPDest IP
        Dec 12, 2024 10:21:18.126954079 CET53513311.1.1.1192.168.2.4
        Dec 12, 2024 10:21:18.165750027 CET53578691.1.1.1192.168.2.4
        Dec 12, 2024 10:21:20.881030083 CET53617061.1.1.1192.168.2.4
        Dec 12, 2024 10:21:21.831517935 CET5336053192.168.2.41.1.1.1
        Dec 12, 2024 10:21:21.831825972 CET4985553192.168.2.41.1.1.1
        Dec 12, 2024 10:21:21.968718052 CET53533601.1.1.1192.168.2.4
        Dec 12, 2024 10:21:21.968744993 CET53498551.1.1.1192.168.2.4
        Dec 12, 2024 10:21:23.920331001 CET5728853192.168.2.41.1.1.1
        Dec 12, 2024 10:21:23.920464039 CET6345353192.168.2.41.1.1.1
        Dec 12, 2024 10:21:24.154448986 CET53572881.1.1.1192.168.2.4
        Dec 12, 2024 10:21:24.154853106 CET53634531.1.1.1192.168.2.4
        Dec 12, 2024 10:21:27.822211027 CET5721953192.168.2.41.1.1.1
        Dec 12, 2024 10:21:27.822376013 CET5895953192.168.2.41.1.1.1
        Dec 12, 2024 10:21:27.959614038 CET53572191.1.1.1192.168.2.4
        Dec 12, 2024 10:21:27.959840059 CET53589591.1.1.1192.168.2.4
        Dec 12, 2024 10:21:34.887437105 CET138138192.168.2.4192.168.2.255
        Dec 12, 2024 10:21:37.906580925 CET53539621.1.1.1192.168.2.4
        Dec 12, 2024 10:21:56.655244112 CET53492241.1.1.1192.168.2.4
        Dec 12, 2024 10:22:17.158368111 CET53655101.1.1.1192.168.2.4
        Dec 12, 2024 10:22:19.390795946 CET53514601.1.1.1192.168.2.4
        TimestampSource IPDest IPChecksumCodeType
        Dec 12, 2024 10:21:18.247584105 CET192.168.2.41.1.1.1c233(Port unreachable)Destination Unreachable

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Dec 12, 2024 10:21:21.831517935 CET192.168.2.41.1.1.10xcf43Standard query (0)www.google.comA (IP address)IN (0x0001)false
        Dec 12, 2024 10:21:21.831825972 CET192.168.2.41.1.1.10xafd7Standard query (0)www.google.com65IN (0x0001)false
        Dec 12, 2024 10:21:23.920331001 CET192.168.2.41.1.1.10xc85fStandard query (0)www.luckyfriends.comA (IP address)IN (0x0001)false
        Dec 12, 2024 10:21:23.920464039 CET192.168.2.41.1.1.10x333aStandard query (0)www.luckyfriends.com65IN (0x0001)false
        Dec 12, 2024 10:21:27.822211027 CET192.168.2.41.1.1.10xc9fStandard query (0)www.luckyfriends.comA (IP address)IN (0x0001)false
        Dec 12, 2024 10:21:27.822376013 CET192.168.2.41.1.1.10x5c3eStandard query (0)www.luckyfriends.com65IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Dec 12, 2024 10:21:21.968718052 CET1.1.1.1192.168.2.40xcf43No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
        Dec 12, 2024 10:21:21.968744993 CET1.1.1.1192.168.2.40xafd7No error (0)www.google.com65IN (0x0001)false
        Dec 12, 2024 10:21:24.154448986 CET1.1.1.1192.168.2.40xc85fNo error (0)www.luckyfriends.com92.53.191.163A (IP address)IN (0x0001)false
        Dec 12, 2024 10:21:24.154853106 CET1.1.1.1192.168.2.40x333aNo error (0)www.luckyfriends.com65IN (0x0001)false
        Dec 12, 2024 10:21:27.959614038 CET1.1.1.1192.168.2.40xc9fNo error (0)www.luckyfriends.com92.53.191.163A (IP address)IN (0x0001)false
        Dec 12, 2024 10:21:27.959840059 CET1.1.1.1192.168.2.40x5c3eNo error (0)www.luckyfriends.com65IN (0x0001)false

        HTTP Request Dependency Graph

        • www.luckyfriends.com
        • https:

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.44973992.53.191.1634432140C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2024-12-12 09:21:25 UTC819OUTGET /?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd HTTP/1.1
        Host: www.luckyfriends.com
        Connection: keep-alive
        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
        sec-ch-ua-mobile: ?0
        sec-ch-ua-platform: "Windows"
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Sec-Fetch-Site: none
        Sec-Fetch-Mode: navigate
        Sec-Fetch-User: ?1
        Sec-Fetch-Dest: document
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2024-12-12 09:21:26 UTC211INHTTP/1.1 403 Forbidden
        Date: Thu, 12 Dec 2024 09:21:26 GMT
        Content-Type: text/html
        Transfer-Encoding: chunked
        Connection: close
        CF-Cache-Status: DYNAMIC
        Server: cloudflare
        CF-RAY: 8f0ca4e748c04366-EWR
        2024-12-12 09:21:26 UTC902INData Raw: 33 37 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 54 69 6d 65 73 20 4e 65 77 20 52 6f 6d 61 6e 27 2c 20 54 69 6d 65 73 2c 20 73 65 72 69 66 3b 0a
        Data Ascii: 37f<!DOCTYPE html><html><head lang="en"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title></title> <style> body { text-align: center; font-family: 'Times New Roman', Times, serif;
        2024-12-12 09:21:26 UTC1369INData Raw: 37 66 66 39 0d 0a 0a 20 20 20 20 3c 69 6d 67 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 34 77 41 41 41 4a 6b 43 41 59 41 41 41 42 61 71 71 2f 35 41 41 41 41 43 58 42 49 57 58 4d 41 41 41 73 54 41 41 41 4c 45 77 45 41 6d 70 77 59 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 41 41 52 6e 51 55 31 42 41 41 43 78 6a 77 76 38 59 51 55 41 41 7a 73 4b 53 55 52 42 56 48 67 42 37 4a 30 4a 6e 46 78 31 6c 66 33 76 71 33 33 74 72 74 37 53 33 56 6b 37 4b 31 6c 4a 53 4d 49 4f 49 57 46 33 51 5a 49 41 4f 69 6f 4b 4f 41 37 71 36 41 7a 6f 36 49 77 6a 34 35 38 34 69 73 71 6f 41 2b 69 34 67 41 73 6f 4b 4d 71 53
        Data Ascii: 7ff9 <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4wAAAJkCAYAAABaqq/5AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAzsKSURBVHgB7J0JnFx1lf3vq33trt7S3Vk7K1lJSMIOIWF3QZIAOioKOA7q6Azo6Iwj4584isqoA+i4gAsoKMqS
        2024-12-12 09:21:26 UTC1369INData Raw: 49 63 69 72 6a 6f 45 41 51 39 69 79 77 57 48 33 2f 71 70 57 32 37 4a 52 5a 6a 6c 57 45 36 36 37 51 70 62 37 72 39 32 4d 6d 6a 61 4d 4b 59 42 6a 6f 55 67 54 74 35 77 2b 30 76 6b 75 56 79 33 51 5a 78 54 49 71 69 4b 49 71 69 4b 49 71 69 4b 49 63 59 68 35 78 67 58 4c 78 34 38 58 51 45 33 4e 7a 78 68 35 55 7a 62 72 35 37 2b 54 75 4b 52 58 44 4b 7a 50 45 79 65 2f 48 76 71 61 6d 4b 30 4f 6b 6e 54 4b 4a 44 6c 53 30 37 2b 2b 69 68 5a 7a 62 46 59 68 55 56 56 35 47 69 4b 49 71 69 4b 49 71 69 4b 4d 6f 68 78 69 45 6c 47 46 6b 73 58 70 5a 4d 35 5a 5a 65 64 38 75 7a 54 51 38 39 73 33 6d 33 48 33 66 42 4f 54 50 4a 37 58 72 7a 53 2f 46 36 33 48 54 2b 76 47 4d 50 36 53 6a 59 78 59 2b 73 77 34 2b 72 31 57 56 55 46 45 56 52 46 45 56 52 46 4f 56 51 34 35 41 52 6a 42 43 4c 33
        Data Ascii: IcirjoEAQ9iywWH3/qpW27JRZjlWE667Qpb7r92MmjaMKYBjoUgTt5w+0vkuVy3QZxTIqiKIqiKIqiKIcYh5xgXLx48XQE3Nzxh5Uzbr57+TuKRXDKzPEye/HvqamK0OknTKJDlS07++ihZzbFYhUVV5GiKIqiKIqiKMohxiElGFksXpZM5ZZed8uzTQ89s3m3H3fBOTPJ7XrzS/F63HT+vGMP6SjYxY+sw4+r1WVUFEVRFEVRFOVQ45ARjBCL3
        2024-12-12 09:21:26 UTC1369INData Raw: 6a 6c 37 47 71 4d 6b 78 6e 6e 44 69 52 39 68 59 38 74 69 59 57 6f 55 4d 56 4c 55 74 56 46 45 56 52 46 45 56 52 46 4f 56 51 34 56 41 59 71 33 48 6a 6e 67 6a 47 53 65 4f 48 30 65 51 4a 77 32 6c 76 47 54 47 73 68 6b 34 34 62 68 77 64 71 71 41 73 6c 53 78 4c 79 31 49 56 52 56 45 55 52 56 45 55 52 58 6e 58 65 64 63 46 6f 39 75 79 6c 70 35 2f 36 70 6a 64 58 76 37 63 4d 36 5a 52 5a 54 53 30 79 2f 73 52 68 70 50 4c 46 33 5a 35 76 38 66 74 70 67 2b 63 4f 31 50 36 47 51 39 46 55 4a 61 36 65 6c 4e 33 72 4c 4b 79 63 6a 6f 70 69 71 49 6f 69 71 49 6f 69 71 4b 38 69 37 7a 72 67 68 46 6c 71 61 47 51 62 2b 6e 75 75 49 77 56 30 53 44 4e 4f 32 58 79 4c 75 2f 76 6a 69 66 6f 38 31 2b 37 6e 54 37 39 48 7a 2b 6e 6e 65 32 39 75 31 7a 75 35 4a 6b 54 71 4b 47 75 6b 67 35 56 74 72
        Data Ascii: jl7GqMkxnnDiR9hY8tiYWoUMVLUtVFEVRFEVRFOVQ4VAYq3HjngjGSeOH0eQJw2lvGTGshk44bhwdqqAslSxLy1IVRVEURVEURXnXedcFo9uylp5/6pjdXv7cM6ZRZTS0y/sRhpPLF3Z5v8ftpg+cO1P6GQ9FUJa6elN3rLKycjopiqIoiqIoiqK8i7zrghFlqaGQb+nuuIwV0SDNO2XyLu/vjifo81+7nT79Hz+nne29u1zu5JkTqKGukg5Vtr
        2024-12-12 09:21:26 UTC1369INData Raw: 33 39 34 76 34 75 37 5a 46 39 66 52 76 49 75 2f 54 6c 2f 34 31 50 74 6f 65 45 4d 31 72 52 72 59 51 51 65 4c 4d 53 4f 48 55 43 65 37 6e 51 4f 4a 51 30 75 6b 4b 6f 71 69 48 41 33 30 78 37 75 6e 39 77 52 4b 74 47 48 74 65 72 4a 63 62 70 70 39 38 67 6c 55 35 4a 4f 4a 74 75 57 34 69 69 77 63 77 39 45 49 43 38 6d 69 42 4b 4f 56 32 48 37 30 65 48 7a 6b 69 31 53 78 72 50 52 51 2f 2f 61 56 6d 4a 48 37 46 31 49 55 52 56 47 55 6f 34 54 39 6d 70 4b 4b 55 74 4a 30 4f 72 66 30 68 74 74 66 6e 41 74 6e 63 48 66 46 59 68 6b 4d 72 62 2f 75 6c 75 63 6f 6c 53 33 63 43 4f 48 4a 4e 37 57 45 41 70 37 6d 6a 37 31 2f 41 6c 31 39 37 57 33 37 31 51 6c 4d 70 72 50 30 39 52 73 58 55 79 4b 56 6f 59 4d 46 51 6c 6b 76 2f 2b 41 63 47 51 2f 79 54 6e 53 78 67 48 37 77 77 51 63 50 33 64 6b
        Data Ascii: 394v4u7ZF9fRvIu/Tl/41PtoeEM1rRrYQQeLMSOHUCe7nQOJQ0ukKoqiHA30x7un9wRKtGHterJcbpp98glU5JOJtuW4iiwcw9EIC8miBKOV2H70eHzki1SxrPRQ//aVmJH7F1IURVGUo4T9mpKKUtJ0Orf0httfnAtncHfFYhkMrb/ulucolS3cCOHJN7WEAp7mj71/Al197W371QlMprP09RsXUyKVoYMFQlkv/+AcGQ/yTnSxgH7wwQcP3dk
        2024-12-12 09:21:26 UTC1369INData Raw: 59 2f 45 75 6e 71 50 37 70 6d 44 30 58 43 41 4c 6a 78 33 35 68 74 75 43 77 56 39 4e 50 2f 38 32 66 54 79 71 79 32 37 66 4e 79 57 6e 66 30 30 63 57 77 74 44 6b 79 65 49 45 56 52 46 47 57 76 73 57 33 62 64 66 75 50 76 6a 4f 74 56 43 6f 52 5a 6d 66 77 64 62 6b 64 73 78 63 72 4b 69 74 70 33 59 59 4e 6c 43 33 6b 4b 42 61 6f 4a 4c 2f 50 51 38 47 38 6c 36 38 58 79 65 62 4c 74 69 31 62 69 45 36 64 53 58 59 75 4c 34 2f 31 42 73 49 71 47 42 56 46 55 5a 53 6a 68 76 30 36 68 33 48 42 4a 5a 63 73 58 58 44 52 52 5a 39 66 73 48 44 68 50 46 7a 34 70 68 76 50 50 33 55 30 48 65 30 63 4f 33 6b 6b 6a 52 34 78 35 45 32 33 6e 33 6e 79 5a 42 6d 31 73 53 75 32 74 50 61 52 56 53 7a 4f 4a 30 56 52 46 47 57 66 32 4c 53 36 65 57 77 2b 6d 34 75 57 53 69 62 39 74 46 51 6f 55 62 35 67
        Data Ascii: Y/EunqP7pmD0XCALjx35htuCwV9NP/82fTyqy27fNyWnf00cWwtDkyeIEVRFGWvsW3bdfuPvjOtVCoRZmfwdbkdsxcrKitp3YYNlC3kKBaoJL/PQ8G8l68XyebLti1biE6dSXYuL4/1BsIqGBVFUZSjhv06h3HBJZcsXXDRRZ9fsHDhPFz4phvPP3U0He0cO3kkjR4x5E23n3nyZBm1sSu2tPaRVSzOJ0VRFGWf2LS6eWw+m4uWSib9tFQoUb5g
        2024-12-12 09:21:26 UTC1369INData Raw: 75 57 50 4c 46 31 32 37 59 4c 74 32 37 64 4f 70 39 73 65 2b 37 78 45 77 49 30 76 47 72 6d 57 79 35 66 37 6e 6c 63 74 61 6d 4c 62 72 6c 37 4f 52 31 71 4c 50 37 54 43 2f 54 69 69 6b 33 30 33 31 2b 38 68 4f 61 66 50 30 73 4f 4d 41 34 55 58 71 38 58 50 32 4b 33 33 6e 70 72 37 49 6f 72 72 6f 69 54 6f 69 69 4b 73 73 63 6b 42 75 4c 54 34 53 34 69 49 78 55 75 49 6f 4a 74 43 69 77 63 41 30 46 32 44 46 6b 59 37 74 69 78 67 79 4b 68 6b 4a 53 71 6f 75 6f 44 44 71 50 46 74 2b 4f 76 75 38 39 6a 79 55 6d 39 6a 72 5a 32 79 75 63 4c 4e 44 44 51 54 39 57 46 4c 4a 55 73 4e 2f 6e 63 4c 70 53 6c 71 6d 42 55 46 45 56 52 6a 6d 67 4f 53 70 66 63 67 67 55 4c 57 76 6a 48 54 63 36 46 57 45 41 32 78 63 4c 65 70 6a 63 74 36 50 46 41 46 4d 58 35 57 2f 75 79 63 4d 43 33 69 41 35 52 74
        Data Ascii: uWPLF127YLt27dOp9se+7xEwI0vGrmWy5f7nlctamLbrl7OR1qLP7TC/Tiik3031+8hOafP0sOMA4UXq8XP2K33npr7IorroiToiiKssckBuLT4S4iIxUuIoJtCiwcA0F2DFkY7tixgyKhkJSqouoDDqPFt+Ovu89jyUm9jrZ2yucLNDDQT9WFLJUsN/ncLpSlqmBUFEVRjmgOSpfcggULWvjHTc6FWEA2xcLepjct6PFAFMX5W/uycMC3iA5Rt
        2024-12-12 09:21:26 UTC1369INData Raw: 69 37 44 47 4a 67 65 34 5a 6d 58 53 4b 37 4a 4a 4e 46 6a 75 47 65 52 61 4c 63 42 75 72 61 32 76 34 58 6a 64 31 73 77 6a 30 51 6c 42 36 33 53 49 53 66 53 77 4f 55 5a 62 71 39 2f 6d 4d 45 31 6b 73 79 6a 63 6c 53 6c 42 37 75 33 73 70 79 32 35 6a 4d 70 57 67 64 48 38 76 75 62 30 68 63 68 57 4c 32 73 65 6f 4b 49 71 69 48 4e 45 63 4d 4d 47 49 45 6c 50 4c 74 6d 2b 44 4d 48 79 39 57 48 77 39 44 7a 32 7a 69 53 41 55 72 37 76 6c 32 56 30 75 63 7a 6a 79 2f 72 4f 50 6f 37 30 42 5a 37 6e 50 4f 6e 58 4b 47 32 35 4c 70 66 4d 6f 7a 34 30 39 2b 4f 43 44 6f 30 68 52 46 45 58 5a 49 2b 4c 64 76 64 50 52 58 79 37 75 49 59 76 47 62 44 5a 44 52 62 74 49 30 63 6f 59 78 66 73 54 31 4e 66 62 51 2f 36 41 48 30 4f 44 5a 55 36 6a 78 32 4e 4b 55 6f 75 32 54 62 6c 43 54 70 5a 46 38 41
        Data Ascii: i7DGJge4ZmXSK7JJNFjuGeRaLcBura2v4Xjd1swj0QlB63SISfSwOUZbq9/mME1ksyjclSlB7u3spy25jMpWgdH8vub0hchWL2seoKIqiHNEcMMGIElPLtm+DMHy9WHw9Dz2ziSAUr7vl2V0uczjy/rOPo70BZ7nPOnXKG25LpfMoz409+OCDo0hRFEXZI+LdvdPRXy7uIYvGbDZDRbtI0coYxfsT1NfbQ/6AH0ODZU6jx2NKUou2TblCTpZF8A
        2024-12-12 09:21:26 UTC1369INData Raw: 41 43 65 58 79 56 43 57 48 34 74 6c 53 2f 6d 43 39 44 47 57 4c 4c 63 6d 70 53 71 4b 6f 69 68 48 4c 50 74 56 4d 50 4a 5a 32 41 74 72 36 2b 72 6b 39 30 6e 6a 68 74 47 45 4d 59 31 30 74 4e 42 59 48 36 4f 54 5a 6f 35 37 77 32 30 74 32 7a 76 70 59 2f 2f 36 49 2f 72 52 72 78 36 6d 5a 43 72 37 70 73 65 30 64 63 54 70 6f 35 2f 37 50 37 72 2b 52 77 2f 51 51 43 72 7a 68 76 73 57 76 4b 34 58 45 6b 6d 79 6c 73 35 69 56 42 52 46 32 57 33 69 57 37 5a 55 35 62 4b 5a 55 57 53 6a 77 74 51 6c 5a 61 63 51 67 4d 56 69 67 61 71 71 59 37 53 7a 74 5a 31 50 33 71 56 6c 33 6d 4b 4f 54 2b 4a 6c 73 7a 6d 5a 30 2b 69 79 6a 46 68 30 75 34 79 49 68 4a 76 6f 59 51 45 5a 5a 53 63 78 48 41 35 4c 38 45 31 58 5a 79 63 4c 52 52 65 4c 79 4b 79 63 47 48 56 37 2f 46 50 74 78 78 2f 66 37 78 55
        Data Ascii: ACeXyVCWH4tlS/mC9DGWLLcmpSqKoihHLPtVMPJZ2Atr6+rk90njhtGEMY10tNBYH6OTZo57w20t2zvpY//6I/rRrx6mZCr7pse0dcTpo5/7P7r+Rw/QQCrzhvsWvK4XEkmyls5iVBRF2W3iW7ZU5bKZUWSjwtQlZacQgMVigaqqY7SztZ1P3qVl3mKOT+JlszmZ0+iyjFh0u4yIhJvoYQEZZScxHA5L8E1XZycLRReLyKycGHV7/FPtxx/f7xU
        2024-12-12 09:21:26 UTC1369INData Raw: 75 6a 6c 6c 65 76 46 66 51 79 77 71 4d 53 6c 65 65 56 61 36 75 5a 6c 71 32 49 78 4b 72 44 34 48 45 67 4d 55 44 4b 5a 70 41 4b 76 4c 35 56 4b 55 70 48 46 59 79 36 62 6c 6e 4c 57 69 73 6f 71 54 55 70 56 46 45 56 52 6a 6b 6a 32 6d 32 42 63 73 47 42 42 53 31 31 56 36 45 32 33 77 32 30 38 6d 43 78 38 7a 2f 45 48 58 54 42 75 33 74 71 35 54 36 37 69 72 6f 41 41 33 64 6e 57 4b 37 2b 76 33 74 53 4e 41 78 2f 74 6b 56 45 55 52 58 6b 48 4f 6e 66 73 6d 4a 49 59 36 50 4d 56 55 45 72 71 64 6b 76 70 71 49 7a 42 73 45 74 55 56 56 56 4a 6e 65 33 74 34 68 43 69 56 42 57 4a 71 48 41 52 30 57 2b 50 76 6b 52 4a 55 69 32 56 35 43 66 2b 72 75 66 79 52 66 49 48 41 33 78 66 6e 68 33 46 49 41 57 44 51 62 34 74 54 39 32 64 58 65 54 7a 2b 59 6d 4b 4f 58 59 65 43 2b 54 31 68 78 6f 32
        Data Ascii: ujllevFfQywqMSleeVa6uZlq2IxKrD4HEgMUDKZpAKvL5VKUpHFYy6blnLWisoqTUpVFEVRjkj2m2BcsGBBS11V6E23w208mCx8z/EHXTBu3tq5T67iroAA3dnWK7+v3tSNAx/tkVEURXkHOnfsmJIY6PMVUErqdkvpqIzBsEtUVVVJne3t4hCiVBWJqHAR0W+PvkRJUi2V5Cf+rufyRfIHA3xfnh3FIAWDQb4tT92dXeTz+YmKOXYeC+T1hxo2


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        1192.168.2.44974092.53.191.1634432140C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2024-12-12 09:21:27 UTC752OUTGET /favicon.ico HTTP/1.1
        Host: www.luckyfriends.com
        Connection: keep-alive
        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
        sec-ch-ua-mobile: ?0
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        sec-ch-ua-platform: "Windows"
        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
        Sec-Fetch-Site: same-origin
        Sec-Fetch-Mode: no-cors
        Sec-Fetch-Dest: image
        Referer: https://www.luckyfriends.com/?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2024-12-12 09:21:27 UTC416INHTTP/1.1 200 OK
        Date: Thu, 12 Dec 2024 09:21:27 GMT
        Content-Type: image/x-icon
        Content-Length: 4286
        Connection: close
        last-modified: Wed, 11 Dec 2024 19:18:03 GMT
        etag: "6759e56b-10be"
        referrer-policy: strict-origin-when-cross-origin
        CF-Cache-Status: HIT
        Expires: Thu, 12 Dec 2024 13:21:27 GMT
        Cache-Control: public, max-age=14400
        Accept-Ranges: bytes
        Server: cloudflare
        CF-RAY: 8f0ca4f3b830ef9d-EWR
        2024-12-12 09:21:27 UTC953INData Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 40 38 20 68 40 3b a0 69 40 3c cf 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 40 3b df 68 40 3c 90 68 40 3c 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 40 40 10 68 40 3c 90 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68
        Data Ascii: ( @ h@8 h@;i@<h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h@;h@<h@<@p@@h@<h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h
        2024-12-12 09:21:27 UTC1369INData Raw: ff 67 3f 3b cf 68 3f 3b ff 68 3f 3b ff 7f 4c 46 ff 83 4f 49 ff 68 3f 3b ff 68 3f 3b ff 8b 6b 7e ff 8e 6a 81 ff 68 3f 3b ff 68 3f 3b ff a4 89 aa ff 68 3f 3b ff b2 78 89 ff 72 49 46 ff 9a 7a 90 ff 8d 6b 7f ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff be a5 d9 ff 9c 77 98 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 9d 6e 8c ff b1 7d 9d ff 68 3f 3b ff 68 3f 3b ff 86 6d 7e ff 7f 66 74 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 83 4f 48 ff 83 4e 48 ff 68 3f 3b ff 68 3f 3b ff 97 62 6d ff 96 64 69 ff 68 3f 3b ff 68 3f 3b ff bb 7e 92 ff 68 3f 3b ff a9 86 5d ff 72 4a 43 ff 7a 4c 52 ff c6 8d 90 ff a0 7b 5a ff 8e 66 50 ff 68 3f 3b ff c5 84 9d ff 97 6a 60 ff 7b 55 42 ff 68 3f 3b ff 71 47 44 ff aa 6f 80 ff 7b 51 49 ff 97 74 50 ff 68 3f 3b ff 81 6e 84 ff 81 6e 84 ff 68 3f
        Data Ascii: g?;h?;h?;LFOIh?;h?;k~jh?;h?;h?;xrIFzkh?;h?;h?;wh?;h?;h?;n}h?;h?;m~fth?;h?;h?;h?;OHNHh?;h?;bmdih?;h?;~h?;]rJCzLR{ZfPh?;j`{UBh?;qGDo{QItPh?;nnh?
        2024-12-12 09:21:27 UTC1369INData Raw: ff cc a8 ff d0 a7 7c ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff a0 71 6a ff a0 71 6a ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 80 6e 84 ff 81 6e 84 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 74 49 44 ff d6 9d 96 ff f3 c2 bb ff e8 ce d7 ff c9 ce f2 ff c6 c8 fd ff da b9 f9 ff ee ab f5 ff fd a1 ee ff ff ab dc ff ff b8 c9 ff ff c4 b6 ff ff cf a2 ff 97 6f 58 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff a0 74 65 ff a0 74 64 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 86 6c 83 ff 87 6b 83 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 70 47 42 ff a6 7b 77 ff ba a1 ac ff b7 bc e2 ff cd c3 fb ff e0 b4 f7 ff f5 a6 f4 ff ff a4 e9 ff f5 a8 cc ff d9 9c a1 ff b3 83 76
        Data Ascii: |h?;h?;h?;h?;h?;qjqjh?;h?;h?;h?;nnh?;h?;h?;h?;h?;tIDoXh?;h?;h?;h?;h?;tetdh?;h?;h?;h?;lkh?;h?;h?;h?;h?;h?;pGB{wv
        2024-12-12 09:21:27 UTC595INData Raw: 7f 54 ff a0 7f 51 ff a0 81 4f ff a0 82 4e ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 83 4b ff a0 84 4c ff c6 b1 55 ff c6 b1 56 ff 7b 56 41 ff 68 3f 3b ff 68 3f 3b ff 67 3e 3b 8f 00 00 00 00 00 00 00 00 70 40 40 10 69 3f 3b cf 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 72 49 40 ff 97 71 55 ff a0 7c 58 ff a0 7d 55 ff a0 7e 53 ff a0 80 52 ff a0 81 50 ff a0 83 4e ff a0 84 4c ff a0 84 4b ff a0 84 4b ff a0 84 4c ff a0 84 4c ff a0 83 4b ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff 97 78 48 ff 7b 56 41 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 69 3f 3b cf 70 40 40 10 00 00 00 00 00 00 00 00 00 00 00 00 70 40 40 10 69 3e 3b 8f 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff
        Data Ascii: TQONLLLLLLLLKLUV{VAh?;h?;g>;p@@i?;h?;h?;h?;rI@qU|X}U~SRPNLKKLLKLLLLxH{VAh?;h?;h?;i?;p@@p@@i>;h?;h?;h?;h?;h?;h?;h?;


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        2192.168.2.44974292.53.191.1634432140C:\Program Files\Google\Chrome\Application\chrome.exe
        TimestampBytes transferredDirectionData
        2024-12-12 09:21:29 UTC355OUTGET /favicon.ico HTTP/1.1
        Host: www.luckyfriends.com
        Connection: keep-alive
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
        Accept: */*
        Sec-Fetch-Site: none
        Sec-Fetch-Mode: cors
        Sec-Fetch-Dest: empty
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        2024-12-12 09:21:29 UTC424INHTTP/1.1 200 OK
        Date: Thu, 12 Dec 2024 09:21:29 GMT
        Content-Type: image/x-icon
        Content-Length: 4286
        Connection: close
        last-modified: Wed, 11 Dec 2024 19:18:03 GMT
        etag: "6759e56b-10be"
        referrer-policy: strict-origin-when-cross-origin
        CF-Cache-Status: HIT
        Age: 2
        Expires: Thu, 12 Dec 2024 13:21:29 GMT
        Cache-Control: public, max-age=14400
        Accept-Ranges: bytes
        Server: cloudflare
        CF-RAY: 8f0ca4ff1cb141a1-EWR
        2024-12-12 09:21:29 UTC945INData Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 40 38 20 68 40 3b a0 69 40 3c cf 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 40 3b df 68 40 3c 90 68 40 3c 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 40 40 10 68 40 3c 90 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68
        Data Ascii: ( @ h@8 h@;i@<h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h@;h@<h@<@p@@h@<h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h?;h
        2024-12-12 09:21:29 UTC1369INData Raw: ff 75 4f 4f ff 68 3f 3b ff 67 3f 3b cf 68 3f 3b ff 68 3f 3b ff 7f 4c 46 ff 83 4f 49 ff 68 3f 3b ff 68 3f 3b ff 8b 6b 7e ff 8e 6a 81 ff 68 3f 3b ff 68 3f 3b ff a4 89 aa ff 68 3f 3b ff b2 78 89 ff 72 49 46 ff 9a 7a 90 ff 8d 6b 7f ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff be a5 d9 ff 9c 77 98 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 9d 6e 8c ff b1 7d 9d ff 68 3f 3b ff 68 3f 3b ff 86 6d 7e ff 7f 66 74 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 83 4f 48 ff 83 4e 48 ff 68 3f 3b ff 68 3f 3b ff 97 62 6d ff 96 64 69 ff 68 3f 3b ff 68 3f 3b ff bb 7e 92 ff 68 3f 3b ff a9 86 5d ff 72 4a 43 ff 7a 4c 52 ff c6 8d 90 ff a0 7b 5a ff 8e 66 50 ff 68 3f 3b ff c5 84 9d ff 97 6a 60 ff 7b 55 42 ff 68 3f 3b ff 71 47 44 ff aa 6f 80 ff 7b 51 49 ff 97 74 50 ff 68 3f 3b ff 81 6e
        Data Ascii: uOOh?;g?;h?;h?;LFOIh?;h?;k~jh?;h?;h?;xrIFzkh?;h?;h?;wh?;h?;h?;n}h?;h?;m~fth?;h?;h?;h?;OHNHh?;h?;bmdih?;h?;~h?;]rJCzLR{ZfPh?;j`{UBh?;qGDo{QItPh?;n
        2024-12-12 09:21:29 UTC1369INData Raw: ff b3 cf ff ff c0 bc ff ff cc a8 ff d0 a7 7c ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff a0 71 6a ff a0 71 6a ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 80 6e 84 ff 81 6e 84 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 74 49 44 ff d6 9d 96 ff f3 c2 bb ff e8 ce d7 ff c9 ce f2 ff c6 c8 fd ff da b9 f9 ff ee ab f5 ff fd a1 ee ff ff ab dc ff ff b8 c9 ff ff c4 b6 ff ff cf a2 ff 97 6f 58 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff a0 74 65 ff a0 74 64 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 86 6c 83 ff 87 6b 83 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 70 47 42 ff a6 7b 77 ff ba a1 ac ff b7 bc e2 ff cd c3 fb ff e0 b4 f7 ff f5 a6 f4 ff ff a4 e9 ff f5 a8 cc
        Data Ascii: |h?;h?;h?;h?;h?;qjqjh?;h?;h?;h?;nnh?;h?;h?;h?;h?;tIDoXh?;h?;h?;h?;h?;tetdh?;h?;h?;h?;lkh?;h?;h?;h?;h?;h?;pGB{w
        2024-12-12 09:21:29 UTC603INData Raw: 7c 57 ff a0 7d 55 ff a0 7f 54 ff a0 7f 51 ff a0 81 4f ff a0 82 4e ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 83 4b ff a0 84 4c ff c6 b1 55 ff c6 b1 56 ff 7b 56 41 ff 68 3f 3b ff 68 3f 3b ff 67 3e 3b 8f 00 00 00 00 00 00 00 00 70 40 40 10 69 3f 3b cf 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 72 49 40 ff 97 71 55 ff a0 7c 58 ff a0 7d 55 ff a0 7e 53 ff a0 80 52 ff a0 81 50 ff a0 83 4e ff a0 84 4c ff a0 84 4b ff a0 84 4b ff a0 84 4c ff a0 84 4c ff a0 83 4b ff a0 84 4c ff a0 84 4c ff a0 84 4c ff a0 84 4c ff 97 78 48 ff 7b 56 41 ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 69 3f 3b cf 70 40 40 10 00 00 00 00 00 00 00 00 00 00 00 00 70 40 40 10 69 3e 3b 8f 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff 68 3f 3b ff
        Data Ascii: |W}UTQONLLLLLLLLKLUV{VAh?;h?;g>;p@@i?;h?;h?;h?;rI@qU|X}U~SRPNLKKLLKLLLLxH{VAh?;h?;h?;i?;p@@p@@i>;h?;h?;h?;h?;h?;


        Statistics

        CPU Usage

        020406080s020406080100

        Click to jump to process

        Memory Usage

        020406080s0.0050100MB

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:04:21:13
        Start date:12/12/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false
        Show Windows behavior

        File Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Process Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Memory Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Process Token Activities


        General

        Target ID:2
        Start time:04:21:15
        Start date:12/12/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 --field-trial-handle=2624,i,10942704291163121243,16698645885157547879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:false
        Show Windows behavior

        File Activities

        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Memory Activities


        General

        Target ID:3
        Start time:04:21:22
        Start date:12/12/2024
        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.luckyfriends.com?stag=15519_675594975dedc648db894c8a&clickid=wbab3adshur5ck563122341l&http_referrer=https://s.optvz.com/&tracking_link=http://luckyfriendsplay.com/j7ad6a0fd"
        Imagebase:0x7ff76e190000
        File size:3'242'272 bytes
        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low
        Has exited:true
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        Show Windows behavior

        Memory Activities


        Disassembly

        No disassembly