Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://40608.xc.05cg.com/

Overview

General Information

Sample URL:http://40608.xc.05cg.com/
Analysis ID:1586347
Tags:urlscan
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected non-DNS traffic on DNS port

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 5568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2044,i,3124108614893101763,11179084805687600675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 7040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://40608.xc.05cg.com/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://40608.xc.05cg.com/Avira URL Cloud: detection malicious, Label: malware
Antivirus detection for URL or domain
Source: http://40608.xc.05cg.com/favicon.icoAvira URL Cloud: Label: malware
Source: http://40608.xc.05cg.com/HTTP Parser: No favicon
Source: global trafficTCP traffic: 192.168.2.7:57371 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 51.137.137.111
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: text/html; charset=UTF-8Content-Encoding: gzipExpires: -1Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 Jan 2025 07:44:09 GMTContent-Length: 2056Data Raw: 1f 8b 08 00 00 00 00 00 04 00 85 57 5b 6f 1b c7 15 7e 0f e0 ff 30 5e 23 0e 89 ee 2e 97 a4 44 49 24 57 2e 45 51 96 64 4b b2 2e b4 a3 1a 86 31 dc 1d 92 23 ed 2d 33 b3 a4 68 47 40 d0 97 b6 46 0d b4 0f 49 10 c0 01 12 a0 0f 05 8a 24 06 fa 52 a0 70 f3 63 5a 29 ca bf e8 99 d9 5d 72 29 db b0 2f e0 cc 99 73 ce 7e e7 3e d3 bc b9 be d7 3e 3a 7e d0 41 43 e1 7b ab 37 3e 6a ca 5f e4 52 66 6b 9e 60 1a f2 70 30 b0 b5 67 43 0d d1 f2 72 60 44 2c 74 08 e7 c4 b5 35 6d b5 39 24 d8 5d 6d fa 44 60 10 17 91 41 3e 8b e9 c8 d6 da 61 20 48 20 8c a3 49 44 34 e4 24 3b 5b 13 e4 4c 94 a4 fa 06 72 86 98 71 22 ec ee d1 86 b1 ac c9 cf 2a 25 01 f6 09 f0 0d 89 4f 0c 27 f4 42 96 93 be d5 ef f7 af 73 8e 28 19 47 21 13 39 b6 31 75 c5 d0 76 c9 88 3a c4 50 1b 1d d1 80 0a 8a 3d 83 3b d8 23 76 d9 b4 74 1f 9f 51 3f f6 73 14 14 73 c2 d4 1e f7 80 14 84 ea 5b 82 0a 8f ac 5e 7e fd dd e5 3f bf bc fa f1 e7 5f bf fe f1 f2 87 bf fd f2 e6 af bf fc e3 9b 66 29 39 04 2e ee 30 1a 09 58 b9 a1 13 fb 00 c3 0c 03 05 e8 4c c0 2e b6 03 32 46 1b 71 e0 08 1a 06 05 8d 11 11 b3 00 f5 b1 c7 89 56 44 73 52 9c 78 c4 11 5c 60 26 3e 24 d5 2c 4d 3f 8b 50 93 8b 89 c2 a2 a2 f7 5c 92 8c 31 e9 9d 52 61 48 14 06 a7 cf 88 81 dd 93 98 8b 3a 2a 5b d6 c7 0d c9 d2 07 8c ea a8 8e 2a 55 45 3b bf f1 d1 8d 8f 7a b1 10 61 90 68 e9 85 cc 25 ac 8e ac c6 6c 67 30 ec d2 98 83 50 74 96 92 cf a4 1a 1a 0c ea 19 0b 90 d4 91 8a 62 1d c9 e0 25 fb 98 71 49 88 42 0a fe 61 09 0c 2f c4 00 8b d1 c1 50 5c c7 65 2e 2f 2d 12 5f 51 7d cc 06 34 c8 a0 44 d8 75 d5 07 cb 56 74 86 2a 0b 29 14 c1 70 c0 a9 74 59 3d 81 35 c4 6e 38 46 15 cb f2 39 7c bc 47 1d a3 47 9e 51 c2 0a 96 b9 a0 23 88 bb 65 56 74 54 2e 2a e9 24 07 54 0c ea 28 08 03 92 b8 c4 0c 08 60 65 21 43 89 6b 12 cf 60 e7 74 c0 c2 38 70 01 fa a0 57 a8 d5 40 4d b5 aa 03 96 85 e2 bc 2b eb 18 82 38 22 e8 9d 72 8b 80 a1 6c 01 86 4a b9 9a a0 08 63 e1 d1 80 24 96 e6 d5 0c c3 11 61 59 5c 32 db 80 0d 95 c1 05 55 f8 0f fa 70 c1 4a cc d2 91 b9 68 a5 40 86 e5 44 2a 8b 46 b5 5a bd ee e8 b2 59 4b fd ac 88 63 22 a3 21 9d c0 7c ec 29 ba c4 64 0c 53 7a d9 ac cc c7 05 22 0e 18 7d 38 a9 a9 50 28 dc e0 3a ea 64 a9 94 89 2e 65 69 33 0d 28 fc 5d b0 52 a2 2a d9 29 d3 79 a2 43 a6 0a 17 49 11 8f 19 8e a2 39 37 bc 3b f3 f2 b6 a5 48 af 59 50 bb 96 58 e5 85 d1 10 e1 58 84 69 8a 41 93 30 52 38 35 eb 1a be b4 86 54 72 e0 d1 3c a8 d4 21 22 8c ea 68 b1 9c d9 f1 5b 9f b8 14 a3 42 4e eb 42 05 b4 16 53 4b 54 88 75 b9 7c 2c bb ef 27 4c 78 9f 3c c9 93 4d 0e 91 f0 0c 30 e2 34 11 99 56 4e 9a a9 8a 92 2f 9d 69 88 ae 05 75 c1 b2 52 f2 7c 4d 41 f9 c8 66 a1 6a a8 0f 81 af a3 58 5a e5 60 9e a9 9f b7 1e a1 73 65 1a 42 32 4c 78 2e c7 64 6a 97 97 74 b4 bc 08 99 6d 2d 24 99 ad d4 bb c4 09 19 4e 4a 74 56 63 d3 64 31 06 24 20 8c 3a 99 36 d5 d7 eb d3 76 46 7d 3c 20 50 a3 a2 90 20 82 a2 65 5e c1 c5
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 40608.xc.05cg.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /js-sdk-pro.min.js HTTP/1.1Host: sdk.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://40608.xc.05cg.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 40608.xc.05cg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://40608.xc.05cg.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KYSvWsCE8EvRnMGm=%7B%22sid%22%3A%20%22a9c8d953-8bd0-5d6e-b200-c4845680078a%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736381687045%2C%20%22ct%22%3A%201736379887045%7D; __51uvsct__KYSvWsCE8EvRnMGm=1; __51vcke__KYSvWsCE8EvRnMGm=7a3d0383-c644-549f-87a0-34749ebb3e92; __51vuft__KYSvWsCE8EvRnMGm=1736379887049
Source: global trafficHTTP traffic detected: GET /js-sdk-pro.min.js HTTP/1.1Host: sdk.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6/collect?dt=4 HTTP/1.1Host: collect-v6.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: 40608.xc.05cg.com
Source: global trafficDNS traffic detected: DNS query: sdk.51.la
Source: global trafficDNS traffic detected: DNS query: collect-v6.51.la
Source: unknownHTTP traffic detected: POST /v6/collect?dt=4 HTTP/1.1Host: collect-v6.51.laConnection: keep-aliveContent-Length: 283User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: http://40608.xc.05cg.comReferer: http://40608.xc.05cg.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 1f 8b 08 00 ef 0d 7f 67 00 03 5d 50 3d 4f 02 41 10 fd 2b 64 4b e3 de cd dd ee de ce d2 1a 62 61 6c 24 c6 58 de ed 1e 68 80 83 70 1f 98 18 7f 84 85 21 76 16 76 46 1a 6b e3 bf 39 e4 5f c0 2c d0 d0 bd bc f7 66 e6 bd 79 66 8f 8e 75 3b ec ea be df dc 95 17 3d ec 35 37 c5 f5 e5 84 9d 77 d8 bc da 29 91 16 89 d0 06 51 83 54 3b b2 22 92 b5 cb 8f f6 e7 ed 7f f5 b7 59 ae da ef cf f5 ef eb fa eb 9d 66 46 0b 92 09 b9 f2 88 ca fd 89 d4 58 74 46 09 8e 99 03 ae 5c 92 f3 2c 06 e0 56 a2 54 09 02 68 4c c9 6e 6b 72 3f 54 d5 ac 1b 86 12 12 c0 e0 c9 06 a0 ec 30 b0 d3 49 48 96 99 b7 f8 8c 63 42 51 8c 70 16 41 2c 89 1a a7 c5 90 c8 bc e0 b7 7d bf d0 47 ae 8b 51 31 5d f8 3c 0d e5 89 48 c9 8f 80 98 58 92 e8 0b 02 15 98 1f 40 dd 94 f6 e0 ab f7 55 74 2a 1c 08 14 dc 26 52 72 25 cd 80 a3 4e 81 0b a9 a5 c9 b3 4c e4 26 a6 4b f5 e0 f4 85 e6 65 0b 53 26 90 a2 72 01 00 00 Data Ascii: g]P=OA+dKbal$Xhp!vvFk9_,fyfu;=57w)QT;"YfFXtF\,VThLnkr?T0IHcBQpA,}GQ1]<HX@Ut*&Rr%NL&KeS&r
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 Jan 2025 07:44:11 GMTContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57653
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 57653 -> 443
Source: classification engineClassification label: mal56.win@16/4@12/9
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2044,i,3124108614893101763,11179084805687600675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://40608.xc.05cg.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2044,i,3124108614893101763,11179084805687600675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media5
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive6
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://40608.xc.05cg.com/100%Avira URL Cloudmalware

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://40608.xc.05cg.com/favicon.ico100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
hcdnwsa120.v5.cdnhwczoy106.cn
98.98.25.19
truefalse
    		high
    www.google.com
    		216.58.212.132
    		truefalse
      		high
      40608.xc.05cg.com
      		156.224.208.119
      		truefalse
        		unknown
        collect-v6.51.la
        		unknown
        		unknownfalse
          		high
          sdk.51.la
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://sdk.51.la/js-sdk-pro.min.jsfalse
              		high
              http://collect-v6.51.la/v6/collect?dt=4false
                		high
                http://40608.xc.05cg.com/true
                  		unknown
                  http://40608.xc.05cg.com/#true
                    		unknown
                    http://40608.xc.05cg.com/favicon.icotrue
                    • Avira URL Cloud: malware
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    216.58.212.132
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    148.153.240.68
                    		unknownUnited States
                    		63199CDSC-AS1USfalse
                    156.224.208.119
                    		40608.xc.05cg.comSeychelles
                    		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKfalse
                    98.98.25.19
                    		hcdnwsa120.v5.cdnhwczoy106.cnUnited States
                    		7018ATT-INTERNET4USfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    199.91.74.184
                    		unknownUnited States
                    		21859ZNETUSfalse

                    Private

                    IP
                    192.168.2.7
                    192.168.2.16
                    192.168.2.4

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1586347
                    Start date and time:2025-01-09 00:43:43 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 2m 59s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:http://40608.xc.05cg.com/
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:14
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal56.win@16/4@12/9
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.186.78, 64.233.166.84, 142.250.185.78, 172.217.18.14, 142.250.186.142, 142.251.40.174, 74.125.0.74, 199.232.210.172, 142.250.181.227, 23.56.254.164, 13.107.246.45, 52.149.20.212, 20.12.23.50
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, r5.sn-t0aedn7e.gvt1.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, r5---sn-t0aedn7e.gvt1.com, clients.l.google.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: http://40608.xc.05cg.com/

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    Chrome Cache Entry: 43

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 4014
                    Category:downloaded
                    Size (bytes):2056
                    Entropy (8bit):7.904389334181901
                    Encrypted:false
                    SSDEEP:48:X9Uiuqkyj/udJMNSBtazzeSmZFFyC4tPguBUW:mFy7ud+OaveSmvQPPgu7
                    MD5:BD923AD3161E77B7B779D29E6EEFBF2F
                    SHA1:99620A1A25BF27F3E61F91A2873A4464D819D6BE
                    SHA-256:0AF75273FBAC85474FABC0318D29AC4B5419BC4A8525002B9041BFEA1F0FE219
                    SHA-512:719585F0C5D4EFBF1E1B60D669D70CB04F37E63C785454A69C52352BE37FD82E371EDF363393088FBB33B7D88537BE0F7A8B817627096207F67A9FA6C8081025
                    Malicious:false
                    Reputation:low
                    URL:http://40608.xc.05cg.com/
                    Preview:...........W[o...~...0^#......DI$W.EQ.dK......1...#.-3..hG@..F...I........$..R.p.cZ)...]r)./..s.~.>....>:~.AC.{.7>j._.Rfk.`..p0..gC...r`D,t...5m.9$.]m.D`...A>.....a H ..ID4.$;[..L....r..q".......*%......O.'.B.......s.(.G!.9.1u..v.:.P.....=.;.#v.t..Q?.s..s........[....^~...?....._.........f)9...0..X..........L....2F.q.............VDsR.x..\`&>$.,M?.P......\..1.RaH........:*[........*UE;....z..a.h..%....lg0...Pt............b...%..qI.B..a../.....P\.e./-._Q}..4.D.u...Vt.*.)..p..tY=.5.n8F...9|.G..G.Q.....#..eVtT.*.$.T..(.......`e!C.k..`.t..8p...W..@M......+...8".r...l..J....c..$......aY\2.....U...p.J...h.@..D*.F.Z...YK...c".!..|.)..d.Sz...."..}8..P(..:.d....ei3.(.].R.*.).y.C...I.....97.;..H.YP..X....X.i.A.0R85.....Tr..<..!"..h....[....BN.B...SKT.u.|,..'Lx.<.M....0.4..VN..../.i...u..R.|MA..f.j.....XZ.`......se.B2Lx..dj..t....m-$......NJtVc.d1.$ .:.6....vF}< P... ..e^.....Q).... .-.......ww.....aw...`.-.........ts}IR......\.u.{!>.$...........N.olo.

                    Chrome Cache Entry: 44

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ISO-8859 text, with CRLF line terminators
                    Category:downloaded
                    Size (bytes):1163
                    Entropy (8bit):5.91401289232789
                    Encrypted:false
                    SSDEEP:24:hM0mIAvy4Wvs8Ea7JZRGNeHX+AYcvP2wUpafMb6k5:lmIAq1U8EiJZ+eHX+AdP2kDk5
                    MD5:8363ACAEAB9CBB099B59B78A44127CA6
                    SHA1:AEF448CE5500E3734059EC285CF6EC0B547075F2
                    SHA-256:9B342AE7F25D65BDB817D8C995F3211AC398E41575FC5D149D994C1DCB008F0A
                    SHA-512:A431F7EE4CDC3C7C6EDF43736E007E314A0F8C4D05706DBDF75B629B15BEE335D173ABC071568F447D78B4C43ABA02017C1993D6DA86A1ACDDE904EB287CB30C
                    Malicious:false
                    Reputation:low
                    URL:http://40608.xc.05cg.com/favicon.ico
                    Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=gb2312"/>..<title>404 - ..............</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>..........</h1></div>..<div id="content">.. <div class="content-container"

                    Static File Info

                    No static file info

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jan 9, 2025 00:44:30.409915924 CET49671443192.168.2.7204.79.197.203
                    Jan 9, 2025 00:44:30.721925974 CET49671443192.168.2.7204.79.197.203
                    Jan 9, 2025 00:44:31.331294060 CET49671443192.168.2.7204.79.197.203
                    Jan 9, 2025 00:44:32.534362078 CET49671443192.168.2.7204.79.197.203
                    Jan 9, 2025 00:44:33.753129959 CET49674443192.168.2.7104.98.116.138
                    Jan 9, 2025 00:44:33.753134966 CET49675443192.168.2.7104.98.116.138
                    Jan 9, 2025 00:44:33.910770893 CET49672443192.168.2.7104.98.116.138
                    Jan 9, 2025 00:44:34.940670013 CET49671443192.168.2.7204.79.197.203
                    Jan 9, 2025 00:44:39.054824114 CET49677443192.168.2.720.50.201.200
                    Jan 9, 2025 00:44:39.518362045 CET49677443192.168.2.720.50.201.200
                    Jan 9, 2025 00:44:39.799719095 CET49671443192.168.2.7204.79.197.203
                    Jan 9, 2025 00:44:40.316144943 CET49677443192.168.2.720.50.201.200
                    Jan 9, 2025 00:44:41.815907001 CET49677443192.168.2.720.50.201.200
                    Jan 9, 2025 00:44:43.106338024 CET49706443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:44:43.106378078 CET44349706216.58.212.132192.168.2.7
                    Jan 9, 2025 00:44:43.106488943 CET49706443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:44:43.106678009 CET49706443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:44:43.106689930 CET44349706216.58.212.132192.168.2.7
                    Jan 9, 2025 00:44:43.362898111 CET49674443192.168.2.7104.98.116.138
                    Jan 9, 2025 00:44:43.362907887 CET49675443192.168.2.7104.98.116.138
                    Jan 9, 2025 00:44:43.519149065 CET49672443192.168.2.7104.98.116.138
                    Jan 9, 2025 00:44:43.770188093 CET44349706216.58.212.132192.168.2.7
                    Jan 9, 2025 00:44:43.770477057 CET49706443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:44:43.770488024 CET44349706216.58.212.132192.168.2.7
                    Jan 9, 2025 00:44:43.771495104 CET44349706216.58.212.132192.168.2.7
                    Jan 9, 2025 00:44:43.771570921 CET49706443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:44:43.772849083 CET49706443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:44:43.772926092 CET44349706216.58.212.132192.168.2.7
                    Jan 9, 2025 00:44:43.816010952 CET49706443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:44:43.816051960 CET44349706216.58.212.132192.168.2.7
                    Jan 9, 2025 00:44:43.862925053 CET49706443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:44:44.260740995 CET5737153192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:44.265630007 CET53573711.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:44.265706062 CET5737153192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:44.265760899 CET5737153192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:44.271179914 CET53573711.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:44.719537973 CET53573711.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:44.720160961 CET5737153192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:44.725212097 CET53573711.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:44.725305080 CET5737153192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:44.800415993 CET49677443192.168.2.720.50.201.200
                    Jan 9, 2025 00:44:45.629250050 CET5737480192.168.2.7156.224.208.119
                    Jan 9, 2025 00:44:45.629677057 CET5737580192.168.2.7156.224.208.119
                    Jan 9, 2025 00:44:45.634078979 CET8057374156.224.208.119192.168.2.7
                    Jan 9, 2025 00:44:45.634151936 CET5737480192.168.2.7156.224.208.119
                    Jan 9, 2025 00:44:45.634366989 CET5737480192.168.2.7156.224.208.119
                    Jan 9, 2025 00:44:45.634450912 CET8057375156.224.208.119192.168.2.7
                    Jan 9, 2025 00:44:45.634561062 CET5737580192.168.2.7156.224.208.119
                    Jan 9, 2025 00:44:45.639146090 CET8057374156.224.208.119192.168.2.7
                    Jan 9, 2025 00:44:45.965565920 CET44349698104.98.116.138192.168.2.7
                    Jan 9, 2025 00:44:45.965696096 CET49698443192.168.2.7104.98.116.138
                    Jan 9, 2025 00:44:46.285533905 CET8057374156.224.208.119192.168.2.7
                    Jan 9, 2025 00:44:46.285552025 CET8057374156.224.208.119192.168.2.7
                    Jan 9, 2025 00:44:46.285614967 CET5737480192.168.2.7156.224.208.119
                    Jan 9, 2025 00:44:46.662372112 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:46.667208910 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:46.667310953 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:46.667690039 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:46.672497034 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845488071 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845500946 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845511913 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845525980 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845545053 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845563889 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845567942 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.845577002 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845587969 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845606089 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845611095 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.845619917 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845632076 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.845652103 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.845683098 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.845683098 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.851046085 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.851059914 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.851072073 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.851084948 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.851098061 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.851104021 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.851130009 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.851330042 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.851356030 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.851366997 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.851376057 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.851411104 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.862020016 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.862032890 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.862066031 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.862073898 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.862076998 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.862124920 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.899876118 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.899892092 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.899904966 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.899982929 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.901048899 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.901067019 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.901078939 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.901129007 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.901171923 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.901972055 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.901983976 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.901997089 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.902055979 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.902690887 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.902705908 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.902718067 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.902750969 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.902777910 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.908082962 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.908097029 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.908108950 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:44:47.908162117 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.935642958 CET5737480192.168.2.7156.224.208.119
                    Jan 9, 2025 00:44:47.940563917 CET8057374156.224.208.119192.168.2.7
                    Jan 9, 2025 00:44:47.945394039 CET5738480192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:47.950274944 CET8057384199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:47.950364113 CET5738480192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:47.950582981 CET5738480192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:47.955518007 CET8057384199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:47.962028027 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:44:47.962498903 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:47.967277050 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:47.967360973 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:47.967519999 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:47.972320080 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.103740931 CET8057374156.224.208.119192.168.2.7
                    Jan 9, 2025 00:44:48.103761911 CET8057374156.224.208.119192.168.2.7
                    Jan 9, 2025 00:44:48.103816032 CET5737480192.168.2.7156.224.208.119
                    Jan 9, 2025 00:44:48.729592085 CET8057384199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.771178961 CET5738480192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.772030115 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.772047043 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.772092104 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.783021927 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.783107042 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.783123016 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.783147097 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.783166885 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.783175945 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.783188105 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.783200026 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.783210039 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.783219099 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.783222914 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.783231020 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.783241987 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.783251047 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.783277988 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.862664938 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.862680912 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.862734079 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.862776041 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.862788916 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.862802982 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.862838030 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.873718977 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.873785019 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.873799086 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.873811007 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.873826981 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.873908043 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.873944998 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.874232054 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.874244928 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.874258041 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.874269962 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.874283075 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.874375105 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.874934912 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.874948978 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.874968052 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.874979019 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.874990940 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.875081062 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:48.875710011 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:44:48.927454948 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:44:49.271621943 CET5739180192.168.2.7148.153.240.68
                    Jan 9, 2025 00:44:49.276552916 CET8057391148.153.240.68192.168.2.7
                    Jan 9, 2025 00:44:49.276645899 CET5739180192.168.2.7148.153.240.68
                    Jan 9, 2025 00:44:49.276865959 CET5739180192.168.2.7148.153.240.68
                    Jan 9, 2025 00:44:49.282515049 CET8057391148.153.240.68192.168.2.7
                    Jan 9, 2025 00:44:49.409966946 CET49671443192.168.2.7204.79.197.203
                    Jan 9, 2025 00:44:50.415518045 CET8057391148.153.240.68192.168.2.7
                    Jan 9, 2025 00:44:50.455889940 CET5739180192.168.2.7148.153.240.68
                    Jan 9, 2025 00:44:50.769320011 CET49677443192.168.2.720.50.201.200
                    Jan 9, 2025 00:44:53.685565948 CET44349706216.58.212.132192.168.2.7
                    Jan 9, 2025 00:44:53.685631037 CET44349706216.58.212.132192.168.2.7
                    Jan 9, 2025 00:44:53.685672998 CET49706443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:44:55.505822897 CET49706443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:44:55.505848885 CET44349706216.58.212.132192.168.2.7
                    Jan 9, 2025 00:45:02.676450968 CET49677443192.168.2.720.50.201.200
                    Jan 9, 2025 00:45:30.644427061 CET5737580192.168.2.7156.224.208.119
                    Jan 9, 2025 00:45:30.650403976 CET8057375156.224.208.119192.168.2.7
                    Jan 9, 2025 00:45:32.910093069 CET5737880192.168.2.798.98.25.19
                    Jan 9, 2025 00:45:32.914998055 CET805737898.98.25.19192.168.2.7
                    Jan 9, 2025 00:45:33.113178968 CET5737480192.168.2.7156.224.208.119
                    Jan 9, 2025 00:45:33.121874094 CET8057374156.224.208.119192.168.2.7
                    Jan 9, 2025 00:45:33.738255978 CET5738480192.168.2.7199.91.74.184
                    Jan 9, 2025 00:45:33.743176937 CET8057384199.91.74.184192.168.2.7
                    Jan 9, 2025 00:45:33.878866911 CET5738580192.168.2.7199.91.74.184
                    Jan 9, 2025 00:45:33.883959055 CET8057385199.91.74.184192.168.2.7
                    Jan 9, 2025 00:45:35.425765991 CET5739180192.168.2.7148.153.240.68
                    Jan 9, 2025 00:45:35.430740118 CET8057391148.153.240.68192.168.2.7
                    Jan 9, 2025 00:45:43.161566019 CET57653443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:45:43.161617041 CET44357653216.58.212.132192.168.2.7
                    Jan 9, 2025 00:45:43.161674976 CET57653443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:45:43.161959887 CET57653443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:45:43.161971092 CET44357653216.58.212.132192.168.2.7
                    Jan 9, 2025 00:45:43.792706013 CET44357653216.58.212.132192.168.2.7
                    Jan 9, 2025 00:45:43.794243097 CET57653443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:45:43.794258118 CET44357653216.58.212.132192.168.2.7
                    Jan 9, 2025 00:45:43.795031071 CET44357653216.58.212.132192.168.2.7
                    Jan 9, 2025 00:45:43.798347950 CET57653443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:45:43.798466921 CET44357653216.58.212.132192.168.2.7
                    Jan 9, 2025 00:45:43.847317934 CET57653443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:45:45.790327072 CET5737580192.168.2.7156.224.208.119
                    Jan 9, 2025 00:45:45.795644045 CET8057375156.224.208.119192.168.2.7
                    Jan 9, 2025 00:45:45.795732021 CET5737580192.168.2.7156.224.208.119
                    Jan 9, 2025 00:45:53.714320898 CET44357653216.58.212.132192.168.2.7
                    Jan 9, 2025 00:45:53.714402914 CET44357653216.58.212.132192.168.2.7
                    Jan 9, 2025 00:45:53.714494944 CET57653443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:45:55.596432924 CET57653443192.168.2.7216.58.212.132
                    Jan 9, 2025 00:45:55.596466064 CET44357653216.58.212.132192.168.2.7

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jan 9, 2025 00:44:39.145462036 CET53652331.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:39.224445105 CET53620131.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:40.205276966 CET53589901.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:43.098236084 CET6155753192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:43.098381996 CET5127253192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:43.105041981 CET53512721.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:43.105487108 CET53615571.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:44.260198116 CET53524881.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:45.047454119 CET6458653192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:45.047699928 CET6237653192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:45.210707903 CET123123192.168.2.751.137.137.111
                    Jan 9, 2025 00:44:45.576340914 CET53645861.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:45.753247976 CET12312351.137.137.111192.168.2.7
                    Jan 9, 2025 00:44:46.643798113 CET6452053192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:46.644386053 CET5854253192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:46.650851011 CET53645201.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:47.845386028 CET53585421.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:47.929984093 CET6184853192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:47.930171967 CET5991853192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:47.936963081 CET53618481.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:47.946125031 CET6086453192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:47.946296930 CET5186853192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:47.953010082 CET53608641.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:48.393407106 CET53599181.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:48.660758018 CET53518681.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:48.734257936 CET5235053192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:48.734705925 CET5926153192.168.2.71.1.1.1
                    Jan 9, 2025 00:44:49.207169056 CET53523501.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:49.273257971 CET53592611.1.1.1192.168.2.7
                    Jan 9, 2025 00:44:49.300137043 CET53623761.1.1.1192.168.2.7
                    Jan 9, 2025 00:45:38.796191931 CET53618781.1.1.1192.168.2.7
                    Jan 9, 2025 00:45:39.449394941 CET138138192.168.2.7192.168.2.255

                    ICMP Packets

                    TimestampSource IPDest IPChecksumCodeType
                    Jan 9, 2025 00:44:47.845462084 CET192.168.2.71.1.1.1c28b(Port unreachable)Destination Unreachable
                    Jan 9, 2025 00:44:49.273334980 CET192.168.2.71.1.1.1c299(Port unreachable)Destination Unreachable

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Jan 9, 2025 00:44:43.098236084 CET192.168.2.71.1.1.10xd33cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:43.098381996 CET192.168.2.71.1.1.10x57ecStandard query (0)www.google.com65IN (0x0001)false
                    Jan 9, 2025 00:44:45.047454119 CET192.168.2.71.1.1.10xfc5Standard query (0)40608.xc.05cg.comA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:45.047699928 CET192.168.2.71.1.1.10x909Standard query (0)40608.xc.05cg.com65IN (0x0001)false
                    Jan 9, 2025 00:44:46.643798113 CET192.168.2.71.1.1.10xff72Standard query (0)sdk.51.laA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:46.644386053 CET192.168.2.71.1.1.10x1f1dStandard query (0)sdk.51.la65IN (0x0001)false
                    Jan 9, 2025 00:44:47.929984093 CET192.168.2.71.1.1.10x63baStandard query (0)collect-v6.51.laA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:47.930171967 CET192.168.2.71.1.1.10x8b71Standard query (0)collect-v6.51.la65IN (0x0001)false
                    Jan 9, 2025 00:44:47.946125031 CET192.168.2.71.1.1.10x1b27Standard query (0)sdk.51.laA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:47.946296930 CET192.168.2.71.1.1.10x4691Standard query (0)sdk.51.la65IN (0x0001)false
                    Jan 9, 2025 00:44:48.734257936 CET192.168.2.71.1.1.10x5eb1Standard query (0)collect-v6.51.laA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:48.734705925 CET192.168.2.71.1.1.10xe0aeStandard query (0)collect-v6.51.la65IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Jan 9, 2025 00:44:43.105041981 CET1.1.1.1192.168.2.70x57ecNo error (0)www.google.com65IN (0x0001)false
                    Jan 9, 2025 00:44:43.105487108 CET1.1.1.1192.168.2.70xd33cNo error (0)www.google.com216.58.212.132A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:45.576340914 CET1.1.1.1192.168.2.70xfc5No error (0)40608.xc.05cg.com156.224.208.119A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:46.650851011 CET1.1.1.1192.168.2.70xff72No error (0)sdk.51.lasdk.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:46.650851011 CET1.1.1.1192.168.2.70xff72No error (0)sdk.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:46.650851011 CET1.1.1.1192.168.2.70xff72No error (0)hcdnwsa120.v5.cdnhwczoy106.cn98.98.25.19A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:46.650851011 CET1.1.1.1192.168.2.70xff72No error (0)hcdnwsa120.v5.cdnhwczoy106.cn149.104.73.29A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:47.845386028 CET1.1.1.1192.168.2.70x1f1dNo error (0)sdk.51.lasdk.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:47.845386028 CET1.1.1.1192.168.2.70x1f1dNo error (0)sdk.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:47.936963081 CET1.1.1.1192.168.2.70x63baNo error (0)collect-v6.51.lacollect-v6.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:47.936963081 CET1.1.1.1192.168.2.70x63baNo error (0)collect-v6.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:47.936963081 CET1.1.1.1192.168.2.70x63baNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.184A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:47.936963081 CET1.1.1.1192.168.2.70x63baNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.208A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:47.936963081 CET1.1.1.1192.168.2.70x63baNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.185A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:47.936963081 CET1.1.1.1192.168.2.70x63baNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.209A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:47.953010082 CET1.1.1.1192.168.2.70x1b27No error (0)sdk.51.lasdk.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:47.953010082 CET1.1.1.1192.168.2.70x1b27No error (0)sdk.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:47.953010082 CET1.1.1.1192.168.2.70x1b27No error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.184A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:47.953010082 CET1.1.1.1192.168.2.70x1b27No error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.185A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:47.953010082 CET1.1.1.1192.168.2.70x1b27No error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.208A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:47.953010082 CET1.1.1.1192.168.2.70x1b27No error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.209A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:48.393407106 CET1.1.1.1192.168.2.70x8b71No error (0)collect-v6.51.lacollect-v6.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:48.393407106 CET1.1.1.1192.168.2.70x8b71No error (0)collect-v6.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:48.660758018 CET1.1.1.1192.168.2.70x4691No error (0)sdk.51.lasdk.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:48.660758018 CET1.1.1.1192.168.2.70x4691No error (0)sdk.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:49.207169056 CET1.1.1.1192.168.2.70x5eb1No error (0)collect-v6.51.lacollect-v6.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:49.207169056 CET1.1.1.1192.168.2.70x5eb1No error (0)collect-v6.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:49.207169056 CET1.1.1.1192.168.2.70x5eb1No error (0)hcdnwsa120.v5.cdnhwczoy106.cn148.153.240.68A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:49.207169056 CET1.1.1.1192.168.2.70x5eb1No error (0)hcdnwsa120.v5.cdnhwczoy106.cn90.84.161.16A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:49.207169056 CET1.1.1.1192.168.2.70x5eb1No error (0)hcdnwsa120.v5.cdnhwczoy106.cn90.84.161.20A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:49.207169056 CET1.1.1.1192.168.2.70x5eb1No error (0)hcdnwsa120.v5.cdnhwczoy106.cn90.84.161.21A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:44:49.273257971 CET1.1.1.1192.168.2.70xe0aeNo error (0)collect-v6.51.lacollect-v6.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:49.273257971 CET1.1.1.1192.168.2.70xe0aeNo error (0)collect-v6.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:44:49.300137043 CET1.1.1.1192.168.2.70x909Server failure (2)40608.xc.05cg.comnonenone65IN (0x0001)false

                    HTTP Request Dependency Graph

                    • 40608.xc.05cg.com
                      • sdk.51.la
                      • collect-v6.51.la

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.757374156.224.208.119805568C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:44:45.634366989 CET432OUTGET / HTTP/1.1
                    Host: 40608.xc.05cg.com
                    Connection: keep-alive
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Jan 9, 2025 00:44:46.285533905 CET1236INHTTP/1.1 200 OK
                    Cache-Control: no-cache
                    Pragma: no-cache
                    Content-Type: text/html; charset=UTF-8
                    Content-Encoding: gzip
                    Expires: -1
                    Server: Microsoft-IIS/8.5
                    X-Powered-By: ASP.NET
                    Date: Wed, 08 Jan 2025 07:44:09 GMT
                    Content-Length: 2056
                    Data Raw: 1f 8b 08 00 00 00 00 00 04 00 85 57 5b 6f 1b c7 15 7e 0f e0 ff 30 5e 23 0e 89 ee 2e 97 a4 44 49 24 57 2e 45 51 96 64 4b b2 2e b4 a3 1a 86 31 dc 1d 92 23 ed 2d 33 b3 a4 68 47 40 d0 97 b6 46 0d b4 0f 49 10 c0 01 12 a0 0f 05 8a 24 06 fa 52 a0 70 f3 63 5a 29 ca bf e8 99 d9 5d 72 29 db b0 2f e0 cc 99 73 ce 7e e7 3e d3 bc b9 be d7 3e 3a 7e d0 41 43 e1 7b ab 37 3e 6a ca 5f e4 52 66 6b 9e 60 1a f2 70 30 b0 b5 67 43 0d d1 f2 72 60 44 2c 74 08 e7 c4 b5 35 6d b5 39 24 d8 5d 6d fa 44 60 10 17 91 41 3e 8b e9 c8 d6 da 61 20 48 20 8c a3 49 44 34 e4 24 3b 5b 13 e4 4c 94 a4 fa 06 72 86 98 71 22 ec ee d1 86 b1 ac c9 cf 2a 25 01 f6 09 f0 0d 89 4f 0c 27 f4 42 96 93 be d5 ef f7 af 73 8e 28 19 47 21 13 39 b6 31 75 c5 d0 76 c9 88 3a c4 50 1b 1d d1 80 0a 8a 3d 83 3b d8 23 76 d9 b4 74 1f 9f 51 3f f6 73 14 14 73 c2 d4 1e f7 80 14 84 ea 5b 82 0a 8f ac 5e 7e fd dd e5 3f bf bc fa f1 e7 5f bf fe f1 f2 87 bf fd f2 e6 af bf fc e3 9b 66 29 39 04 2e ee 30 1a 09 58 b9 a1 13 fb 00 c3 0c 03 05 e8 4c c0 2e b6 03 32 46 1b 71 e0 08 1a 06 [TRUNCATED]
                    Data Ascii: W[o~0^#.DI$W.EQdK.1#-3hG@FI$RpcZ)]r)/s~>>:~AC{7>j_Rfk`p0gCr`D,t5m9$]mD`A>a H ID4$;[Lrq"*%O'Bs(G!91uv:P=;#vtQ?ss[^~?_f)9.0XL.2FqVDsRx\`&>$,M?P\1RaH:*[*UE;zah%lg0Ptb%qIBa/P\e./-_Q}4DuVt*)ptY=5n8F9|GGQ#eVtT.*$T(`e!Ck`t8pW@M+8"rlJc$aY\2UpJh@D*FZYKc"!|)dSz"}8P(:d.ei3(]R*)yCI97;HYPXXiA0R85Tr<!"h[BNBSKTu|,'Lx<M04VN/iuR|MAfjXZ`seB2Lx.djtm-$NJtVcd1$ :6vF}< P e^Q) -wwaw`-ts}IR\u{!>$
                    Jan 9, 2025 00:44:46.285552025 CET1068INData Raw: d3 da df eb 1d ff 4e ca 6f 6c 6f 1f 74 36 ba 64 63 49 58 4e 67 77 b0 de da d9 5f d9 18 1f 0f ce ee d6 1e 9d 44 78 eb 59 bb dd 3a db 3f 7b 38 18 6c c4 eb b4 3d f2 ee ef 91 03 77 f3 60 65 f2 ec 24 70 36 1f 86 9f 55 83 28 fe cd 78 bf cb ba f1 f6 e6
                    Data Ascii: Nolot6dcIXNgw_DxY:?{8l=w`e$p6U(x;<0d{?ul}WuV\vyv[lomET9Su)nl\#O89}HD9et.!`-G"TqZEdYI2s}I}\7'Mp(S/t}
                    Jan 9, 2025 00:44:47.935642958 CET750OUTGET /favicon.ico HTTP/1.1
                    Host: 40608.xc.05cg.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Referer: http://40608.xc.05cg.com/
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Cookie: __vtins__KYSvWsCE8EvRnMGm=%7B%22sid%22%3A%20%22a9c8d953-8bd0-5d6e-b200-c4845680078a%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736381687045%2C%20%22ct%22%3A%201736379887045%7D; __51uvsct__KYSvWsCE8EvRnMGm=1; __51vcke__KYSvWsCE8EvRnMGm=7a3d0383-c644-549f-87a0-34749ebb3e92; __51vuft__KYSvWsCE8EvRnMGm=1736379887049
                    Jan 9, 2025 00:44:48.103740931 CET1236INHTTP/1.1 404 Not Found
                    Content-Type: text/html
                    Server: Microsoft-IIS/8.5
                    X-Powered-By: ASP.NET
                    Date: Wed, 08 Jan 2025 07:44:11 GMT
                    Content-Length: 1163
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f [TRUNCATED]
                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> [TRUNCATED]
                    Jan 9, 2025 00:44:48.103761911 CET87INData Raw: b1 bb c9 be b3 fd a3 ac d2 d1 b8 fc b8 c4 c3 fb b3 c6 bb f2 d5 df d4 dd ca b1 b2 bb bf c9 d3 c3 a1 a3 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74
                    Data Ascii: </h3> </fieldset></div></div></body></html>
                    Jan 9, 2025 00:45:33.113178968 CET6OUTData Raw: 00
                    Data Ascii:


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.75737898.98.25.19805568C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:44:46.667690039 CET315OUTGET /js-sdk-pro.min.js HTTP/1.1
                    Host: sdk.51.la
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Referer: http://40608.xc.05cg.com/
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Jan 9, 2025 00:44:47.845488071 CET1236INHTTP/1.1 200 OK
                    Date: Wed, 08 Jan 2025 23:44:47 GMT
                    Content-Type: text/plain; charset=utf-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Server: openresty
                    Cache-Control: no-store
                    Access-Control-Allow-Origin: *
                    Access-Control-Allow-Credentials: true
                    via: LA-BRA-saopaulo-EDGE2-CACHE7[334],LA-BRA-saopaulo-EDGE2-CACHE7[ovl,331],LA-BRA-saopaulo-EDGE1-CACHE6[ovl,330],EA-HKG-EDGE1-CACHE2[ovl,34],EA-HKG-EDGE2-CACHE3[ovl,33],EA-HKG-GLOBAL1-CACHE5[ovl,31]
                    X-CCDN-REQ-ID-46B1: 42ad878b4c7913a44156a721f2919c71
                    Data Raw: 34 39 61 0d 0a 2f 2a 21 0a 2a 20 35 31 4c 41 20 41 6e 61 6c 79 73 69 73 20 4a 61 76 61 73 63 72 69 70 74 20 53 6f 66 74 77 61 72 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 4b 69 74 0a 2a 20 6a 73 2d 73 64 6b 2d 70 72 6f 20 76 31 2e 35 38 2e 33 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 31 36 2d 32 30 32 32 20 35 31 2e 6c 61 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 0a 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2c 67 3d 65 5b 27 64 6f 63 75 6d 65 6e 74 27 5d 2c 68 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 69 3d 41 28 27 4f 62 6a 65 63 74 27 29 2c 6a 3d 41 28 27 4e 75 6d 62 65 72 27 29 2c 6b 3d 41 28 27 53 74 72 69 6e 67 27 29 2c 6d 3d 41 28 27 41 72 72 61 79 27 29 2c 6e 3d 41 28 27 46 75 6e 63 74 69 6f 6e 27 29 2c 6f 3d 41 28 27 52 65 67 45 78 70 27 29 3b 66 75 6e 63 74 69 6f 6e 20 71 28 74 2c 75 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 78 30 21 3d 3d 74 26 26 2d 30 78 31 [TRUNCATED]
                    Data Ascii: 49a/*!* 51LA Analysis Javascript Software Development Kit* js-sdk-pro v1.58.3* Copyright 2016-2022 51.la All Rights Reserved*/(function(c){'use strict';var e=window,g=e['document'],h=encodeURIComponent,i=A('Object'),j=A('Number'),k=A('String'),m=A('Array'),n=A('Function'),o=A('RegExp');function q(t,u){return void 0x0!==t&&-0x1!==t['indexOf'](u);}function v(w,x){for(var y=0x0,z=w['length'];y<z;y++)if(w[y]==x)return y;return-0x1;}function A(B){return function(C){return Object['prototype']['toString']['call'](C)==='[object\x20'['concat'](B,']');};}function D(){for(var E=0x0,F={};E<arguments['length'];E++){var G=arguments[E];for(var H in G)F[H]=G[H];}return F;}function I(J){return J['replace'](/&/g,'
                    Jan 9, 2025 00:44:47.845500946 CET470INData Raw: 7e 5f 7e 27 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 4c 29 7b 76 61 72 20 4d 3d 27 27 3b 66 6f 72 28 76 61 72 20 4e 20 69 6e 20 4c 29 27 27 21 3d 3d 4d 26 26 28 4d 2b 3d 27 26 27 29 2c 4d 2b 3d 4e 2b 27 3d 27 2b 68 28 68 28 49 28 53 74 72 69 6e
                    Data Ascii: ~_~');}function K(L){var M='';for(var N in L)''!==M&&(M+='&'),M+=N+'='+h(h(I(String(L[N]))));return M;}function O(P){return P['replace'](/^\s+|\s+$/g,'');}function Q(){return+new Date();}function R(S){var T=e['navigator']['userAgent'],U=new Re
                    Jan 9, 2025 00:44:47.845511913 CET1236INData Raw: 62 30 35 0d 0a 27 3a 4b 2c 27 74 72 69 6d 27 3a 4f 2c 27 6e 6f 77 27 3a 51 2c 27 61 72 72 61 79 49 6e 64 65 78 4f 66 27 3a 76 2c 27 63 68 65 63 6b 43 68 6f 72 6d 65 4d 6f 62 6c 69 65 27 3a 52 7d 2c 57 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72
                    Data Ascii: b05':K,'trim':O,'now':Q,'arrayIndexOf':v,'checkChormeMoblie':R},W=function(){var X,Y=a2('meta'),Z=a2('title'),a0={'kw':'','ds':''};a0['tt']=V['trim'](Z['length']?Z[0x0]['innerHTML']:''),a0['tt']=a0['tt']['slice'](0x0,0x3e8);for(var a1=0x0;a1
                    Jan 9, 2025 00:44:47.845525980 CET224INData Raw: 6d 43 68 61 72 43 6f 64 65 27 5d 2c 61 68 3d 7b 27 53 73 73 4d 27 3a 66 75 6e 63 74 69 6f 6e 28 61 69 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 69 3f 27 27 3a 61 68 5b 27 53 4d 74 66 27 5d 28 61 69 2c 30 78 66 2c 66 75 6e 63 74 69 6f 6e 28
                    Data Ascii: mCharCode'],ah={'SssM':function(ai){return null==ai?'':ah['SMtf'](ai,0xf,function(ah){return ag(ah+0x20);})+'\x20';},'jhxb':function(ag){for(var al=ah['GAHm'](ag),am=new Uint8Array(0x2*al['length']),an=0x0,ao=al['length'];an
                    Jan 9, 2025 00:44:47.845545053 CET224INData Raw: 6d 43 68 61 72 43 6f 64 65 27 5d 2c 61 68 3d 7b 27 53 73 73 4d 27 3a 66 75 6e 63 74 69 6f 6e 28 61 69 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 69 3f 27 27 3a 61 68 5b 27 53 4d 74 66 27 5d 28 61 69 2c 30 78 66 2c 66 75 6e 63 74 69 6f 6e 28
                    Data Ascii: mCharCode'],ah={'SssM':function(ai){return null==ai?'':ah['SMtf'](ai,0xf,function(ah){return ag(ah+0x20);})+'\x20';},'jhxb':function(ag){for(var al=ah['GAHm'](ag),am=new Uint8Array(0x2*al['length']),an=0x0,ao=al['length'];an
                    Jan 9, 2025 00:44:47.845563889 CET1236INData Raw: 3c 61 6f 3b 61 6e 2b 2b 29 7b 76 61 72 20 61 70 3d 61 6c 5b 27 63 68 61 72 43 6f 64 65 41 74 27 5d 28 61 6e 29 3b 61 6d 5b 30 78 32 2a 61 6e 5d 3d 61 70 3e 3e 3e 30 78 38 2c 61 6d 5b 30 78 32 2a 61 6e 2b 30 78 31 5d 3d 61 70 25 30 78 31 30 30 3b
                    Data Ascii: <ao;an++){var ap=al['charCodeAt'](an);am[0x2*an]=ap>>>0x8,am[0x2*an+0x1]=ap%0x100;}return am;},'NGto':function(ag){return null==ag?'':ah['SMtf'](ag,0x6,function(ag){return'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-$'['cha
                    Jan 9, 2025 00:44:47.845577002 CET1236INData Raw: 28 30 78 32 2c 61 48 29 2c 61 48 2b 2b 29 2c 64 65 6c 65 74 65 20 61 42 5b 61 45 5d 3b 7d 65 6c 73 65 20 66 6f 72 28 61 79 3d 61 41 5b 61 45 5d 2c 61 78 3d 30 78 30 3b 61 78 3c 61 48 3b 61 78 2b 2b 29 61 4a 3d 61 4a 3c 3c 30 78 31 7c 30 78 31 26
                    Data Ascii: (0x2,aH),aH++),delete aB[aE];}else for(ay=aA[aE],ax=0x0;ax<aH;ax++)aJ=aJ<<0x1|0x1&ay,aK==ah-0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0)3ffa:aK++,ay>>=0x1;0x0==--aF&&(aF=Math['pow'](0x2,aH),aH++),aA[aD]=aG++,aE=String(aC);}if(''!==aE){if(Object[
                    Jan 9, 2025 00:44:47.845587969 CET1236INData Raw: 62 6f 6c 26 26 27 73 79 6d 62 6f 6c 27 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 5b 27 69 74 65 72 61 74 6f 72 27 5d 3f 66 75 6e 63 74 69 6f 6e 28 61 4d 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 61 4d 3b 7d 3a 66 75 6e 63 74 69 6f 6e 28
                    Data Ascii: bol&&'symbol'==typeof Symbol['iterator']?function(aM){return typeof aM;}:function(aM){return aM&&'function'==typeof Symbol&&aM['constructor']===Symbol&&aM!==Symbol['prototype']?'symbol':typeof aM;})(aM);}var aP={'parse':function gw(aV){return
                    Jan 9, 2025 00:44:47.845606089 CET1236INData Raw: 21 3d 74 79 70 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 26 26 6e 75 6c 6c 21 3d 3d 55 69 6e 74 38 41 72 72 61 79 29 7b 76 61 72 20 62 34 3d 55 69 6e 74 38 41 72 72 61 79 2c 62 35 3d 55 69 6e 74 31 36 41 72 72 61 79 2c 62 36 3d 55 69 6e 74 33 32
                    Data Ascii: !=typeof Uint8Array&&null!==Uint8Array){var b4=Uint8Array,b5=Uint16Array,b6=Uint32Array,b7=new b4([0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x1,0x1,0x1,0x1,0x2,0x2,0x2,0x2,0x3,0x3,0x3,0x3,0x4,0x4,0x4,0x4,0x5,0x5,0x5,0x5,0x0,0x0,0x0,0x0]),b8=new b4([0x0
                    Jan 9, 2025 00:44:47.845619917 CET896INData Raw: 5b 62 39 5d 29 66 6f 72 28 76 61 72 20 62 6b 3d 62 39 3c 3c 30 78 34 7c 62 34 5b 62 39 5d 2c 62 6c 3d 62 36 2d 62 34 5b 62 39 5d 2c 62 6e 3d 62 63 5b 62 34 5b 62 39 5d 2d 30 78 31 5d 2b 2b 3c 3c 62 6c 2c 62 6f 3d 62 6e 7c 28 30 78 31 3c 3c 62 6c
                    Data Ascii: [b9])for(var bk=b9<<0x4|b4[b9],bl=b6-b4[b9],bn=bc[b4[b9]-0x1]++<<bl,bo=bn|(0x1<<bl)-0x1;bn<=bo;++bn)bb[bm[bn]>>>bd]=bk;}else for(bb=new b5(b8),b9=0x0;b9<b8;++b9)b4[b9]&&(bb[b9]=bm[bc[b4[b9]-0x1]++]>>>0xf-b4[b9]);return bb;},bq=new b4(0x120);fo
                    Jan 9, 2025 00:44:47.845632076 CET1236INData Raw: 78 31 5d 7c 3d 62 36 3e 3e 3e 30 78 38 2c 62 34 5b 62 37 2b 30 78 32 5d 7c 3d 62 36 3e 3e 3e 30 78 31 30 3b 7d 2c 62 4c 3d 66 75 6e 63 74 69 6f 6e 28 62 36 2c 62 37 29 7b 66 6f 72 28 76 61 72 20 62 38 3d 5b 5d 2c 62 39 3d 30 78 30 3b 62 39 3c 62
                    Data Ascii: x1]|=b6>>>0x8,b4[b7+0x2]|=b6>>>0x10;},bL=function(b6,b7){for(var b8=[],b9=0x0;b9<b6['length'];++b9)b6[b9]&&b8['push']({'s':b9,'f':b6[b9]});var ba=b8['length'],bb=b8['slice']();if(!ba)return[bS,0x0];if(0x1==ba){var bc=new b4(b8[0x0]['s']+0x1);r


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.757384199.91.74.184805568C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:44:47.950582981 CET659OUTPOST /v6/collect?dt=4 HTTP/1.1
                    Host: collect-v6.51.la
                    Connection: keep-alive
                    Content-Length: 283
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Origin: http://40608.xc.05cg.com
                    Referer: http://40608.xc.05cg.com/
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Data Raw: 1f 8b 08 00 ef 0d 7f 67 00 03 5d 50 3d 4f 02 41 10 fd 2b 64 4b e3 de cd dd ee de ce d2 1a 62 61 6c 24 c6 58 de ed 1e 68 80 83 70 1f 98 18 7f 84 85 21 76 16 76 46 1a 6b e3 bf 39 e4 5f c0 2c d0 d0 bd bc f7 66 e6 bd 79 66 8f 8e 75 3b ec ea be df dc 95 17 3d ec 35 37 c5 f5 e5 84 9d 77 d8 bc da 29 91 16 89 d0 06 51 83 54 3b b2 22 92 b5 cb 8f f6 e7 ed 7f f5 b7 59 ae da ef cf f5 ef eb fa eb 9d 66 46 0b 92 09 b9 f2 88 ca fd 89 d4 58 74 46 09 8e 99 03 ae 5c 92 f3 2c 06 e0 56 a2 54 09 02 68 4c c9 6e 6b 72 3f 54 d5 ac 1b 86 12 12 c0 e0 c9 06 a0 ec 30 b0 d3 49 48 96 99 b7 f8 8c 63 42 51 8c 70 16 41 2c 89 1a a7 c5 90 c8 bc e0 b7 7d bf d0 47 ae 8b 51 31 5d f8 3c 0d e5 89 48 c9 8f 80 98 58 92 e8 0b 02 15 98 1f 40 dd 94 f6 e0 ab f7 55 74 2a 1c 08 14 dc 26 52 72 25 cd 80 a3 4e 81 0b a9 a5 c9 b3 4c e4 26 a6 4b f5 e0 f4 85 e6 65 0b 53 26 90 a2 72 01 00 00
                    Data Ascii: g]P=OA+dKbal$Xhp!vvFk9_,fyfu;=57w)QT;"YfFXtF\,VThLnkr?T0IHcBQpA,}GQ1]<HX@Ut*&Rr%NL&KeS&r
                    Jan 9, 2025 00:44:48.729592085 CET415INHTTP/1.1 200
                    Date: Wed, 08 Jan 2025 23:44:48 GMT
                    Content-Length: 0
                    Connection: keep-alive
                    Vary: Origin
                    Vary: Access-Control-Request-Method
                    Vary: Access-Control-Request-Headers
                    Access-Control-Allow-Origin: http://40608.xc.05cg.com
                    Access-Control-Allow-Credentials: true
                    via: LA-MEX-queretaro-EDGE1-CACHE4[227],LA-MEX-queretaro-EDGE1-CACHE4[ovl,225]
                    X-CCDN-REQ-ID-46B1: 161a02787bb0f4fd73529e325a9dfff9
                    Jan 9, 2025 00:45:33.738255978 CET6OUTData Raw: 00
                    Data Ascii:


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.757385199.91.74.184805568C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:44:47.967519999 CET279OUTGET /js-sdk-pro.min.js HTTP/1.1
                    Host: sdk.51.la
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Jan 9, 2025 00:44:48.772030115 CET1236INHTTP/1.1 200 OK
                    Date: Wed, 08 Jan 2025 23:44:48 GMT
                    Content-Type: text/plain; charset=utf-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Server: openresty
                    Cache-Control: no-store
                    Access-Control-Allow-Origin: *
                    Access-Control-Allow-Credentials: true
                    via: LA-MEX-queretaro-EDGE1-CACHE3[227],LA-MEX-queretaro-EDGE1-CACHE3[ovl,224],LA-MEX-queretaro-EDGE2-CACHE3[ovl,224],CHN-HElangfang-GLOBAL6-CACHE69[ovl,17]
                    X-CCDN-REQ-ID-46B1: f932b63e6cf0095b240f77ba15df429a
                    Data Raw: 34 61 36 0d 0a 2f 2a 21 0a 2a 20 35 31 4c 41 20 41 6e 61 6c 79 73 69 73 20 4a 61 76 61 73 63 72 69 70 74 20 53 6f 66 74 77 61 72 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 4b 69 74 0a 2a 20 6a 73 2d 73 64 6b 2d 70 72 6f 20 76 31 2e 35 38 2e 33 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 31 36 2d 32 30 32 32 20 35 31 2e 6c 61 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 0a 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2c 67 3d 65 5b 27 64 6f 63 75 6d 65 6e 74 27 5d 2c 68 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 69 3d 41 28 27 4f 62 6a 65 63 74 27 29 2c 6a 3d 41 28 27 4e 75 6d 62 65 72 27 29 2c 6b 3d 41 28 27 53 74 72 69 6e 67 27 29 2c 6d 3d 41 28 27 41 72 72 61 79 27 29 2c 6e 3d 41 28 27 46 75 6e 63 74 69 6f 6e 27 29 2c 6f 3d 41 28 27 52 65 67 45 78 70 27 29 3b 66 75 6e 63 74 69 6f 6e 20 71 28 74 2c 75 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 78 30 21 3d 3d 74 26 26 2d 30 78 31 [TRUNCATED]
                    Data Ascii: 4a6/*!* 51LA Analysis Javascript Software Development Kit* js-sdk-pro v1.58.3* Copyright 2016-2022 51.la All Rights Reserved*/(function(c){'use strict';var e=window,g=e['document'],h=encodeURIComponent,i=A('Object'),j=A('Number'),k=A('String'),m=A('Array'),n=A('Function'),o=A('RegExp');function q(t,u){return void 0x0!==t&&-0x1!==t['indexOf'](u);}function v(w,x){for(var y=0x0,z=w['length'];y<z;y++)if(w[y]==x)return y;return-0x1;}function A(B){return function(C){return Object['prototype']['toString']['call'](C)==='[object\x20'['concat'](B,']');};}function D(){for(var E=0x0,F={};E<arguments['length'];E++){var G=arguments[E];for(var H in G)F[H]=G[H];}return F;}function I(J){return J['replace'](/&/g,'~_~');}function K(L){var M='';for(var N in L
                    Jan 9, 2025 00:44:48.772047043 CET438INData Raw: 29 27 27 21 3d 3d 4d 26 26 28 4d 2b 3d 27 26 27 29 2c 4d 2b 3d 4e 2b 27 3d 27 2b 68 28 68 28 49 28 53 74 72 69 6e 67 28 4c 5b 4e 5d 29 29 29 29 3b 72 65 74 75 72 6e 20 4d 3b 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 50 29 7b 72 65 74 75 72 6e 20 50 5b
                    Data Ascii: )''!==M&&(M+='&'),M+=N+'='+h(h(I(String(L[N]))));return M;}function O(P){return P['replace'](/^\s+|\s+$/g,'');}function Q(){return+new Date();}function R(S){var T=e['navigator']['userAgent'],U=new RegExp(/\b(?:Chrome|CrMo|CriOS)\/([\d.]+)/)['e
                    Jan 9, 2025 00:44:48.783021927 CET1236INData Raw: 33 66 66 61 0d 0a 2c 27 6e 6f 77 27 3a 51 2c 27 61 72 72 61 79 49 6e 64 65 78 4f 66 27 3a 76 2c 27 63 68 65 63 6b 43 68 6f 72 6d 65 4d 6f 62 6c 69 65 27 3a 52 7d 2c 57 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 58 2c 59 3d 61 32 28 27 6d 65
                    Data Ascii: 3ffa,'now':Q,'arrayIndexOf':v,'checkChormeMoblie':R},W=function(){var X,Y=a2('meta'),Z=a2('title'),a0={'kw':'','ds':''};a0['tt']=V['trim'](Z['length']?Z[0x0]['innerHTML']:''),a0['tt']=a0['tt']['slice'](0x0,0x3e8);for(var a1=0x0;a1<Y['length'
                    Jan 9, 2025 00:44:48.783107042 CET1236INData Raw: 2c 61 68 3d 7b 27 53 73 73 4d 27 3a 66 75 6e 63 74 69 6f 6e 28 61 69 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 69 3f 27 27 3a 61 68 5b 27 53 4d 74 66 27 5d 28 61 69 2c 30 78 66 2c 66 75 6e 63 74 69 6f 6e 28 61 68 29 7b 72 65 74 75 72 6e 20
                    Data Ascii: ,ah={'SssM':function(ai){return null==ai?'':ah['SMtf'](ai,0xf,function(ah){return ag(ah+0x20);})+'\x20';},'jhxb':function(ag){for(var al=ah['GAHm'](ag),am=new Uint8Array(0x2*al['length']),an=0x0,ao=al['length'];an<ao;an++){var ap=al['charCodeA
                    Jan 9, 2025 00:44:48.783123016 CET1236INData Raw: 2c 61 4b 3d 3d 61 68 2d 30 78 31 3f 28 61 4b 3d 30 78 30 2c 61 49 5b 27 70 75 73 68 27 5d 28 61 77 28 61 4a 29 29 2c 61 4a 3d 30 78 30 29 3a 61 4b 2b 2b 2c 61 79 3d 30 78 30 3b 66 6f 72 28 61 79 3d 61 45 5b 27 63 68 61 72 43 6f 64 65 41 74 27 5d
                    Data Ascii: ,aK==ah-0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0):aK++,ay=0x0;for(ay=aE['charCodeAt'](0x0),ax=0x0;ax<0x10;ax++)aJ=aJ<<0x1|0x1&ay,aK==ah-0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0):aK++,ay>>=0x1;}0x0==--aF&&(aF=Math['pow'](0x2,aH),aH++),delete aB[aE];}
                    Jan 9, 2025 00:44:48.783147097 CET1236INData Raw: 2d 30 78 31 3f 28 61 4b 3d 30 78 30 2c 61 49 5b 27 70 75 73 68 27 5d 28 61 77 28 61 4a 29 29 2c 61 4a 3d 30 78 30 29 3a 61 4b 2b 2b 2c 61 79 3e 3e 3d 30 78 31 3b 66 6f 72 28 3b 3b 29 7b 69 66 28 61 4a 3c 3c 3d 30 78 31 2c 61 4b 3d 3d 61 68 2d 30
                    Data Ascii: -0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0):aK++,ay>>=0x1;for(;;){if(aJ<<=0x1,aK==ah-0x1){aI['push'](aw(aJ));break;}aK++;}return aI['join']('');}};return ah;}();function aL(aM){return(aL='function'==typeof Symbol&&'symbol'==typeof Symbol['iterator
                    Jan 9, 2025 00:44:48.783175945 CET1236INData Raw: 6e 20 61 58 29 61 52 5b 27 63 61 6c 6c 27 5d 28 61 58 2c 62 31 29 26 26 62 30 5b 27 70 75 73 68 27 5d 28 74 28 62 31 29 2b 27 3a 5c 78 32 30 27 2b 74 28 61 58 5b 62 31 5d 29 29 3b 72 65 74 75 72 6e 27 7b 27 2b 62 30 5b 27 6a 6f 69 6e 27 5d 28 27
                    Data Ascii: n aX)aR['call'](aX,b1)&&b0['push'](t(b1)+':\x20'+t(aX[b1]));return'{'+b0['join'](',\x20')+'}';}}var b2;return'\x22'+aX['toString']()['replace'](aU,aT)+'\x22';})},aQ,aR,aS,aT,aU;function b3(){if('undefined'!=typeof Uint8Array&&null!==Uint8Array
                    Jan 9, 2025 00:44:48.783188105 CET1236INData Raw: 34 5b 27 6c 65 6e 67 74 68 27 5d 2c 62 39 3d 30 78 30 2c 62 61 3d 6e 65 77 20 62 35 28 62 36 29 3b 62 39 3c 62 38 3b 2b 2b 62 39 29 2b 2b 62 61 5b 62 34 5b 62 39 5d 2d 30 78 31 5d 3b 76 61 72 20 62 62 2c 62 63 3d 6e 65 77 20 62 35 28 62 36 29 3b
                    Data Ascii: 4['length'],b9=0x0,ba=new b5(b6);b9<b8;++b9)++ba[b4[b9]-0x1];var bb,bc=new b5(b6);for(b9=0x0;b9<b6;++b9)bc[b9]=bc[b9-0x1]+ba[b9-0x1]<<0x1;if(b7){bb=new b5(0x1<<b6);var bd=0xf-b6;for(b9=0x0;b9<b8;++b9)if(b4[b9])for(var bk=b9<<0x4|b4[b9],bl=b6-b
                    Jan 9, 2025 00:44:48.783200026 CET1236INData Raw: 5d 7d 29 3b 76 61 72 20 62 61 3d 62 38 5b 27 6c 65 6e 67 74 68 27 5d 2c 62 62 3d 62 38 5b 27 73 6c 69 63 65 27 5d 28 29 3b 69 66 28 21 62 61 29 72 65 74 75 72 6e 5b 62 53 2c 30 78 30 5d 3b 69 66 28 30 78 31 3d 3d 62 61 29 7b 76 61 72 20 62 63 3d
                    Data Ascii: ]});var ba=b8['length'],bb=b8['slice']();if(!ba)return[bS,0x0];if(0x1==ba){var bc=new b4(b8[0x0]['s']+0x1);return bc[b8[0x0]['s']]=0x1,[bc,0x1];}b8['sort'](function(b4,b5){return b4['f']-b5['f'];}),b8['push']({'s':-0x1,'f':0x61a9});var bd=b8[0
                    Jan 9, 2025 00:44:48.783219099 CET1236INData Raw: 30 78 31 2c 62 62 3d 66 75 6e 63 74 69 6f 6e 28 62 34 29 7b 62 37 5b 62 38 2b 2b 5d 3d 62 34 3b 7d 2c 62 63 3d 30 78 31 3b 62 63 3c 3d 62 36 3b 2b 2b 62 63 29 69 66 28 62 34 5b 62 63 5d 3d 3d 62 39 26 26 62 63 21 3d 62 36 29 2b 2b 62 61 3b 65 6c
                    Data Ascii: 0x1,bb=function(b4){b7[b8++]=b4;},bc=0x1;bc<=b6;++bc)if(b4[bc]==b9&&bc!=b6)++ba;else{if(!b9&&ba>0x2){for(;ba>0x8a;ba-=0x8a)bb(0x7ff2);ba>0x2&&(bb(ba>0xa?ba-0xb<<0x5|0x7012:ba-0x3<<0x5|0x3011),ba=0x0);}else if(ba>0x3){for(bb(b9),--ba;ba>0x6;ba-
                    Jan 9, 2025 00:44:48.783231020 CET1236INData Raw: 64 45 3c 3d 64 46 26 26 64 45 3c 3d 64 47 29 72 65 74 75 72 6e 20 62 50 28 62 36 2c 62 6f 2c 62 34 5b 27 73 75 62 61 72 72 61 79 27 5d 28 62 6d 2c 62 6d 2b 62 6e 29 29 3b 69 66 28 62 4a 28 62 36 2c 62 6f 2c 30 78 31 2b 28 64 47 3c 64 46 29 29 2c
                    Data Ascii: dE<=dF&&dE<=dG)return bP(b6,bo,b4['subarray'](bm,bm+bn));if(bJ(b6,bo,0x1+(dG<dF)),bo+=0x2,dG<dF){dA=bp(bI,bM,0x0),dB=bI,dC=bp(bR,bS,0x0),dD=bR;var dH=bp(dx,dy,0x0);bJ(b6,bo,bV-0x101),bJ(b6,bo+0x5,bY-0x1),bJ(b6,bo+0xa,dz-0x4),bo+=0xe;for(c0=0x0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.757391148.153.240.68805568C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:44:49.276865959 CET284OUTGET /v6/collect?dt=4 HTTP/1.1
                    Host: collect-v6.51.la
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Jan 9, 2025 00:44:50.415518045 CET320INHTTP/1.1 220
                    Date: Wed, 08 Jan 2025 23:44:50 GMT
                    Content-Length: 0
                    Connection: keep-alive
                    Vary: Origin
                    Vary: Access-Control-Request-Method
                    Vary: Access-Control-Request-Headers
                    via: EU-GER-frankfurt-EDGE7-CACHE3[509],EU-GER-frankfurt-EDGE7-CACHE3[ovl,505]
                    X-CCDN-REQ-ID-46B1: 3d954917a160eb4d4943bb299155fb81
                    Jan 9, 2025 00:45:35.425765991 CET6OUTData Raw: 00
                    Data Ascii:


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.757375156.224.208.119805568C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:45:30.644427061 CET6OUTData Raw: 00
                    Data Ascii:


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:18:44:33
                    Start date:08/01/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                    Imagebase:0x7ff6c4390000
                    File size:3'242'272 bytes
                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:2
                    Start time:18:44:37
                    Start date:08/01/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2044,i,3124108614893101763,11179084805687600675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff6c4390000
                    File size:3'242'272 bytes
                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:9
                    Start time:18:44:44
                    Start date:08/01/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://40608.xc.05cg.com/"
                    Imagebase:0x7ff6c4390000
                    File size:3'242'272 bytes
                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    Disassembly

                    No disassembly