Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://38133.xc.05cg.com/

Overview

General Information

Sample URL:http://38133.xc.05cg.com/
Analysis ID:1586349
Tags:urlscan
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
AI detected suspicious URL
Detected non-DNS traffic on DNS port

Classification

  • System is w10x64
  • chrome.exe (PID: 2260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,17136471459106567463,2721345839449474616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://38133.xc.05cg.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://38133.xc.05cg.com/Avira URL Cloud: detection malicious, Label: malware
Source: http://38133.xc.05cg.com/favicon.icoAvira URL Cloud: Label: malware

Phishing

barindex
Source: URLJoe Sandbox AI: AI detected IP in URL: http://38133.xc.05cg.com
Source: http://38133.xc.05cg.com/HTTP Parser: No favicon
Source: global trafficTCP traffic: 192.168.2.4:58931 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: text/html; charset=UTF-8Content-Encoding: gzipExpires: -1Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 Jan 2025 07:45:19 GMTContent-Length: 2056Data Raw: 1f 8b 08 00 00 00 00 00 04 00 85 57 5b 6f 1b c7 15 7e 0f e0 ff 30 5e 23 0e 89 ee 2e 97 a4 44 49 24 57 2e 45 51 96 64 4b b2 2e b4 a3 1a 86 31 dc 1d 92 23 ed 2d 33 b3 a4 68 47 40 d0 97 b6 46 0d b4 0f 49 10 c0 01 12 a0 0f 05 8a 24 06 fa 52 a0 70 f3 63 5a 29 ca bf e8 99 d9 5d 72 29 db b0 2f e0 cc 99 73 ce 7e e7 3e d3 bc b9 be d7 3e 3a 7e d0 41 43 e1 7b ab 37 3e 6a ca 5f e4 52 66 6b 9e 60 1a f2 70 30 b0 b5 67 43 0d d1 f2 72 60 44 2c 74 08 e7 c4 b5 35 6d b5 39 24 d8 5d 6d fa 44 60 10 17 91 41 3e 8b e9 c8 d6 da 61 20 48 20 8c a3 49 44 34 e4 24 3b 5b 13 e4 4c 94 a4 fa 06 72 86 98 71 22 ec ee d1 86 b1 ac c9 cf 2a 25 01 f6 09 f0 0d 89 4f 0c 27 f4 42 96 93 be d5 ef f7 af 73 8e 28 19 47 21 13 39 b6 31 75 c5 d0 76 c9 88 3a c4 50 1b 1d d1 80 0a 8a 3d 83 3b d8 23 76 d9 b4 74 1f 9f 51 3f f6 73 14 14 73 c2 d4 1e f7 80 14 84 ea 5b 82 0a 8f ac 5e 7e fd dd e5 3f bf bc fa f1 e7 5f bf fe f1 f2 87 bf fd f2 e6 af bf fc e3 9b 66 29 39 04 2e ee 30 1a 09 58 b9 a1 13 fb 00 c3 0c 03 05 e8 4c c0 2e b6 03 32 46 1b 71 e0 08 1a 06 05 8d 11 11 b3 00 f5 b1 c7 89 56 44 73 52 9c 78 c4 11 5c 60 26 3e 24 d5 2c 4d 3f 8b 50 93 8b 89 c2 a2 a2 f7 5c 92 8c 31 e9 9d 52 61 48 14 06 a7 cf 88 81 dd 93 98 8b 3a 2a 5b d6 c7 0d c9 d2 07 8c ea a8 8e 2a 55 45 3b bf f1 d1 8d 8f 7a b1 10 61 90 68 e9 85 cc 25 ac 8e ac c6 6c 67 30 ec d2 98 83 50 74 96 92 cf a4 1a 1a 0c ea 19 0b 90 d4 91 8a 62 1d c9 e0 25 fb 98 71 49 88 42 0a fe 61 09 0c 2f c4 00 8b d1 c1 50 5c c7 65 2e 2f 2d 12 5f 51 7d cc 06 34 c8 a0 44 d8 75 d5 07 cb 56 74 86 2a 0b 29 14 c1 70 c0 a9 74 59 3d 81 35 c4 6e 38 46 15 cb f2 39 7c bc 47 1d a3 47 9e 51 c2 0a 96 b9 a0 23 88 bb 65 56 74 54 2e 2a e9 24 07 54 0c ea 28 08 03 92 b8 c4 0c 08 60 65 21 43 89 6b 12 cf 60 e7 74 c0 c2 38 70 01 fa a0 57 a8 d5 40 4d b5 aa 03 96 85 e2 bc 2b eb 18 82 38 22 e8 9d 72 8b 80 a1 6c 01 86 4a b9 9a a0 08 63 e1 d1 80 24 96 e6 d5 0c c3 11 61 59 5c 32 db 80 0d 95 c1 05 55 f8 0f fa 70 c1 4a cc d2 91 b9 68 a5 40 86 e5 44 2a 8b 46 b5 5a bd ee e8 b2 59 4b fd ac 88 63 22 a3 21 9d c0 7c ec 29 ba c4 64 0c 53 7a d9 ac cc c7 05 22 0e 18 7d 38 a9 a9 50 28 dc e0 3a ea 64 a9 94 89 2e 65 69 33 0d 28 fc 5d b0 52 a2 2a d9 29 d3 79 a2 43 a6 0a 17 49 11 8f 19 8e a2 39 37 bc 3b f3 f2 b6 a5 48 af 59 50 bb 96 58 e5 85 d1 10 e1 58 84 69 8a 41 93 30 52 38 35 eb 1a be b4 86 54 72 e0 d1 3c a8 d4 21 22 8c ea 68 b1 9c d9 f1 5b 9f b8 14 a3 42 4e eb 42 05 b4 16 53 4b 54 88 75 b9 7c 2c bb ef 27 4c 78 9f 3c c9 93 4d 0e 91 f0 0c 30 e2 34 11 99 56 4e 9a a9 8a 92 2f 9d 69 88 ae 05 75 c1 b2 52 f2 7c 4d 41 f9 c8 66 a1 6a a8 0f 81 af a3 58 5a e5 60 9e a9 9f b7 1e a1 73 65 1a 42 32 4c 78 2e c7 64 6a 97 97 74 b4 bc 08 99 6d 2d 24 99 ad d4 bb c4 09 19 4e 4a 74 56 63 d3 64 31 06 24 20 8c 3a 99 36 d5 d7 eb d3 76 46 7d 3c 20 50 a3 a2 90 20 82 a2 65 5e c1 c5
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 38133.xc.05cg.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /js-sdk-pro.min.js HTTP/1.1Host: sdk.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://38133.xc.05cg.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 38133.xc.05cg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://38133.xc.05cg.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __vtins__KYSvWsCE8EvRnMGm=%7B%22sid%22%3A%20%22fa5df923-1976-5545-9115-836d0ff2bb7d%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736381757690%2C%20%22ct%22%3A%201736379957690%7D; __51uvsct__KYSvWsCE8EvRnMGm=1; __51vcke__KYSvWsCE8EvRnMGm=f69487f2-716a-5e35-91d6-08780cff0571; __51vuft__KYSvWsCE8EvRnMGm=1736379957695
Source: global trafficHTTP traffic detected: GET /js-sdk-pro.min.js HTTP/1.1Host: sdk.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6/collect?dt=4 HTTP/1.1Host: collect-v6.51.laConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: 38133.xc.05cg.com
Source: global trafficDNS traffic detected: DNS query: sdk.51.la
Source: global trafficDNS traffic detected: DNS query: collect-v6.51.la
Source: unknownHTTP traffic detected: POST /v6/collect?dt=4 HTTP/1.1Host: collect-v6.51.laConnection: keep-aliveContent-Length: 281User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: http://38133.xc.05cg.comReferer: http://38133.xc.05cg.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 1f 8b 08 00 35 0e 7f 67 00 03 5d 50 bb 4e c3 40 10 fc 95 e8 4a c4 d9 f7 f0 bd d2 a2 88 02 d1 10 21 44 e9 dc f9 02 4a e2 44 b1 cf 41 42 7c 04 05 8a e8 28 e8 10 69 a8 11 7f e3 c0 5f 90 bd 38 4d ba d1 cc ec ee cc 3e a2 7b 87 fa 3d 74 71 3b 6c 6e aa b3 81 1e 34 57 e5 e5 f9 0c 9d f6 d0 b2 de 29 54 71 c9 95 31 42 49 43 76 64 0d 24 6a d7 6f ed d7 cb ef e6 e7 6f bd 69 3f df b7 df cf db 8f 57 98 99 ac 40 06 e4 aa 03 aa f6 27 7c 2e 9c 37 8c 63 6a 94 c4 42 64 02 1b 4a 05 d6 5c 3a e2 3d 1b 8d 94 03 bb 0d e0 be ab eb 45 3f 4d b9 a6 9c 27 0f 36 21 c2 8e 13 3b 9f a5 60 59 44 4b cc 38 05 44 99 26 27 94 b0 0c a8 69 5e 8e 81 2c 4a 7c 3d 8c 0b 63 e4 50 4e ca f9 2a e6 69 20 0f 05 a5 38 00 60 58 06 62 2c 08 4d dd b2 03 a1 a9 6c e7 0b 5d 15 69 32 ad 3c c3 8a ca 1c 8b 82 43 15 27 31 d1 4a 13 eb 3d 11 8a c2 a5 e0 8f 5f 28 9e fe 01 42 1f 66 e7 72 01 00 00 Data Ascii: 5g]PN@J!DJDAB|(i_8M>{=tq;ln4W)Tq1BICvd$jooi?W@'|.7cjBdJ\:=E?M'6!;`YDK8D&'i^,J|=cPN*i 8`Xb,Ml]i2<C'1J=_(Bfr
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 08 Jan 2025 07:45:21 GMTContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59036
Source: unknownNetwork traffic detected: HTTP traffic on port 59036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: classification engineClassification label: mal60.win@16/4@12/10
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,17136471459106567463,2721345839449474616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://38133.xc.05cg.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,17136471459106567463,2721345839449474616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Process Injection
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media5
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive6
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://38133.xc.05cg.com/100%Avira URL Cloudmalware
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://38133.xc.05cg.com/favicon.ico100%Avira URL Cloudmalware
NameIPActiveMaliciousAntivirus DetectionReputation
38133.xc.05cg.com
156.224.208.119
truetrue
    unknown
    hcdnwsa120.v5.cdnhwczoy106.cn
    90.84.161.16
    truefalse
      high
      www.google.com
      142.250.185.68
      truefalse
        high
        collect-v6.51.la
        unknown
        unknownfalse
          high
          sdk.51.la
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            http://sdk.51.la/js-sdk-pro.min.jsfalse
              high
              http://38133.xc.05cg.com/#true
                unknown
                http://collect-v6.51.la/v6/collect?dt=4false
                  high
                  http://38133.xc.05cg.com/favicon.icotrue
                  • Avira URL Cloud: malware
                  unknown
                  http://38133.xc.05cg.com/true
                    unknown
                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs
                    IPDomainCountryFlagASNASN NameMalicious
                    90.84.161.16
                    hcdnwsa120.v5.cdnhwczoy106.cnFrance
                    5511OPENTRANSITFRfalse
                    142.250.185.68
                    www.google.comUnited States
                    15169GOOGLEUSfalse
                    148.153.240.68
                    unknownUnited States
                    63199CDSC-AS1USfalse
                    156.224.208.119
                    38133.xc.05cg.comSeychelles
                    133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKtrue
                    149.104.73.29
                    unknownUnited States
                    174COGENT-174USfalse
                    239.255.255.250
                    unknownReserved
                    unknownunknownfalse
                    199.91.74.185
                    unknownUnited States
                    21859ZNETUSfalse
                    IP
                    192.168.2.4
                    192.168.2.6
                    192.168.2.5
                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1586349
                    Start date and time:2025-01-09 00:44:47 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 3m 8s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:browseurl.jbs
                    Sample URL:http://38133.xc.05cg.com/
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal60.win@16/4@12/10
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 142.250.185.99, 142.250.184.206, 74.125.71.84, 216.58.206.78, 142.250.185.206, 199.232.210.172, 192.229.221.95, 142.250.185.78, 142.250.186.142, 142.250.185.238, 142.250.185.67, 184.28.90.27, 52.149.20.212, 13.107.246.45
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, update.googleapis.com, clients.l.google.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: http://38133.xc.05cg.com/
                    No simulations
                    No context
                    No context
                    No context
                    No context
                    No context
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 4014
                    Category:downloaded
                    Size (bytes):2056
                    Entropy (8bit):7.904389334181901
                    Encrypted:false
                    SSDEEP:48:X9Uiuqkyj/udJMNSBtazzeSmZFFyC4tPguBUW:mFy7ud+OaveSmvQPPgu7
                    MD5:BD923AD3161E77B7B779D29E6EEFBF2F
                    SHA1:99620A1A25BF27F3E61F91A2873A4464D819D6BE
                    SHA-256:0AF75273FBAC85474FABC0318D29AC4B5419BC4A8525002B9041BFEA1F0FE219
                    SHA-512:719585F0C5D4EFBF1E1B60D669D70CB04F37E63C785454A69C52352BE37FD82E371EDF363393088FBB33B7D88537BE0F7A8B817627096207F67A9FA6C8081025
                    Malicious:false
                    Reputation:low
                    URL:http://38133.xc.05cg.com/
                    Preview:...........W[o...~...0^#......DI$W.EQ.dK......1...#.-3..hG@..F...I........$..R.p.cZ)...]r)./..s.~.>....>:~.AC.{.7>j._.Rfk.`..p0..gC...r`D,t...5m.9$.]m.D`...A>.....a H ..ID4.$;[..L....r..q".......*%......O.'.B.......s.(.G!.9.1u..v.:.P.....=.;.#v.t..Q?.s..s........[....^~...?....._.........f)9...0..X..........L....2F.q.............VDsR.x..\`&>$.,M?.P......\..1.RaH........:*[........*UE;....z..a.h..%....lg0...Pt............b...%..qI.B..a../.....P\.e./-._Q}..4.D.u...Vt.*.)..p..tY=.5.n8F...9|.G..G.Q.....#..eVtT.*.$.T..(.......`e!C.k..`.t..8p...W..@M......+...8".r...l..J....c..$......aY\2.....U...p.J...h.@..D*.F.Z...YK...c".!..|.)..d.Sz...."..}8..P(..:.d....ei3.(.].R.*.).y.C...I.....97.;..H.YP..X....X.i.A.0R85.....Tr..<..!"..h....[....BN.B...SKT.u.|,..'Lx.<.M....0.4..VN..../.i...u..R.|MA..f.j.....XZ.`......se.B2Lx..dj..t....m-$......NJtVc.d1.$ .:.6....vF}< P... ..e^.....Q).... .-.......ww.....aw...`.-.........ts}IR......\.u.{!>.$...........N.olo.
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ISO-8859 text, with CRLF line terminators
                    Category:downloaded
                    Size (bytes):1163
                    Entropy (8bit):5.91401289232789
                    Encrypted:false
                    SSDEEP:24:hM0mIAvy4Wvs8Ea7JZRGNeHX+AYcvP2wUpafMb6k5:lmIAq1U8EiJZ+eHX+AdP2kDk5
                    MD5:8363ACAEAB9CBB099B59B78A44127CA6
                    SHA1:AEF448CE5500E3734059EC285CF6EC0B547075F2
                    SHA-256:9B342AE7F25D65BDB817D8C995F3211AC398E41575FC5D149D994C1DCB008F0A
                    SHA-512:A431F7EE4CDC3C7C6EDF43736E007E314A0F8C4D05706DBDF75B629B15BEE335D173ABC071568F447D78B4C43ABA02017C1993D6DA86A1ACDDE904EB287CB30C
                    Malicious:false
                    Reputation:low
                    URL:http://38133.xc.05cg.com/favicon.ico
                    Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=gb2312"/>..<title>404 - ..............</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>..........</h1></div>..<div id="content">.. <div class="content-container"
                    No static file info
                    TimestampSource PortDest PortSource IPDest IP
                    Jan 9, 2025 00:45:45.908843994 CET49675443192.168.2.4173.222.162.32
                    Jan 9, 2025 00:45:53.651614904 CET49737443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:45:53.651650906 CET44349737142.250.185.68192.168.2.4
                    Jan 9, 2025 00:45:53.651887894 CET49737443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:45:53.652107954 CET49737443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:45:53.652122974 CET44349737142.250.185.68192.168.2.4
                    Jan 9, 2025 00:45:54.284650087 CET44349737142.250.185.68192.168.2.4
                    Jan 9, 2025 00:45:54.284895897 CET49737443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:45:54.284903049 CET44349737142.250.185.68192.168.2.4
                    Jan 9, 2025 00:45:54.285962105 CET44349737142.250.185.68192.168.2.4
                    Jan 9, 2025 00:45:54.286041021 CET49737443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:45:54.287278891 CET49737443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:45:54.287384033 CET44349737142.250.185.68192.168.2.4
                    Jan 9, 2025 00:45:54.329766035 CET49737443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:45:54.329790115 CET44349737142.250.185.68192.168.2.4
                    Jan 9, 2025 00:45:54.370912075 CET49737443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:45:55.582700014 CET4974080192.168.2.4156.224.208.119
                    Jan 9, 2025 00:45:55.583122969 CET4974180192.168.2.4156.224.208.119
                    Jan 9, 2025 00:45:55.588186026 CET8049740156.224.208.119192.168.2.4
                    Jan 9, 2025 00:45:55.588201046 CET8049741156.224.208.119192.168.2.4
                    Jan 9, 2025 00:45:55.588262081 CET4974080192.168.2.4156.224.208.119
                    Jan 9, 2025 00:45:55.588263988 CET4974180192.168.2.4156.224.208.119
                    Jan 9, 2025 00:45:55.588531017 CET4974080192.168.2.4156.224.208.119
                    Jan 9, 2025 00:45:55.593293905 CET8049740156.224.208.119192.168.2.4
                    Jan 9, 2025 00:45:56.196589947 CET8049740156.224.208.119192.168.2.4
                    Jan 9, 2025 00:45:56.196618080 CET8049740156.224.208.119192.168.2.4
                    Jan 9, 2025 00:45:56.196629047 CET8049740156.224.208.119192.168.2.4
                    Jan 9, 2025 00:45:56.196679115 CET4974080192.168.2.4156.224.208.119
                    Jan 9, 2025 00:45:56.246587992 CET4974080192.168.2.4156.224.208.119
                    Jan 9, 2025 00:45:56.708916903 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:56.713762999 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:56.713860989 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:56.714011908 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:56.718781948 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.603800058 CET49672443192.168.2.4173.222.162.32
                    Jan 9, 2025 00:45:57.603828907 CET44349672173.222.162.32192.168.2.4
                    Jan 9, 2025 00:45:57.771959066 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.772006035 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.772021055 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.772064924 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.772133112 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.772325039 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.780639887 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.780719042 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.780733109 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.780781984 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.780841112 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.780854940 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.780881882 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.780965090 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.780987978 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.781027079 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.867530107 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.867552042 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.867604017 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.911592007 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.911623955 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.911638021 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.911670923 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.916093111 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.916126013 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.916142941 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.916184902 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.916233063 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.916237116 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.926413059 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.926433086 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.926455975 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.926481009 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.926529884 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.948838949 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.948858023 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.948870897 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.948884964 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.948905945 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.948910952 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.948955059 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.955153942 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.955180883 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.955214977 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.955239058 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.955276012 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.955343962 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.965018988 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.965045929 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.965065002 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.965111017 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.965152025 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.974900007 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.974917889 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.974951982 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:57.998233080 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.998250961 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:45:57.998308897 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:45:58.021883011 CET4974080192.168.2.4156.224.208.119
                    Jan 9, 2025 00:45:58.026904106 CET8049740156.224.208.119192.168.2.4
                    Jan 9, 2025 00:45:58.035065889 CET4974480192.168.2.4149.104.73.29
                    Jan 9, 2025 00:45:58.035274029 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.039892912 CET8049744149.104.73.29192.168.2.4
                    Jan 9, 2025 00:45:58.039959908 CET4974480192.168.2.4149.104.73.29
                    Jan 9, 2025 00:45:58.040075064 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.040102005 CET4974480192.168.2.4149.104.73.29
                    Jan 9, 2025 00:45:58.040133953 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.040226936 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.044867039 CET8049744149.104.73.29192.168.2.4
                    Jan 9, 2025 00:45:58.045061111 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.194856882 CET8049740156.224.208.119192.168.2.4
                    Jan 9, 2025 00:45:58.194879055 CET8049740156.224.208.119192.168.2.4
                    Jan 9, 2025 00:45:58.194955111 CET4974080192.168.2.4156.224.208.119
                    Jan 9, 2025 00:45:58.841780901 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.841803074 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.841859102 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.882107019 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.882148027 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.882159948 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.882225990 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.882359982 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.882375956 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.882389069 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.882404089 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.882412910 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.882440090 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.882610083 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.882623911 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.882653952 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.906761885 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.906815052 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.906832933 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.932436943 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.932454109 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.932476044 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.932488918 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.932501078 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.932506084 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.932538986 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.972795010 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.972904921 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.972918034 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.972964048 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.973012924 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.973033905 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.973069906 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.973166943 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.973223925 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.973256111 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.973267078 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.973303080 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.973546982 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.973567009 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.973577976 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.973609924 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.973798990 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.973810911 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.973838091 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.982271910 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.982305050 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.982317924 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:58.982326031 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:58.982363939 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:59.023009062 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:45:59.063560009 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:45:59.462800026 CET8049744149.104.73.29192.168.2.4
                    Jan 9, 2025 00:45:59.516691923 CET4974480192.168.2.4149.104.73.29
                    Jan 9, 2025 00:46:00.010659933 CET4974780192.168.2.4148.153.240.68
                    Jan 9, 2025 00:46:00.015575886 CET8049747148.153.240.68192.168.2.4
                    Jan 9, 2025 00:46:00.017242908 CET4974780192.168.2.4148.153.240.68
                    Jan 9, 2025 00:46:00.017242908 CET4974780192.168.2.4148.153.240.68
                    Jan 9, 2025 00:46:00.022047997 CET8049747148.153.240.68192.168.2.4
                    Jan 9, 2025 00:46:00.900428057 CET8049747148.153.240.68192.168.2.4
                    Jan 9, 2025 00:46:00.940686941 CET4974780192.168.2.4148.153.240.68
                    Jan 9, 2025 00:46:04.185244083 CET44349737142.250.185.68192.168.2.4
                    Jan 9, 2025 00:46:04.185318947 CET44349737142.250.185.68192.168.2.4
                    Jan 9, 2025 00:46:04.185480118 CET49737443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:46:05.722635031 CET49737443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:46:05.722678900 CET44349737142.250.185.68192.168.2.4
                    Jan 9, 2025 00:46:27.341018915 CET5893153192.168.2.4162.159.36.2
                    Jan 9, 2025 00:46:27.346327066 CET5358931162.159.36.2192.168.2.4
                    Jan 9, 2025 00:46:27.348041058 CET5893153192.168.2.4162.159.36.2
                    Jan 9, 2025 00:46:27.353975058 CET5358931162.159.36.2192.168.2.4
                    Jan 9, 2025 00:46:27.810942888 CET5893153192.168.2.4162.159.36.2
                    Jan 9, 2025 00:46:27.816001892 CET5358931162.159.36.2192.168.2.4
                    Jan 9, 2025 00:46:27.816059113 CET5893153192.168.2.4162.159.36.2
                    Jan 9, 2025 00:46:40.595238924 CET4974180192.168.2.4156.224.208.119
                    Jan 9, 2025 00:46:40.600156069 CET8049741156.224.208.119192.168.2.4
                    Jan 9, 2025 00:46:43.001332045 CET4974380192.168.2.490.84.161.16
                    Jan 9, 2025 00:46:43.006181955 CET804974390.84.161.16192.168.2.4
                    Jan 9, 2025 00:46:43.204452991 CET4974080192.168.2.4156.224.208.119
                    Jan 9, 2025 00:46:43.209863901 CET8049740156.224.208.119192.168.2.4
                    Jan 9, 2025 00:46:44.032571077 CET4974580192.168.2.4199.91.74.185
                    Jan 9, 2025 00:46:44.037347078 CET8049745199.91.74.185192.168.2.4
                    Jan 9, 2025 00:46:44.470067978 CET4974480192.168.2.4149.104.73.29
                    Jan 9, 2025 00:46:44.474857092 CET8049744149.104.73.29192.168.2.4
                    Jan 9, 2025 00:46:45.907433987 CET4974780192.168.2.4148.153.240.68
                    Jan 9, 2025 00:46:45.912245989 CET8049747148.153.240.68192.168.2.4
                    Jan 9, 2025 00:46:53.706979036 CET59036443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:46:53.707027912 CET44359036142.250.185.68192.168.2.4
                    Jan 9, 2025 00:46:53.707134962 CET59036443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:46:53.707470894 CET59036443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:46:53.707484961 CET44359036142.250.185.68192.168.2.4
                    Jan 9, 2025 00:46:54.336262941 CET44359036142.250.185.68192.168.2.4
                    Jan 9, 2025 00:46:54.336745977 CET59036443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:46:54.336771965 CET44359036142.250.185.68192.168.2.4
                    Jan 9, 2025 00:46:54.337255001 CET44359036142.250.185.68192.168.2.4
                    Jan 9, 2025 00:46:54.337614059 CET59036443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:46:54.337692022 CET44359036142.250.185.68192.168.2.4
                    Jan 9, 2025 00:46:54.392853975 CET59036443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:46:55.747348070 CET4974180192.168.2.4156.224.208.119
                    Jan 9, 2025 00:46:55.752374887 CET8049741156.224.208.119192.168.2.4
                    Jan 9, 2025 00:46:55.752448082 CET4974180192.168.2.4156.224.208.119
                    Jan 9, 2025 00:47:04.271399021 CET44359036142.250.185.68192.168.2.4
                    Jan 9, 2025 00:47:04.271464109 CET44359036142.250.185.68192.168.2.4
                    Jan 9, 2025 00:47:04.271600962 CET59036443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:47:05.722590923 CET59036443192.168.2.4142.250.185.68
                    Jan 9, 2025 00:47:05.722623110 CET44359036142.250.185.68192.168.2.4
                    TimestampSource PortDest PortSource IPDest IP
                    Jan 9, 2025 00:45:49.444726944 CET53611891.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:49.467143059 CET53504151.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:50.632582903 CET53609341.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:53.643843889 CET5013653192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:53.643996000 CET5816453192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:53.650572062 CET53581641.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:53.650593042 CET53501361.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:55.395087957 CET6197453192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:55.395333052 CET5779253192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:55.546658993 CET53619741.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:56.241532087 CET6026153192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:56.241704941 CET6367453192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:56.682653904 CET53636741.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:56.708344936 CET53602611.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:58.019782066 CET5088353192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:58.020155907 CET6322453192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:58.021334887 CET5025453192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:58.021590948 CET5669153192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:58.027302980 CET53508831.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:58.028726101 CET53502541.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:58.469775915 CET53566911.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:58.604728937 CET53632241.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:59.404366970 CET53577921.1.1.1192.168.2.4
                    Jan 9, 2025 00:45:59.467658997 CET5948353192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:59.467803955 CET5281553192.168.2.41.1.1.1
                    Jan 9, 2025 00:45:59.942605019 CET53594831.1.1.1192.168.2.4
                    Jan 9, 2025 00:46:00.027721882 CET53528151.1.1.1192.168.2.4
                    Jan 9, 2025 00:46:00.900702953 CET138138192.168.2.4192.168.2.255
                    Jan 9, 2025 00:46:07.619400024 CET53565401.1.1.1192.168.2.4
                    Jan 9, 2025 00:46:26.384712934 CET53524851.1.1.1192.168.2.4
                    Jan 9, 2025 00:46:27.336936951 CET5357556162.159.36.2192.168.2.4
                    Jan 9, 2025 00:46:27.827954054 CET53639201.1.1.1192.168.2.4
                    Jan 9, 2025 00:46:49.019880056 CET53527171.1.1.1192.168.2.4
                    Jan 9, 2025 00:46:49.355509996 CET53575001.1.1.1192.168.2.4
                    TimestampSource IPDest IPChecksumCodeType
                    Jan 9, 2025 00:45:58.469844103 CET192.168.2.41.1.1.1c288(Port unreachable)Destination Unreachable
                    Jan 9, 2025 00:46:00.034060001 CET192.168.2.41.1.1.1c296(Port unreachable)Destination Unreachable
                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Jan 9, 2025 00:45:53.643843889 CET192.168.2.41.1.1.10xdaaStandard query (0)www.google.comA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:53.643996000 CET192.168.2.41.1.1.10x7b91Standard query (0)www.google.com65IN (0x0001)false
                    Jan 9, 2025 00:45:55.395087957 CET192.168.2.41.1.1.10xbb33Standard query (0)38133.xc.05cg.comA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:55.395333052 CET192.168.2.41.1.1.10x6fc0Standard query (0)38133.xc.05cg.com65IN (0x0001)false
                    Jan 9, 2025 00:45:56.241532087 CET192.168.2.41.1.1.10x8fbcStandard query (0)sdk.51.laA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:56.241704941 CET192.168.2.41.1.1.10x6c6bStandard query (0)sdk.51.la65IN (0x0001)false
                    Jan 9, 2025 00:45:58.019782066 CET192.168.2.41.1.1.10x6fcStandard query (0)collect-v6.51.laA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:58.020155907 CET192.168.2.41.1.1.10x9bd0Standard query (0)collect-v6.51.la65IN (0x0001)false
                    Jan 9, 2025 00:45:58.021334887 CET192.168.2.41.1.1.10xd3eStandard query (0)sdk.51.laA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:58.021590948 CET192.168.2.41.1.1.10xcc9fStandard query (0)sdk.51.la65IN (0x0001)false
                    Jan 9, 2025 00:45:59.467658997 CET192.168.2.41.1.1.10x8e76Standard query (0)collect-v6.51.laA (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:59.467803955 CET192.168.2.41.1.1.10x8034Standard query (0)collect-v6.51.la65IN (0x0001)false
                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Jan 9, 2025 00:45:53.650572062 CET1.1.1.1192.168.2.40x7b91No error (0)www.google.com65IN (0x0001)false
                    Jan 9, 2025 00:45:53.650593042 CET1.1.1.1192.168.2.40xdaaNo error (0)www.google.com142.250.185.68A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:55.546658993 CET1.1.1.1192.168.2.40xbb33No error (0)38133.xc.05cg.com156.224.208.119A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:56.682653904 CET1.1.1.1192.168.2.40x6c6bNo error (0)sdk.51.lasdk.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:56.682653904 CET1.1.1.1192.168.2.40x6c6bNo error (0)sdk.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:56.708344936 CET1.1.1.1192.168.2.40x8fbcNo error (0)sdk.51.lasdk.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:56.708344936 CET1.1.1.1192.168.2.40x8fbcNo error (0)sdk.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:56.708344936 CET1.1.1.1192.168.2.40x8fbcNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn90.84.161.16A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:56.708344936 CET1.1.1.1192.168.2.40x8fbcNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn90.84.161.20A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:56.708344936 CET1.1.1.1192.168.2.40x8fbcNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn90.84.161.21A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:56.708344936 CET1.1.1.1192.168.2.40x8fbcNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn148.153.240.68A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:58.027302980 CET1.1.1.1192.168.2.40x6fcNo error (0)collect-v6.51.lacollect-v6.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:58.027302980 CET1.1.1.1192.168.2.40x6fcNo error (0)collect-v6.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:58.027302980 CET1.1.1.1192.168.2.40x6fcNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn149.104.73.29A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:58.027302980 CET1.1.1.1192.168.2.40x6fcNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn98.98.25.19A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:58.028726101 CET1.1.1.1192.168.2.40xd3eNo error (0)sdk.51.lasdk.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:58.028726101 CET1.1.1.1192.168.2.40xd3eNo error (0)sdk.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:58.028726101 CET1.1.1.1192.168.2.40xd3eNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.185A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:58.028726101 CET1.1.1.1192.168.2.40xd3eNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.184A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:58.028726101 CET1.1.1.1192.168.2.40xd3eNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.209A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:58.028726101 CET1.1.1.1192.168.2.40xd3eNo error (0)hcdnwsa120.v5.cdnhwczoy106.cn199.91.74.208A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:58.469775915 CET1.1.1.1192.168.2.40xcc9fNo error (0)sdk.51.lasdk.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:58.469775915 CET1.1.1.1192.168.2.40xcc9fNo error (0)sdk.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:58.604728937 CET1.1.1.1192.168.2.40x9bd0No error (0)collect-v6.51.lacollect-v6.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:58.604728937 CET1.1.1.1192.168.2.40x9bd0No error (0)collect-v6.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:59.404366970 CET1.1.1.1192.168.2.40x6fc0Server failure (2)38133.xc.05cg.comnonenone65IN (0x0001)false
                    Jan 9, 2025 00:45:59.942605019 CET1.1.1.1192.168.2.40x8e76No error (0)collect-v6.51.lacollect-v6.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:59.942605019 CET1.1.1.1192.168.2.40x8e76No error (0)collect-v6.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:45:59.942605019 CET1.1.1.1192.168.2.40x8e76No error (0)hcdnwsa120.v5.cdnhwczoy106.cn148.153.240.68A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:59.942605019 CET1.1.1.1192.168.2.40x8e76No error (0)hcdnwsa120.v5.cdnhwczoy106.cn90.84.161.16A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:59.942605019 CET1.1.1.1192.168.2.40x8e76No error (0)hcdnwsa120.v5.cdnhwczoy106.cn90.84.161.20A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:45:59.942605019 CET1.1.1.1192.168.2.40x8e76No error (0)hcdnwsa120.v5.cdnhwczoy106.cn90.84.161.21A (IP address)IN (0x0001)false
                    Jan 9, 2025 00:46:00.027721882 CET1.1.1.1192.168.2.40x8034No error (0)collect-v6.51.lacollect-v6.51.la.d183e8b1.cdnhwcgqa21.comCNAME (Canonical name)IN (0x0001)false
                    Jan 9, 2025 00:46:00.027721882 CET1.1.1.1192.168.2.40x8034No error (0)collect-v6.51.la.d183e8b1.cdnhwcgqa21.comhcdnwsa120.v5.cdnhwczoy106.cnCNAME (Canonical name)IN (0x0001)false
                    • 38133.xc.05cg.com
                      • sdk.51.la
                      • collect-v6.51.la
                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.449740156.224.208.119804280C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:45:55.588531017 CET432OUTGET / HTTP/1.1
                    Host: 38133.xc.05cg.com
                    Connection: keep-alive
                    Upgrade-Insecure-Requests: 1
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Jan 9, 2025 00:45:56.196589947 CET1236INHTTP/1.1 200 OK
                    Cache-Control: no-cache
                    Pragma: no-cache
                    Content-Type: text/html; charset=UTF-8
                    Content-Encoding: gzip
                    Expires: -1
                    Server: Microsoft-IIS/8.5
                    X-Powered-By: ASP.NET
                    Date: Wed, 08 Jan 2025 07:45:19 GMT
                    Content-Length: 2056
                    Data Raw: 1f 8b 08 00 00 00 00 00 04 00 85 57 5b 6f 1b c7 15 7e 0f e0 ff 30 5e 23 0e 89 ee 2e 97 a4 44 49 24 57 2e 45 51 96 64 4b b2 2e b4 a3 1a 86 31 dc 1d 92 23 ed 2d 33 b3 a4 68 47 40 d0 97 b6 46 0d b4 0f 49 10 c0 01 12 a0 0f 05 8a 24 06 fa 52 a0 70 f3 63 5a 29 ca bf e8 99 d9 5d 72 29 db b0 2f e0 cc 99 73 ce 7e e7 3e d3 bc b9 be d7 3e 3a 7e d0 41 43 e1 7b ab 37 3e 6a ca 5f e4 52 66 6b 9e 60 1a f2 70 30 b0 b5 67 43 0d d1 f2 72 60 44 2c 74 08 e7 c4 b5 35 6d b5 39 24 d8 5d 6d fa 44 60 10 17 91 41 3e 8b e9 c8 d6 da 61 20 48 20 8c a3 49 44 34 e4 24 3b 5b 13 e4 4c 94 a4 fa 06 72 86 98 71 22 ec ee d1 86 b1 ac c9 cf 2a 25 01 f6 09 f0 0d 89 4f 0c 27 f4 42 96 93 be d5 ef f7 af 73 8e 28 19 47 21 13 39 b6 31 75 c5 d0 76 c9 88 3a c4 50 1b 1d d1 80 0a 8a 3d 83 3b d8 23 76 d9 b4 74 1f 9f 51 3f f6 73 14 14 73 c2 d4 1e f7 80 14 84 ea 5b 82 0a 8f ac 5e 7e fd dd e5 3f bf bc fa f1 e7 5f bf fe f1 f2 87 bf fd f2 e6 af bf fc e3 9b 66 29 39 04 2e ee 30 1a 09 58 b9 a1 13 fb 00 c3 0c 03 05 e8 4c c0 2e b6 03 32 46 1b 71 e0 08 1a 06 [TRUNCATED]
                    Data Ascii: W[o~0^#.DI$W.EQdK.1#-3hG@FI$RpcZ)]r)/s~>>:~AC{7>j_Rfk`p0gCr`D,t5m9$]mD`A>a H ID4$;[Lrq"*%O'Bs(G!91uv:P=;#vtQ?ss[^~?_f)9.0XL.2FqVDsRx\`&>$,M?P\1RaH:*[*UE;zah%lg0Ptb%qIBa/P\e./-_Q}4DuVt*)ptY=5n8F9|GGQ#eVtT.*$T(`e!Ck`t8pW@M+8"rlJc$aY\2UpJh@D*FZYKc"!|)dSz"}8P(:d.ei3(]R*)yCI97;HYPXXiA0R85Tr<!"h[BNBSKTu|,'Lx<M04VN/iuR|MAfjXZ`seB2Lx.djtm-$NJtVcd1$ :6vF}< P e^Q) -wwaw`-ts}IR\u{!>$
                    Jan 9, 2025 00:45:56.196618080 CET224INData Raw: d3 da df eb 1d ff 4e ca 6f 6c 6f 1f 74 36 ba 64 63 49 58 4e 67 77 b0 de da d9 5f d9 18 1f 0f ce ee d6 1e 9d 44 78 eb 59 bb dd 3a db 3f 7b 38 18 6c c4 eb b4 3d f2 ee ef 91 03 77 f3 60 65 f2 ec 24 70 36 1f 86 9f 55 83 28 fe cd 78 bf cb ba f1 f6 e6
                    Data Ascii: Nolot6dcIXNgw_DxY:?{8l=w`e$p6U(x;<0d{?ul}WuV\vyv[lomET9Su)nl\#O89}HD9et.!`-G"TqZEdYI2s}I}\
                    Jan 9, 2025 00:45:56.196629047 CET844INData Raw: 37 f2 e3 27 4d 70 a9 28 d1 0f 53 2f 9d 74 cd 92 ba 7d c0 a2 17 ba 13 44 e1 46 02 f7 00 75 6a 6b ca c8 3e f6 a9 07 b6 df be 55 5d 69 1c 92 41 48 50 77 4b 6d f4 16 83 56 a2 ab f5 0e 75 58 c8 43 40 7a 8c a1 37 24 e7 1c 2a 00 92 8c d1 7e 23 ef b0 05
                    Data Ascii: 7'Mp(S/t}DFujk>U]iAHPwKmVuXC@z7$*~#cjxs[f`C\O8WKdK9Ou3OupY'<r&QwQN>H??|m=@^_|}Udfdy{o%<'zt7PF
                    Jan 9, 2025 00:45:58.021883011 CET750OUTGET /favicon.ico HTTP/1.1
                    Host: 38133.xc.05cg.com
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    Referer: http://38133.xc.05cg.com/
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Cookie: __vtins__KYSvWsCE8EvRnMGm=%7B%22sid%22%3A%20%22fa5df923-1976-5545-9115-836d0ff2bb7d%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201736381757690%2C%20%22ct%22%3A%201736379957690%7D; __51uvsct__KYSvWsCE8EvRnMGm=1; __51vcke__KYSvWsCE8EvRnMGm=f69487f2-716a-5e35-91d6-08780cff0571; __51vuft__KYSvWsCE8EvRnMGm=1736379957695
                    Jan 9, 2025 00:45:58.194856882 CET1236INHTTP/1.1 404 Not Found
                    Content-Type: text/html
                    Server: Microsoft-IIS/8.5
                    X-Powered-By: ASP.NET
                    Date: Wed, 08 Jan 2025 07:45:21 GMT
                    Content-Length: 1163
                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f [TRUNCATED]
                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> [TRUNCATED]
                    Jan 9, 2025 00:45:58.194879055 CET87INData Raw: b1 bb c9 be b3 fd a3 ac d2 d1 b8 fc b8 c4 c3 fb b3 c6 bb f2 d5 df d4 dd ca b1 b2 bb bf c9 d3 c3 a1 a3 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74
                    Data Ascii: </h3> </fieldset></div></div></body></html>
                    Jan 9, 2025 00:46:43.204452991 CET6OUTData Raw: 00
                    Data Ascii:


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.44974390.84.161.16804280C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:45:56.714011908 CET315OUTGET /js-sdk-pro.min.js HTTP/1.1
                    Host: sdk.51.la
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Referer: http://38133.xc.05cg.com/
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Jan 9, 2025 00:45:57.771959066 CET1236INHTTP/1.1 200 OK
                    Date: Wed, 08 Jan 2025 23:45:57 GMT
                    Content-Type: text/plain; charset=utf-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Server: openresty
                    Cache-Control: no-store
                    Access-Control-Allow-Origin: *
                    Access-Control-Allow-Credentials: true
                    via: EU-GER-frankfurt-EDGE5-CACHE4[441],EU-GER-frankfurt-EDGE5-CACHE4[ovl,440],CHN-HElangfang-GLOBAL6-CACHE142[ovl,18]
                    X-CCDN-REQ-ID-46B1: a227f138a8a7a134ce8b592fb005d3ef
                    Data Raw: 66 39 66 0d 0a 2f 2a 21 0a 2a 20 35 31 4c 41 20 41 6e 61 6c 79 73 69 73 20 4a 61 76 61 73 63 72 69 70 74 20 53 6f 66 74 77 61 72 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 4b 69 74 0a 2a 20 6a 73 2d 73 64 6b 2d 70 72 6f 20 76 31 2e 35 38 2e 33 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 31 36 2d 32 30 32 32 20 35 31 2e 6c 61 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 0a 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2c 67 3d 65 5b 27 64 6f 63 75 6d 65 6e 74 27 5d 2c 68 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 69 3d 41 28 27 4f 62 6a 65 63 74 27 29 2c 6a 3d 41 28 27 4e 75 6d 62 65 72 27 29 2c 6b 3d 41 28 27 53 74 72 69 6e 67 27 29 2c 6d 3d 41 28 27 41 72 72 61 79 27 29 2c 6e 3d 41 28 27 46 75 6e 63 74 69 6f 6e 27 29 2c 6f 3d 41 28 27 52 65 67 45 78 70 27 29 3b 66 75 6e 63 74 69 6f 6e 20 71 28 74 2c 75 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 78 30 21 3d 3d 74 26 26 2d 30 78 31 [TRUNCATED]
                    Data Ascii: f9f/*!* 51LA Analysis Javascript Software Development Kit* js-sdk-pro v1.58.3* Copyright 2016-2022 51.la All Rights Reserved*/(function(c){'use strict';var e=window,g=e['document'],h=encodeURIComponent,i=A('Object'),j=A('Number'),k=A('String'),m=A('Array'),n=A('Function'),o=A('RegExp');function q(t,u){return void 0x0!==t&&-0x1!==t['indexOf'](u);}function v(w,x){for(var y=0x0,z=w['length'];y<z;y++)if(w[y]==x)return y;return-0x1;}function A(B){return function(C){return Object['prototype']['toString']['call'](C)==='[object\x20'['concat'](B,']');};}function D(){for(var E=0x0,F={};E<arguments['length'];E++){var G=arguments[E];for(var H in G)F[H]=G[H];}return F;}function I(J){return J['replace'](/&/g,'~_~');}function K(L){var M='';for(var N in L)''!==M&&(M+='&'),M+=N+'='+h(h(I(Strin
                    Jan 9, 2025 00:45:57.772006035 CET1236INData Raw: 67 28 4c 5b 4e 5d 29 29 29 29 3b 72 65 74 75 72 6e 20 4d 3b 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 50 29 7b 72 65 74 75 72 6e 20 50 5b 27 72 65 70 6c 61 63 65 27 5d 28 2f 5e 5c 73 2b 7c 5c 73 2b 24 2f 67 2c 27 27 29 3b 7d 66 75 6e 63 74 69 6f 6e 20
                    Data Ascii: g(L[N]))));return M;}function O(P){return P['replace'](/^\s+|\s+$/g,'');}function Q(){return+new Date();}function R(S){var T=e['navigator']['userAgent'],U=new RegExp(/\b(?:Chrome|CrMo|CriOS)\/([\d.]+)/)['exec'](T);return!(U&&U['length']&&U[0x1
                    Jan 9, 2025 00:45:57.772021055 CET1236INData Raw: 68 27 5d 3f 61 62 5b 30 78 30 5d 5b 27 69 6e 6e 65 72 48 54 4d 4c 27 5d 3a 27 27 29 2c 61 63 5b 27 74 74 27 5d 3d 61 63 5b 27 74 74 27 5d 5b 27 73 6c 69 63 65 27 5d 28 30 78 30 2c 30 78 33 65 38 29 3b 66 6f 72 28 76 61 72 20 61 64 3d 30 78 30 3b
                    Data Ascii: h']?ab[0x0]['innerHTML']:''),ac['tt']=ac['tt']['slice'](0x0,0x3e8);for(var ad=0x0;ad<aa['length'];ad++)aa[ad]['name']&&(a9=aa[ad]['name']['toLowerCase'](),V['FYndLr']('keywords',a9)&&(ac['kw']=aa[ad]['content']),V['FYndLr']('description',a9)&&
                    Jan 9, 2025 00:45:57.772133112 CET737INData Raw: 27 5d 5b 27 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 27 5d 5b 27 63 61 6c 6c 27 5d 28 61 41 2c 61 44 29 29 61 45 3d 61 44 3b 65 6c 73 65 7b 69 66 28 4f 62 6a 65 63 74 5b 27 70 72 6f 74 6f 74 79 70 65 27 5d 5b 27 68 61 73 4f 77 6e 50 72 6f 70 65
                    Data Ascii: ']['hasOwnProperty']['call'](aA,aD))aE=aD;else{if(Object['prototype']['hasOwnProperty']['call'](aB,aE)){if(aE['charCodeAt'](0x0)<0x100){for(ax=0x0;ax<aH;ax++)aJ<<=0x1,aK==ah-0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0):aK++;for(ay=aE['charCodeAt'](0
                    Jan 9, 2025 00:45:57.780639887 CET1236INData Raw: 32 32 32 32 0d 0a 3a 61 4b 2b 2b 2c 61 79 3e 3e 3d 30 78 31 3b 30 78 30 3d 3d 2d 2d 61 46 26 26 28 61 46 3d 4d 61 74 68 5b 27 70 6f 77 27 5d 28 30 78 32 2c 61 48 29 2c 61 48 2b 2b 29 2c 61 41 5b 61 44 5d 3d 61 47 2b 2b 2c 61 45 3d 53 74 72 69 6e
                    Data Ascii: 2222:aK++,ay>>=0x1;0x0==--aF&&(aF=Math['pow'](0x2,aH),aH++),aA[aD]=aG++,aE=String(aC);}if(''!==aE){if(Object['prototype']['hasOwnProperty']['call'](aB,aE)){if(aE['charCodeAt'](0x0)<0x100){for(ax=0x0;ax<aH;ax++)aJ<<=0x1,aK==ah-0x1?(aK=0x0,aI[
                    Jan 9, 2025 00:45:57.780719042 CET1236INData Raw: 74 72 75 63 74 6f 72 27 5d 3d 3d 3d 53 79 6d 62 6f 6c 26 26 61 4d 21 3d 3d 53 79 6d 62 6f 6c 5b 27 70 72 6f 74 6f 74 79 70 65 27 5d 3f 27 73 79 6d 62 6f 6c 27 3a 74 79 70 65 6f 66 20 61 4d 3b 7d 29 28 61 4d 29 3b 7d 76 61 72 20 61 50 3d 7b 27 70
                    Data Ascii: tructor']===Symbol&&aM!==Symbol['prototype']?'symbol':typeof aM;})(aM);}var aP={'parse':function gw(aV){return eval('('+aV+')');},'stringify':(aQ=Object['prototype']['toString'],aR=Object['prototype']['hasOwnProperty'],aS={'"':'\x5c\x22','\\':
                    Jan 9, 2025 00:45:57.780733109 CET448INData Raw: 78 31 2c 30 78 31 2c 30 78 31 2c 30 78 31 2c 30 78 32 2c 30 78 32 2c 30 78 32 2c 30 78 32 2c 30 78 33 2c 30 78 33 2c 30 78 33 2c 30 78 33 2c 30 78 34 2c 30 78 34 2c 30 78 34 2c 30 78 34 2c 30 78 35 2c 30 78 35 2c 30 78 35 2c 30 78 35 2c 30 78 30
                    Data Ascii: x1,0x1,0x1,0x1,0x2,0x2,0x2,0x2,0x3,0x3,0x3,0x3,0x4,0x4,0x4,0x4,0x5,0x5,0x5,0x5,0x0,0x0,0x0,0x0]),b8=new b4([0x0,0x0,0x0,0x0,0x1,0x1,0x2,0x2,0x3,0x3,0x4,0x4,0x5,0x5,0x6,0x6,0x7,0x7,0x8,0x8,0x9,0x9,0xa,0xa,0xb,0xb,0xc,0xc,0xd,0xd,0x0,0x0]),b9=ne
                    Jan 9, 2025 00:45:57.780841112 CET1236INData Raw: 62 39 3d 30 78 31 3b 62 39 3c 30 78 31 65 3b 2b 2b 62 39 29 66 6f 72 28 76 61 72 20 62 62 3d 62 38 5b 62 39 5d 3b 62 62 3c 62 38 5b 62 39 2b 30 78 31 5d 3b 2b 2b 62 62 29 62 61 5b 62 62 5d 3d 62 62 2d 62 38 5b 62 39 5d 3c 3c 30 78 35 7c 62 39 3b
                    Data Ascii: b9=0x1;b9<0x1e;++b9)for(var bb=b8[b9];bb<b8[b9+0x1];++bb)ba[bb]=bb-b8[b9]<<0x5|b9;return[b8,ba];},bb=ba(b7,0x2),bc=bb[0x0],bd=bb[0x1];bc[0x1c]=0x102,bd[0x102]=0x1c;for(var bk=ba(b8,0x0),bl=(bk[0x0],bk[0x1]),bm=new b5(0x8000),bn=0x0;bn<0x8000;+
                    Jan 9, 2025 00:45:57.780854940 CET1236INData Raw: 3d 30 78 30 29 2c 28 6e 75 6c 6c 3d 3d 62 39 7c 7c 62 39 3e 62 37 5b 27 6c 65 6e 67 74 68 27 5d 29 26 26 28 62 39 3d 62 37 5b 27 6c 65 6e 67 74 68 27 5d 29 3b 76 61 72 20 62 61 3d 6e 65 77 28 62 37 20 69 6e 73 74 61 6e 63 65 6f 66 20 62 35 3f 62
                    Data Ascii: =0x0),(null==b9||b9>b7['length'])&&(b9=b7['length']);var ba=new(b7 instanceof b5?b5:b7 instanceof b6?b6:b4)(b9-b8);return ba['set'](b7['subarray'](b8,b9)),ba;},bJ=function(b4,b5,b6){b6<<=0x7&b5;var b7=b5/0x8|0x0;b4[b7]|=b6,b4[b7+0x1]|=b6>>>0x8
                    Jan 9, 2025 00:45:57.780965090 CET1236INData Raw: 5d 3e 62 37 29 29 62 72 65 61 6b 3b 62 45 2b 3d 62 47 2d 28 30 78 31 3c 3c 62 71 2d 62 70 5b 62 48 5d 29 2c 62 70 5b 62 48 5d 3d 62 37 3b 7d 66 6f 72 28 62 45 3e 3e 3e 3d 62 46 3b 62 45 3e 30 78 30 3b 29 7b 76 61 72 20 62 49 3d 62 62 5b 62 39 5d
                    Data Ascii: ]>b7))break;bE+=bG-(0x1<<bq-bp[bH]),bp[bH]=b7;}for(bE>>>=bF;bE>0x0;){var bI=bb[b9]['s'];bp[bI]<b7?bE-=0x1<<b7-bp[bI]++-0x1:++b9;}for(;b9>=0x0&&bE;--b9){var bJ=bb[b9]['s'];bp[bJ]==b7&&(--bp[bJ],++bE);}bq=b7;}return[new b4(bp),bq];},bM=function
                    Jan 9, 2025 00:45:57.780987978 CET672INData Raw: 3d 62 48 5b 30 78 31 5d 2c 62 51 3d 62 4c 28 62 64 2c 30 78 66 29 2c 62 52 3d 62 51 5b 30 78 30 5d 2c 62 53 3d 62 51 5b 30 78 31 5d 2c 62 54 3d 62 4e 28 62 49 29 2c 62 55 3d 62 54 5b 30 78 30 5d 2c 62 56 3d 62 54 5b 30 78 31 5d 2c 62 57 3d 62 4e
                    Data Ascii: =bH[0x1],bQ=bL(bd,0xf),bR=bQ[0x0],bS=bQ[0x1],bT=bN(bI),bU=bT[0x0],bV=bT[0x1],bW=bN(bR),bX=bW[0x0],bY=bW[0x1],bZ=new b5(0x13),c0=0x0;c0<bU['length'];++c0)bZ[0x1f&bU[c0]]++;for(c0=0x0;c0<bX['length'];++c0)bZ[0x1f&bX[c0]]++;for(var dw=bL(bZ,0x7),


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.449744149.104.73.29804280C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:45:58.040102005 CET657OUTPOST /v6/collect?dt=4 HTTP/1.1
                    Host: collect-v6.51.la
                    Connection: keep-alive
                    Content-Length: 281
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Origin: http://38133.xc.05cg.com
                    Referer: http://38133.xc.05cg.com/
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Data Raw: 1f 8b 08 00 35 0e 7f 67 00 03 5d 50 bb 4e c3 40 10 fc 95 e8 4a c4 d9 f7 f0 bd d2 a2 88 02 d1 10 21 44 e9 dc f9 02 4a e2 44 b1 cf 41 42 7c 04 05 8a e8 28 e8 10 69 a8 11 7f e3 c0 5f 90 bd 38 4d ba d1 cc ec ee cc 3e a2 7b 87 fa 3d 74 71 3b 6c 6e aa b3 81 1e 34 57 e5 e5 f9 0c 9d f6 d0 b2 de 29 54 71 c9 95 31 42 49 43 76 64 0d 24 6a d7 6f ed d7 cb ef e6 e7 6f bd 69 3f df b7 df cf db 8f 57 98 99 ac 40 06 e4 aa 03 aa f6 27 7c 2e 9c 37 8c 63 6a 94 c4 42 64 02 1b 4a 05 d6 5c 3a e2 3d 1b 8d 94 03 bb 0d e0 be ab eb 45 3f 4d b9 a6 9c 27 0f 36 21 c2 8e 13 3b 9f a5 60 59 44 4b cc 38 05 44 99 26 27 94 b0 0c a8 69 5e 8e 81 2c 4a 7c 3d 8c 0b 63 e4 50 4e ca f9 2a e6 69 20 0f 05 a5 38 00 60 58 06 62 2c 08 4d dd b2 03 a1 a9 6c e7 0b 5d 15 69 32 ad 3c c3 8a ca 1c 8b 82 43 15 27 31 d1 4a 13 eb 3d 11 8a c2 a5 e0 8f 5f 28 9e fe 01 42 1f 66 e7 72 01 00 00
                    Data Ascii: 5g]PN@J!DJDAB|(i_8M>{=tq;ln4W)Tq1BICvd$jooi?W@'|.7cjBdJ\:=E?M'6!;`YDK8D&'i^,J|=cPN*i 8`Xb,Ml]i2<C'1J=_(Bfr
                    Jan 9, 2025 00:45:59.462800026 CET415INHTTP/1.1 200
                    Date: Wed, 08 Jan 2025 23:45:59 GMT
                    Content-Length: 0
                    Connection: keep-alive
                    Vary: Origin
                    Vary: Access-Control-Request-Method
                    Vary: Access-Control-Request-Headers
                    Access-Control-Allow-Origin: http://38133.xc.05cg.com
                    Access-Control-Allow-Credentials: true
                    via: LA-BRA-saopaulo-EDGE3-CACHE12[754],LA-BRA-saopaulo-EDGE3-CACHE12[ovl,748]
                    X-CCDN-REQ-ID-46B1: 562d8489911fd874cfdd3ab5c442b345
                    Jan 9, 2025 00:46:44.470067978 CET6OUTData Raw: 00
                    Data Ascii:


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.449745199.91.74.185804280C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:45:58.040226936 CET279OUTGET /js-sdk-pro.min.js HTTP/1.1
                    Host: sdk.51.la
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Jan 9, 2025 00:45:58.841780901 CET1236INHTTP/1.1 200 OK
                    Date: Wed, 08 Jan 2025 23:45:58 GMT
                    Content-Type: text/plain; charset=utf-8
                    Transfer-Encoding: chunked
                    Connection: keep-alive
                    Server: openresty
                    Cache-Control: no-store
                    Access-Control-Allow-Origin: *
                    Access-Control-Allow-Credentials: true
                    via: LA-MEX-queretaro-EDGE1-CACHE1[225],LA-MEX-queretaro-EDGE1-CACHE1[ovl,221],LA-MEX-queretaro-EDGE2-CACHE8[ovl,221],CHN-HElangfang-GLOBAL6-CACHE16[ovl,14]
                    X-CCDN-REQ-ID-46B1: b16b6cc91085a5602e41b9f1a89fc14a
                    Data Raw: 34 61 36 0d 0a 2f 2a 21 0a 2a 20 35 31 4c 41 20 41 6e 61 6c 79 73 69 73 20 4a 61 76 61 73 63 72 69 70 74 20 53 6f 66 74 77 61 72 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 20 4b 69 74 0a 2a 20 6a 73 2d 73 64 6b 2d 70 72 6f 20 76 31 2e 35 38 2e 33 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 32 30 31 36 2d 32 30 32 32 20 35 31 2e 6c 61 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 0a 2a 2f 0a 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 76 61 72 20 65 3d 77 69 6e 64 6f 77 2c 67 3d 65 5b 27 64 6f 63 75 6d 65 6e 74 27 5d 2c 68 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 69 3d 41 28 27 4f 62 6a 65 63 74 27 29 2c 6a 3d 41 28 27 4e 75 6d 62 65 72 27 29 2c 6b 3d 41 28 27 53 74 72 69 6e 67 27 29 2c 6d 3d 41 28 27 41 72 72 61 79 27 29 2c 6e 3d 41 28 27 46 75 6e 63 74 69 6f 6e 27 29 2c 6f 3d 41 28 27 52 65 67 45 78 70 27 29 3b 66 75 6e 63 74 69 6f 6e 20 71 28 74 2c 75 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 78 30 21 3d 3d 74 26 26 2d 30 78 31 [TRUNCATED]
                    Data Ascii: 4a6/*!* 51LA Analysis Javascript Software Development Kit* js-sdk-pro v1.58.3* Copyright 2016-2022 51.la All Rights Reserved*/(function(c){'use strict';var e=window,g=e['document'],h=encodeURIComponent,i=A('Object'),j=A('Number'),k=A('String'),m=A('Array'),n=A('Function'),o=A('RegExp');function q(t,u){return void 0x0!==t&&-0x1!==t['indexOf'](u);}function v(w,x){for(var y=0x0,z=w['length'];y<z;y++)if(w[y]==x)return y;return-0x1;}function A(B){return function(C){return Object['prototype']['toString']['call'](C)==='[object\x20'['concat'](B,']');};}function D(){for(var E=0x0,F={};E<arguments['length'];E++){var G=arguments[E];for(var H in G)F[H]=G[H];}return F;}function I(J){return J['replace'](/&/g,'~_~');}function K(L){var M='';for(var N in L
                    Jan 9, 2025 00:45:58.841803074 CET438INData Raw: 29 27 27 21 3d 3d 4d 26 26 28 4d 2b 3d 27 26 27 29 2c 4d 2b 3d 4e 2b 27 3d 27 2b 68 28 68 28 49 28 53 74 72 69 6e 67 28 4c 5b 4e 5d 29 29 29 29 3b 72 65 74 75 72 6e 20 4d 3b 7d 66 75 6e 63 74 69 6f 6e 20 4f 28 50 29 7b 72 65 74 75 72 6e 20 50 5b
                    Data Ascii: )''!==M&&(M+='&'),M+=N+'='+h(h(I(String(L[N]))));return M;}function O(P){return P['replace'](/^\s+|\s+$/g,'');}function Q(){return+new Date();}function R(S){var T=e['navigator']['userAgent'],U=new RegExp(/\b(?:Chrome|CrMo|CriOS)\/([\d.]+)/)['e
                    Jan 9, 2025 00:45:58.882107019 CET1236INData Raw: 32 61 66 39 0d 0a 2c 27 6e 6f 77 27 3a 51 2c 27 61 72 72 61 79 49 6e 64 65 78 4f 66 27 3a 76 2c 27 63 68 65 63 6b 43 68 6f 72 6d 65 4d 6f 62 6c 69 65 27 3a 52 7d 2c 57 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 58 2c 59 3d 61 32 28 27 6d 65
                    Data Ascii: 2af9,'now':Q,'arrayIndexOf':v,'checkChormeMoblie':R},W=function(){var X,Y=a2('meta'),Z=a2('title'),a0={'kw':'','ds':''};a0['tt']=V['trim'](Z['length']?Z[0x0]['innerHTML']:''),a0['tt']=a0['tt']['slice'](0x0,0x3e8);for(var a1=0x0;a1<Y['length'
                    Jan 9, 2025 00:45:58.882148027 CET1236INData Raw: 2c 61 68 3d 7b 27 53 73 73 4d 27 3a 66 75 6e 63 74 69 6f 6e 28 61 69 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 69 3f 27 27 3a 61 68 5b 27 53 4d 74 66 27 5d 28 61 69 2c 30 78 66 2c 66 75 6e 63 74 69 6f 6e 28 61 68 29 7b 72 65 74 75 72 6e 20
                    Data Ascii: ,ah={'SssM':function(ai){return null==ai?'':ah['SMtf'](ai,0xf,function(ah){return ag(ah+0x20);})+'\x20';},'jhxb':function(ag){for(var al=ah['GAHm'](ag),am=new Uint8Array(0x2*al['length']),an=0x0,ao=al['length'];an<ao;an++){var ap=al['charCodeA
                    Jan 9, 2025 00:45:58.882159948 CET1236INData Raw: 2c 61 4b 3d 3d 61 68 2d 30 78 31 3f 28 61 4b 3d 30 78 30 2c 61 49 5b 27 70 75 73 68 27 5d 28 61 77 28 61 4a 29 29 2c 61 4a 3d 30 78 30 29 3a 61 4b 2b 2b 2c 61 79 3d 30 78 30 3b 66 6f 72 28 61 79 3d 61 45 5b 27 63 68 61 72 43 6f 64 65 41 74 27 5d
                    Data Ascii: ,aK==ah-0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0):aK++,ay=0x0;for(ay=aE['charCodeAt'](0x0),ax=0x0;ax<0x10;ax++)aJ=aJ<<0x1|0x1&ay,aK==ah-0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0):aK++,ay>>=0x1;}0x0==--aF&&(aF=Math['pow'](0x2,aH),aH++),delete aB[aE];}
                    Jan 9, 2025 00:45:58.882359982 CET1236INData Raw: 2d 30 78 31 3f 28 61 4b 3d 30 78 30 2c 61 49 5b 27 70 75 73 68 27 5d 28 61 77 28 61 4a 29 29 2c 61 4a 3d 30 78 30 29 3a 61 4b 2b 2b 2c 61 79 3e 3e 3d 30 78 31 3b 66 6f 72 28 3b 3b 29 7b 69 66 28 61 4a 3c 3c 3d 30 78 31 2c 61 4b 3d 3d 61 68 2d 30
                    Data Ascii: -0x1?(aK=0x0,aI['push'](aw(aJ)),aJ=0x0):aK++,ay>>=0x1;for(;;){if(aJ<<=0x1,aK==ah-0x1){aI['push'](aw(aJ));break;}aK++;}return aI['join']('');}};return ah;}();function aL(aM){return(aL='function'==typeof Symbol&&'symbol'==typeof Symbol['iterator
                    Jan 9, 2025 00:45:58.882375956 CET1236INData Raw: 6e 20 61 58 29 61 52 5b 27 63 61 6c 6c 27 5d 28 61 58 2c 62 31 29 26 26 62 30 5b 27 70 75 73 68 27 5d 28 74 28 62 31 29 2b 27 3a 5c 78 32 30 27 2b 74 28 61 58 5b 62 31 5d 29 29 3b 72 65 74 75 72 6e 27 7b 27 2b 62 30 5b 27 6a 6f 69 6e 27 5d 28 27
                    Data Ascii: n aX)aR['call'](aX,b1)&&b0['push'](t(b1)+':\x20'+t(aX[b1]));return'{'+b0['join'](',\x20')+'}';}}var b2;return'\x22'+aX['toString']()['replace'](aU,aT)+'\x22';})},aQ,aR,aS,aT,aU;function b3(){if('undefined'!=typeof Uint8Array&&null!==Uint8Array
                    Jan 9, 2025 00:45:58.882389069 CET1236INData Raw: 34 5b 27 6c 65 6e 67 74 68 27 5d 2c 62 39 3d 30 78 30 2c 62 61 3d 6e 65 77 20 62 35 28 62 36 29 3b 62 39 3c 62 38 3b 2b 2b 62 39 29 2b 2b 62 61 5b 62 34 5b 62 39 5d 2d 30 78 31 5d 3b 76 61 72 20 62 62 2c 62 63 3d 6e 65 77 20 62 35 28 62 36 29 3b
                    Data Ascii: 4['length'],b9=0x0,ba=new b5(b6);b9<b8;++b9)++ba[b4[b9]-0x1];var bb,bc=new b5(b6);for(b9=0x0;b9<b6;++b9)bc[b9]=bc[b9-0x1]+ba[b9-0x1]<<0x1;if(b7){bb=new b5(0x1<<b6);var bd=0xf-b6;for(b9=0x0;b9<b8;++b9)if(b4[b9])for(var bk=b9<<0x4|b4[b9],bl=b6-b
                    Jan 9, 2025 00:45:58.882404089 CET776INData Raw: 5d 7d 29 3b 76 61 72 20 62 61 3d 62 38 5b 27 6c 65 6e 67 74 68 27 5d 2c 62 62 3d 62 38 5b 27 73 6c 69 63 65 27 5d 28 29 3b 69 66 28 21 62 61 29 72 65 74 75 72 6e 5b 62 53 2c 30 78 30 5d 3b 69 66 28 30 78 31 3d 3d 62 61 29 7b 76 61 72 20 62 63 3d
                    Data Ascii: ]});var ba=b8['length'],bb=b8['slice']();if(!ba)return[bS,0x0];if(0x1==ba){var bc=new b4(b8[0x0]['s']+0x1);return bc[b8[0x0]['s']]=0x1,[bc,0x1];}b8['sort'](function(b4,b5){return b4['f']-b5['f'];}),b8['push']({'s':-0x1,'f':0x61a9});var bd=b8[0
                    Jan 9, 2025 00:45:58.882610083 CET1236INData Raw: 66 28 21 28 62 70 5b 62 48 5d 3e 62 37 29 29 62 72 65 61 6b 3b 62 45 2b 3d 62 47 2d 28 30 78 31 3c 3c 62 71 2d 62 70 5b 62 48 5d 29 2c 62 70 5b 62 48 5d 3d 62 37 3b 7d 66 6f 72 28 62 45 3e 3e 3e 3d 62 46 3b 62 45 3e 30 78 30 3b 29 7b 76 61 72 20
                    Data Ascii: f(!(bp[bH]>b7))break;bE+=bG-(0x1<<bq-bp[bH]),bp[bH]=b7;}for(bE>>>=bF;bE>0x0;){var bI=bb[b9]['s'];bp[bI]<b7?bE-=0x1<<b7-bp[bI]++-0x1:++b9;}for(;b9>=0x0&&bE;--b9){var bJ=bb[b9]['s'];bp[bJ]==b7&&(--bp[bJ],++bE);}bq=b7;}return[new b4(bp),bq];},bM=
                    Jan 9, 2025 00:45:58.882623911 CET792INData Raw: 48 5b 30 78 30 5d 2c 62 4d 3d 62 48 5b 30 78 31 5d 2c 62 51 3d 62 4c 28 62 64 2c 30 78 66 29 2c 62 52 3d 62 51 5b 30 78 30 5d 2c 62 53 3d 62 51 5b 30 78 31 5d 2c 62 54 3d 62 4e 28 62 49 29 2c 62 55 3d 62 54 5b 30 78 30 5d 2c 62 56 3d 62 54 5b 30
                    Data Ascii: H[0x0],bM=bH[0x1],bQ=bL(bd,0xf),bR=bQ[0x0],bS=bQ[0x1],bT=bN(bI),bU=bT[0x0],bV=bT[0x1],bW=bN(bR),bX=bW[0x0],bY=bW[0x1],bZ=new b5(0x13),c0=0x0;c0<bU['length'];++c0)bZ[0x1f&bU[c0]]++;for(c0=0x0;c0<bX['length'];++c0)bZ[0x1f&bX[c0]]++;for(var dw=bL


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.449747148.153.240.68804280C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:46:00.017242908 CET284OUTGET /v6/collect?dt=4 HTTP/1.1
                    Host: collect-v6.51.la
                    Connection: keep-alive
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                    Accept: */*
                    Accept-Encoding: gzip, deflate
                    Accept-Language: en-US,en;q=0.9
                    Jan 9, 2025 00:46:00.900428057 CET320INHTTP/1.1 220
                    Date: Wed, 08 Jan 2025 23:46:00 GMT
                    Content-Length: 0
                    Connection: keep-alive
                    Vary: Origin
                    Vary: Access-Control-Request-Method
                    Vary: Access-Control-Request-Headers
                    via: EU-GER-frankfurt-EDGE7-CACHE2[239],EU-GER-frankfurt-EDGE7-CACHE2[ovl,237]
                    X-CCDN-REQ-ID-46B1: 57d0559be253ecf519d958b1a1740d5b
                    Jan 9, 2025 00:46:45.907433987 CET6OUTData Raw: 00
                    Data Ascii:


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.449741156.224.208.119804280C:\Program Files\Google\Chrome\Application\chrome.exe
                    TimestampBytes transferredDirectionData
                    Jan 9, 2025 00:46:40.595238924 CET6OUTData Raw: 00
                    Data Ascii:


                    Click to jump to process

                    Click to jump to process

                    Click to jump to process

                    Target ID:0
                    Start time:18:45:43
                    Start date:08/01/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    Target ID:2
                    Start time:18:45:48
                    Start date:08/01/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,17136471459106567463,2721345839449474616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    Target ID:3
                    Start time:18:45:54
                    Start date:08/01/2025
                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://38133.xc.05cg.com/"
                    Imagebase:0x7ff76e190000
                    File size:3'242'272 bytes
                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    No disassembly