Edit tour

Windows Analysis Report
http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/

Overview

General Information

Sample URL:	http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/
Analysis ID:	1591477
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2680 --field-trial-handle=2396,i,1547266261387973456,15779412877395964346,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/favicon.ico

Avira URL Cloud: Label: malware

Source: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:63118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63167 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.6:63111 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /assets/landingpage/css/unconfigured.css HTTP/1.1Host: bunnycdn.b-cdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/images/bunnynet-logo.svg HTTP/1.1Host: bunny.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css?family=Rubik:300,400,500,700,900 HTTP/1.1Host: fonts.bunny.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v2/images/bunnynet-logo.svg HTTP/1.1Host: bunny.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rubik/files/rubik-latin-700-normal.woff2 HTTP/1.1Host: fonts.bunny.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.bunny.net/css?family=Rubik:300,400,500,700,900Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/v2/images/general/il-bg-black-flower.svg HTTP/1.1Host: bunnycdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bunnycdn.b-cdn.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rubik/files/rubik-latin-300-normal.woff2 HTTP/1.1Host: fonts.bunny.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.bunny.net/css?family=Rubik:300,400,500,700,900Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rubik/files/rubik-latin-400-normal.woff2 HTTP/1.1Host: fonts.bunny.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.bunny.net/css?family=Rubik:300,400,500,700,900Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/v2/images/general/il-bg-black-flower.svg HTTP/1.1Host: bunnycdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css?family=Rubik:300,400,500,700,900 HTTP/1.1Host: fonts.bunny.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net
Source: global traffic	DNS traffic detected: DNS query: fonts.bunny.net
Source: global traffic	DNS traffic detected: DNS query: bunnycdn.b-cdn.net
Source: global traffic	DNS traffic detected: DNS query: bunny.net
Source: global traffic	DNS traffic detected: DNS query: bunnycdn.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 15 Jan 2025 00:19:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: BunnyCDN-IL1-1236CDN-RequestId: 068fb1a768bf8e192b6a51b88a43b0bfContent-Encoding: gzipData Raw: 31 63 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 92 dd 6e 9c 30 10 85 ef fb 14 23 5f 07 bc d9 f4 47 dd 00 95 da dc 44 aa 72 d1 37 30 78 80 d1 1a 1b d9 03 29 7d fa 8e d9 66 b7 55 25 86 0b c6 3e e7 3b 33 54 23 4f ae a9 46 34 b6 81 ca 91 3f c3 18 b1 af d5 c8 3c 9f b4 ee 83 e7 54 b6 8b f7 5b e9 91 75 97 d2 97 de 4c e4 b6 fa c7 d2 d2 f9 f4 70 38 dc bd 97 fa 20 f5 49 ea f3 e1 a0 20 a2 ab 55 e2 cd 61 1a 11 59 01 6f 33 d6 8a f1 e7 ae a0 de ac fe 3b 77 f3 4e 62 be db 76 d6 97 6d 91 df d9 df a4 84 9c b4 33 de 92 1f 66 33 60 16 d4 8b ef 82 ef 69 58 22 da f2 8f 03 13 3b 6c be 66 8d 6f 4f 2f f0 12 2c c2 f3 f7 fb e2 fe f8 f0 b1 d2 97 6e a5 f7 e4 55 1b ec 26 50 96 56 20 2b e1 e5 23 c6 8c 69 2e 59 7c e8 83 73 e1 55 fd 35 9d 2b 61 06 53 4d 45 d3 00 7b e6 5a ad 18 99 3a e3 0a e3 68 f0 a7 89 ac 75 f8 08 34 09 6f 11 d1 8b b8 d0 9f a0 78 c5 f6 4c 5c 84 99 69 a2 5f 58 48 0a 8e 26 f1 a3 82 14 bb cb 16 fe f1 d1 eb 51 ef 32 e9 32 1d b1 2e 5c 18 42 99 d6 41 e9 a6 d2 46 4a 62 34 d7 2c 59 12 bd 00 42 35 1e 9b a7 30 19 f2 90 96 34 67 0c 0b 21 82 0f 0c b7 f1 c9 48 8e 72 76 6e 9e 7b d8 c2 02 26 22 f0 88 60 ec 44 9e 92 e0 b1 dc 91 f9 43 8b 8e 70 cd 5d 4a 20 8f f1 80 31 4a 33 78 08 4b 84 44 16 ef 60 76 68 12 42 37 62 77 ce 82 11 ae 2b 31 5d 17 16 7f 33 37 4c f9 6a cc 34 6c 3a 69 2c 89 c3 84 22 b5 cc 73 88 5c 42 a5 e7 b7 80 7a 5f 9a e0 e6 3f f8 dd 6f 1e c0 aa a4 c9 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1c1en0#_GDr70x)}fU%>;3T#OF4?<T[uLp8 I UaYo3;wNbvm3f3`iX";lfoO/,nU&PV +#i.Y\|sU5+aSME{Z:hu4oxL\i_XH&Q22.\BAFJb4,YB504g!Hrvn{&"`DCp]J 1J3xKD`vhB7bw+1]37Lj4l:i,"s\Bz_?o0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 15 Jan 2025 00:19:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingServer: BunnyCDN-IL1-1236CDN-RequestId: df345204fdaaca3bbc71ab4d51e7afb8Content-Encoding: gzipData Raw: 31 63 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 92 dd 6e 9c 30 10 85 ef fb 14 23 5f 07 bc d9 f4 47 dd 00 95 da dc 44 aa 72 d1 37 30 78 80 d1 1a 1b d9 03 29 7d fa 8e d9 66 b7 55 25 86 0b c6 3e e7 3b 33 54 23 4f ae a9 46 34 b6 81 ca 91 3f c3 18 b1 af d5 c8 3c 9f b4 ee 83 e7 54 b6 8b f7 5b e9 91 75 97 d2 97 de 4c e4 b6 fa c7 d2 d2 f9 f4 70 38 dc bd 97 fa 20 f5 49 ea f3 e1 a0 20 a2 ab 55 e2 cd 61 1a 11 59 01 6f 33 d6 8a f1 e7 ae a0 de ac fe 3b 77 f3 4e 62 be db 76 d6 97 6d 91 df d9 df a4 84 9c b4 33 de 92 1f 66 33 60 16 d4 8b ef 82 ef 69 58 22 da f2 8f 03 13 3b 6c be 66 8d 6f 4f 2f f0 12 2c c2 f3 f7 fb e2 fe f8 f0 b1 d2 97 6e a5 f7 e4 55 1b ec 26 50 96 56 20 2b e1 e5 23 c6 8c 69 2e 59 7c e8 83 73 e1 55 fd 35 9d 2b 61 06 53 4d 45 d3 00 7b e6 5a ad 18 99 3a e3 0a e3 68 f0 a7 89 ac 75 f8 08 34 09 6f 11 d1 8b b8 d0 9f a0 78 c5 f6 4c 5c 84 99 69 a2 5f 58 48 0a 8e 26 f1 a3 82 14 bb cb 16 fe f1 d1 eb 51 ef 32 e9 32 1d b1 2e 5c 18 42 99 d6 41 e9 a6 d2 46 4a 62 34 d7 2c 59 12 bd 00 42 35 1e 9b a7 30 19 f2 90 96 34 67 0c 0b 21 82 0f 0c b7 f1 c9 48 8e 72 76 6e 9e 7b d8 c2 02 26 22 f0 88 60 ec 44 9e 92 e0 b1 dc 91 f9 43 8b 8e 70 cd 5d 4a 20 8f f1 80 31 4a 33 78 08 4b 84 44 16 ef 60 76 68 12 42 37 62 77 ce 82 11 ae 2b 31 5d 17 16 7f 33 37 4c f9 6a cc 34 6c 3a 69 2c 89 c3 84 22 b5 cc 73 88 5c 42 a5 e7 b7 80 7a 5f 9a e0 e6 3f f8 dd 6f 1e c0 aa a4 c9 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 1c1en0#_GDr70x)}fU%>;3T#OF4?<T[uLp8 I UaYo3;wNbvm3f3`iX";lfoO/,nU&PV +#i.Y\|sU5+aSME{Z:hu4oxL\i_XH&Q22.\BAFJb4,YB504g!Hrvn{&"`DCp]J 1J3xKD`vhB7bw+1]37Lj4l:i,"s\Bz_?o0

Source: chromecache_52.3.dr, chromecache_54.3.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: chromecache_55.3.dr	String found in binary or memory: https://bunnycdn.com/assets/v2/images/general/il-bg-black-flower.svg);
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-700-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-700-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-900-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-900-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-700-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-700-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-900-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-900-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-700-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-700-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-900-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-900-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-700-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-700-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-900-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-900-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-700-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-700-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-900-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-900-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-700-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-700-normal.woff2)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-900-normal.woff)
Source: chromecache_49.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-900-normal.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 63118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63118
Source: unknown	Network traffic detected: HTTP traffic on port 63167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:63118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:63167 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@16/20@18/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2680 --field-trial-handle=2396,i,1547266261387973456,15779412877395964346,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2680 --field-trial-handle=2396,i,1547266261387973456,15779412877395964346,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/	100%	Avira URL Cloud	malware

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net	143.244.60.193	true	false	unknown
bunnycdn.com	169.150.247.36	true	false	high
www.google.com	216.58.206.36	true	false	high
bunnyfonts.b-cdn.net	178.63.2.112	true	false	high
bunny.net	212.102.46.118	true	false	high
bunnycdn.b-cdn.net	169.150.247.39	true	false	high
fonts.bunny.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/favicon.ico	true	Avira URL Cloud: malware	unknown
https://bunny.net/v2/images/bunnynet-logo.svg	false		high
http://fonts.bunny.net/css?family=Rubik:300,400,500,700,900	false		high
http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/	true		unknown
https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2	false		high
https://fonts.bunny.net/css?family=Rubik:300,400,500,700,900	false		high
https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff2	false		high
https://fonts.bunny.net/rubik/files/rubik-latin-700-normal.woff2	false		high
https://bunnycdn.com/assets/v2/images/general/il-bg-black-flower.svg	false		high
https://bunnycdn.b-cdn.net/assets/landingpage/css/unconfigured.css	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-900-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-700-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-700-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-900-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-900-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff2)	chromecache_49.3.dr	false	high
https://bunnycdn.com/assets/v2/images/general/il-bg-black-flower.svg);	chromecache_55.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-700-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-900-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-900-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-700-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-900-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff2)	chromecache_49.3.dr	false	high
http://www.bohemiancoding.com/sketch	chromecache_52.3.dr, chromecache_54.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-900-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-700-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-900-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-700-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-700-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-900-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-700-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-900-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-900-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-700-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-700-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-900-normal.woff2)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-700-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-700-normal.woff)	chromecache_49.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff2)	chromecache_49.3.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
169.150.247.38	unknown	United States	2711	SPIRITTEL-ASUS	false
169.150.247.39	bunnycdn.b-cdn.net	United States	2711	SPIRITTEL-ASUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
169.150.247.36	bunnycdn.com	United States	2711	SPIRITTEL-ASUS	false
178.63.2.112	bunnyfonts.b-cdn.net	Germany	24940	HETZNER-ASDE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
212.102.46.118	bunny.net	Italy	60068	CDN77GB	false
143.244.60.193	iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net	United States	174	COGENT-174US	false
144.76.236.44	unknown	Germany	24940	HETZNER-ASDE	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591477
Start date and time:	2025-01-15 01:18:53 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@16/20@18/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.186.174, 74.125.206.84, 142.250.185.238, 216.58.206.46, 142.250.186.46, 2.23.77.188, 199.232.210.172, 172.217.16.206, 216.58.206.78, 172.217.23.110, 142.250.184.206, 142.250.64.78, 74.125.0.74, 142.250.185.110, 142.250.184.227, 217.20.57.36, 184.28.90.27, 13.107.246.45, 20.109.210.53
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, r5.sn-t0aedn7e.gvt1.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, r5---sn-t0aedn7e.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net
URL: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/ Model: Joe Sandbox AI	{ "brands": [ "Bunny.net" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (585)
Category:	downloaded
Size (bytes):	14730
Entropy (8bit):	5.3721449541825255
Encrypted:	false
SSDEEP:	384:w3XldBpKXld2t1XldjoYmTXldFcBXldXr:Qcs0Y7
MD5:	A73A766B864B8AC951E8D389A09F571E
SHA1:	301C78FB5A4A7048FA15CAAC0837D920590701FB
SHA-256:	1DD5CAD50B5EA0168C7505759936C12E813DF7B1DC3AB1FE09057DCC6A230A1A
SHA-512:	728D7B08D26CD9144849C37387EF9F82107CA2B2627C738E7C50C40E64EE250BE83750B7B3580498A00F4C6DF507D97FDD014050065FFEB1ECFA8C7C160F0DD5
Malicious:	false
Reputation:	low
URL:	"https://fonts.bunny.net/css?family=Rubik:300,400,500,700,900"
Preview:	/* latin /.@font-face {. font-family: 'Rubik';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2) format('woff2'), url(https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff) format('woff'); . unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;.}../ arabic */.@font-face {. font-family: 'Rubik';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff2) format('woff2'), url(https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff) format('woff'); . unicode-range: U+0600-06FF,U+0750-077F,U+0870-088E,U+0890-0891,U+0898-08E1,U+08E3-08FF,U+200C-200E,U+2010-2011,U+204F,U+2E41,U+FB50-FDFF,U+FE70-FE74,U+FE76-FEFC,U+102E0-102FB,U+10E60-10E7E,U+10EFD-10EFF,U+1EE00-1EE03,U+1EE05-1EE

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19064, version 1.0
Category:	downloaded
Size (bytes):	19064
Entropy (8bit):	7.9881159090134615
Encrypted:	false
SSDEEP:	384:Ap4x/R0l3fBnh3dkiG10+4eeNDelIa4UFLYb3reyoteG3JCJo:Ap4RSltG10+4xDelGyLgbQ
MD5:	210BF200B54FFCF3753117A0858021BD
SHA1:	4E8C13DD368DC392DF82DDF9273EB0C7352D454F
SHA-256:	6B3A7682C654DEE2279C97B9486E744D20A5E61D6DAE7B5F9034673DDC10F1C8
SHA-512:	CD0B7A61177DDA66FC67ABF74E9B091FF1BC982756D5844C46D4472E42B40FE87941C24B1D6AB327848C6143359FDF9CEBA8F07416119272DE5BD0A0CD83C820
Malicious:	false
Reputation:	low
URL:	https://fonts.bunny.net/rubik/files/rubik-latin-700-normal.woff2
Preview:	wOF2......Jx..........J...........................>.....b.`?STATD..v.....d..M..N..6.$.... ..V..U........r;......#......f$.jt.......s..Y....V.!.QJ...z......j....5VMK......TIv..4m.!..1>.k..3,...C8..p_q..v...`....U=..O.9.%.,..c...&oh:..WaQo.9..;...v...6..~.<...p....N..~..}.."M"..:.Y......"..i:....f.4...Jji...P.T......c...h1.0.F.9..f...............j..+x..a..9..@).l.........A...".H}...3.f8...E..b.)\|r.....X$vf.Ul.:l.....:"6:[...Wk.w.T$....F.;.....#TT......k.... ...T.%.;...{...2t^;-..{].k........w....X7.-..O..^..."#-.(1.Z.R.....x.?K.c...........v.........V%..GT>...A`q-...L....X.m...1{.D..D.....'=...j....#@.c..d.3GgXEC...S.:...}...... .p.W..I$...*....$tK.J.L].t..y.....9_..!..J.KW..u.T..........(~..z..6b..T.Q4S....<..._...aj.y.a...9.m.....w..!....#7...'..$..C...2@..t...>\|g.(........?\|.._.W...\pA2."E..n..m....\...5.$.c..4... p....._..y..........-...L..0`6`<.&d..@..K.A..0..S...>.d.. ..4....H.:...g...[(...(....s.x.A\|...,F....9..p;v...W..(\|s.=l...

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 17556, version 1.0
Category:	downloaded
Size (bytes):	17556
Entropy (8bit):	7.985973640781479
Encrypted:	false
SSDEEP:	384:IAWAX7otodyzgA8e1fZBmtpUaXovcAgVdXEIlO75sQHTkYmjxYPH+aVS:S64idB3Eu9EoK5lTkYoito
MD5:	C26CC4BC55F4CC38E588B28BC6E8559D
SHA1:	662E36ABFDFA041420061CE216CE895E097655C1
SHA-256:	D447E3DDA790BF9638B928B14C0783BE54E5C8BB796E0F1D91DD6EE2E00351C0
SHA-512:	7F7A5D84AC7740543A016D14ADFCBF2FDED8555B16C50782F47F7A9DF2E456EF73830101006C5330E235DF539A71758C11AEE34F8DAD398CDE69CB8CA55F2CFD
Malicious:	false
Reputation:	low
URL:	https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2
Preview:	wOF2......D...........D1..........................>..R..0.`?STATD..v.....4..g..J..6.$.... ..x..&.......6..Yw...&.\|4.q;(JP\|...H.....&.1Fs.!...p.G.0.TU.UM...u..c..QjM...k.o..e.l.9.r.V&.t..{v..G.../..g......N........v...[.o..G..j.l-=z...../...[.3.......s...@.....J..>#Uj...t5....&.7.&.5i.i.x.Z.QJE..-R...N.-....R...Z.;....sDO.S...s...p....H@@SQ)k0....G..o......T.?5.....]......TS.ts..... 1.....Q..e...7...@e'..K..?..~..........$E..\b...+.........r..d...N.<......k.T..t)@...6.3.......(.#....2H............I`.4.@..B..4...(.......`m....B...`. (.......]}..u.LP..q.(./..Y.5.spt....ES.\!s<."...._..}.:[.n..]F.p.6*F....7.......:.j....nT..V!E.\....f.....q$.....Cm...................tG0X.x.aP@ ...QP...':e...K1V...].....M.u...s.(.D.%...>.c.....t7.......k."ED$......R....7g..6._1m..A2>...../t...^.3@JE.%..}..4.T.Z.L.<~D./......#.......F..b..Q.#%)"..0.IP.=.!....@.A.A. O.0dP.@.8"/..N....B.....H.1$j..." @..o.4(.2..u..^...z..L.T.^..m_.T..pl"@.i...;.4.....2......xq.m...`..

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	7267
Entropy (8bit):	4.685839253067166
Encrypted:	false
SSDEEP:	192:0e1eypkHIpqzDKedoYZJbmVUzlTywEjMXEW4eI+A:RezuuKooVVq5ydW4N
MD5:	7EB260859AB0192CC38348CA805372C0
SHA1:	57CC83A36EBE6FD660AB6D513D6BCAA689CA77A4
SHA-256:	EDC81818851D1A7F30F896CEB6352389D3DFF1A57599BE7B5AFF31D70155ABBD
SHA-512:	A0FCB6D8853AD16D06EB860BAD45E83AE1E0B4465FDA3A0830CF5C4BE78D93D1131F750C2806E0192943B9183D242D1B7474DCA8B0074D517B64D388F510354F
Malicious:	false
Reputation:	low
URL:	https://bunnycdn.com/assets/v2/images/general/il-bg-black-flower.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<svg width="2880px" height="1424px" viewBox="0 0 2880 1424" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">.. Generator: Sketch 52.5 (67469) - http://www.bohemiancoding.com/sketch -->.. <title>Group 34</title>.. <desc>Created with Sketch.</desc>.. <defs>.. <radialGradient cx="48.4540422%" cy="27.0119645%" fx="48.4540422%" fy="27.0119645%" r="70.8708514%" gradientTransform="translate(0.484540,0.270120),scale(0.494444,1.000000),rotate(90.000000),translate(-0.484540,-0.270120)" id="radialGradient-1">.. <stop stop-color="#002649" offset="0%"></stop>.. <stop stop-color="#051F37" offset="100%"></stop>.. </radialGradient>.. <rect id="path-2" x="0" y="0" width="2880" height="1424"></rect>.. </defs>.. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">.. <g id="Homepage-Copy" transform="translate(0.000000, -5295.

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	7011
Entropy (8bit):	4.962724747838212
Encrypted:	false
SSDEEP:	192:d+NRdtecuh2NTPUogwdbNQVtO40AMTJJ0:s84NT8ogkbNitO4UJe
MD5:	BD18E9DCEF0847EAAA9B9A98A08AF583
SHA1:	5009EF1A482E44842093B782ED3D4427C4D1CF0F
SHA-256:	6970285035C9D16155EF6335D68EC6CA187ACB12A2DBAF72183C72D79868A990
SHA-512:	87647764FAABFEB41FF433AF85701296A35C102260191D7D1C768C91B9BD0F836BF7BD0747DFB8E9D3AD04AB848BD8D4DC12714C6D458A19F6237DE1EE158CD7
Malicious:	false
Reputation:	low
URL:	https://bunny.net/v2/images/bunnynet-logo.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 148.17 42.71"><defs><style>.cls-1,.cls-10,.cls-11,.cls-2,.cls-3,.cls-4,.cls-5,.cls-6,.cls-7,.cls-8,.cls-9{fill-rule:evenodd;}.cls-1{fill:url(#linear-gradient);}.cls-2{fill:#fff;}.cls-3{fill:url(#GradientFill_3);}.cls-4{fill:url(#GradientFill_4);}.cls-5{fill:url(#GradientFill_2);}.cls-6{fill:url(#GradientFill_5);}.cls-7{fill:url(#GradientFill_6);}.cls-8{fill:url(#GradientFill_7);}.cls-9{fill:url(#GradientFill_8);}.cls-10{fill:url(#GradientFill_9);}.cls-11{fill:url(#GradientFill_2-2);}</style><linearGradient id="linear-gradient" x1="131.15" y1="25.3" x2="143.52" y2="33.64" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#febe2d"/><stop offset="1" stop-color="#f85e23"/></linearGradient><linearGradient id="GradientFill_3" x1="16.85" y1="6.11" x2="36.49" y2="6.11" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#fbaa19"/><stop offset="1" stop-color="#ef3e23"/></linearGradi

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	7267
Entropy (8bit):	4.685839253067166
Encrypted:	false
SSDEEP:	192:0e1eypkHIpqzDKedoYZJbmVUzlTywEjMXEW4eI+A:RezuuKooVVq5ydW4N
MD5:	7EB260859AB0192CC38348CA805372C0
SHA1:	57CC83A36EBE6FD660AB6D513D6BCAA689CA77A4
SHA-256:	EDC81818851D1A7F30F896CEB6352389D3DFF1A57599BE7B5AFF31D70155ABBD
SHA-512:	A0FCB6D8853AD16D06EB860BAD45E83AE1E0B4465FDA3A0830CF5C4BE78D93D1131F750C2806E0192943B9183D242D1B7474DCA8B0074D517B64D388F510354F
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<svg width="2880px" height="1424px" viewBox="0 0 2880 1424" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">.. Generator: Sketch 52.5 (67469) - http://www.bohemiancoding.com/sketch -->.. <title>Group 34</title>.. <desc>Created with Sketch.</desc>.. <defs>.. <radialGradient cx="48.4540422%" cy="27.0119645%" fx="48.4540422%" fy="27.0119645%" r="70.8708514%" gradientTransform="translate(0.484540,0.270120),scale(0.494444,1.000000),rotate(90.000000),translate(-0.484540,-0.270120)" id="radialGradient-1">.. <stop stop-color="#002649" offset="0%"></stop>.. <stop stop-color="#051F37" offset="100%"></stop>.. </radialGradient>.. <rect id="path-2" x="0" y="0" width="2880" height="1424"></rect>.. </defs>.. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">.. <g id="Homepage-Copy" transform="translate(0.000000, -5295.

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1199
Entropy (8bit):	4.770650869864007
Encrypted:	false
SSDEEP:	24:2ewi3f52QWO9sc5q34FbYjDDLsU4q3kbVsf:zwy5dJ9abQU4O
MD5:	BCD513F96F90A8FAF900204B70DC613E
SHA1:	FD30788A66007388CE903897D209B08B71F21958
SHA-256:	4BC3C5D7883A5534747905A39587BED66270E890DEE05A341DA99F54F507F137
SHA-512:	EF5AC7DDA552F31FD9938BFD7F668D283DB8583B83B366F51A4613D5835B61DD7ED3BBEDBD67176F34F647CB7E0A0E8BDBD5A4B5912937ABB2D0E33BA9D07198
Malicious:	false
Reputation:	low
URL:	https://bunnycdn.b-cdn.net/assets/landingpage/css/unconfigured.css
Preview:	.html, body {.. width: 100%;.. margin: 0;.. padding: 0;.. text-align: center;.. font-family: 'Rubik';.. background-image: url(https://bunnycdn.com/assets/v2/images/general/il-bg-black-flower.svg);.. background-repeat: no-repeat;.. background-position: bottom center;.. background-size: cover;.. color: white;.. height: 100%;.. background-color: #051f37;..}....#header {.. padding-top: 70px;.. width: 100%;.. margin-bottom: 70px;..}....#content {.. width: 100%;.. max-width: 1060px;.. margin-left: auto;.. margin-right: auto;.. text-align: center;.. margin-top: 30px;..}....#footer {.. margin-top: 20px;..}....h1 {.. font-weight: 400;.. display: inline-block;.. margin: 0 0 0 20px;.. padding: 0;.. color: white;.. line-height: 56px;.. font-size: 30px;.. vertical-align: middle;..}....h2 {.. margin-bottom: 0px;.. font-weight: bold;.. font-size: 45px;.. margin-bottom: 40px;..}....p {.. width: 7

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 713
Category:	downloaded
Size (bytes):	449
Entropy (8bit):	7.517840196542585
Encrypted:	false
SSDEEP:	12:X/PBzVf/+BiJyIu6EVzpcwiOONU79mzc03g+s/:X/JzVf2BiJ2BVzSm18zcqW
MD5:	CB4BC7BA08FFB6E2E4C56A1834273386
SHA1:	C3C411A65BE6F951309669763E8F726CDCBB7379
SHA-256:	C0760575D5486B9CF1FD8C886C58314237BAC09FEBDB6194F55C8A65B150BBFF
SHA-512:	6027B2361353742378A68D7A5184D68BEFAB0D908C4D94C6A4FC6102A37B80AE4848C2A9A7939663D2F20BDFBBA127B7B348D667769AE1DA29025FCB0D36231E
Malicious:	false
Reputation:	low
URL:	http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/
Preview:	..........e..n.0.....#_....G.....D.r.70x......)}...f.U%...>.;3T#O..F4...?......<....T...[.u...L.......p8... .I... ..U..a..Y.o3.....;w.Nb..v.m.......3..f3`....iX"....;l.f.oO/..,.........n...U..&P.V +..#.i.Y\|.s.U.5.+a.SME..{.Z...:...h..u..4.o.....x..L\..i._XH..&.........Q.2.2...\.B..A..FJb4.,Y...B5...0..4g..!......H.rvn.{...&"..`.D.....C..p.]J ..1J3x.K.D..`vh.B7bw...+1]...37L.j.4l:i,.."..s.\B..z_...?..o........

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18856, version 1.0
Category:	downloaded
Size (bytes):	18856
Entropy (8bit):	7.986782641754674
Encrypted:	false
SSDEEP:	384:hqITxd++gjoM6H/Ui281TweM06MEjpi4vk2iZf7T1drhstpmy/xVIzxQ4OXgu:h73+kM6Hsin6L/Rjpi4O17TmmyxexWXJ
MD5:	9B52BD7BB49D1D47F2B0401B0CB4AF35
SHA1:	65BC8C65415DC29F93986ED868B2C111DC5D5F82
SHA-256:	C87FCAC153783EA615F856AD1C0E12791952C39B8DDDE7F11FA3D47C0A3B3998
SHA-512:	A79A8FA8EE906425F7A334E8D492D97DBC6AFA3DDF48CE31E6AE16A44B18089EE7A1C1D9DF085EF1624B4F0614356CDA85F05810656CCA45C4D34FCCBDBB57DD
Malicious:	false
Reputation:	low
URL:	https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff2
Preview:	wOF2......I...........ID..........................>..:..0.`?STATH..v.....8.....J..6.$.... ..b..&.......6..v..`...z..D_n.....}d .8..._K...J..1....0.RJ8...A...8^5.SSY...JuU.....O.a...r.z..x.q.....>.`.p...8..y..re..v$.................>..........,[.D4....w.Z..-\|.zy...z....I.0M......H@M +<.%~.n....LB..7... .. ....7Z.U.......Y.*Q.[..............WB..:....n.....b1......t.vC..._t.SEdY..tE4qbZ...........#C.........kfv....l!T...s..0.L....^.7R.I..O}....e=1.R3?...x......q.[..W....W..@.AB...b.....D#....V...."r.r..T).a.K.Gm.r[...>...F).........#.{........ik+1I.`..o .&7P.z.L7o....i.....4...Z"-.v..c-.2...U..........J.=hX2...px..#.4$/.....J'........B. H/..>....JsfG).O..p..fwH...yvG.;...)]a..t.....RYp.?.e.......Ei;....#}kF.2....=.[yd.w7.T".)...S...../.o...0....N....8.T...N,D.yMi..?.P..(..7+...x.!.X...).w....L....$#.z..I...y....... "..~.1..s.E....A$d..?..kL+...4.e.....8........6..0`-`...2D. ....^...`5.0.-)..d.\|@.A1...a..jl.![.......S_....H..H.ly.W.8.!..s...N8I.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 713
Category:	downloaded
Size (bytes):	449
Entropy (8bit):	7.517840196542585
Encrypted:	false
SSDEEP:	12:X/PBzVf/+BiJyIu6EVzpcwiOONU79mzc03g+s/:X/JzVf2BiJ2BVzSm18zcqW
MD5:	CB4BC7BA08FFB6E2E4C56A1834273386
SHA1:	C3C411A65BE6F951309669763E8F726CDCBB7379
SHA-256:	C0760575D5486B9CF1FD8C886C58314237BAC09FEBDB6194F55C8A65B150BBFF
SHA-512:	6027B2361353742378A68D7A5184D68BEFAB0D908C4D94C6A4FC6102A37B80AE4848C2A9A7939663D2F20BDFBBA127B7B348D667769AE1DA29025FCB0D36231E
Malicious:	false
Reputation:	low
URL:	http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/favicon.ico
Preview:	..........e..n.0.....#_....G.....D.r.70x......)}...f.U%...>.;3T#O..F4...?......<....T...[.u...L.......p8... .I... ..U..a..Y.o3.....;w.Nb..v.m.......3..f3`....iX"....;l.f.oO/..,.........n...U..&P.V +..#.i.Y\|.s.U.5.+a.SME..{.Z...:...h..u..4.o.....x..L\..i._XH..&.........Q.2.2...\.B..A..FJb4.,Y...B5...0..4g..!......H.rvn.{...&"..`.D.....C..p.]J ..1J3x.K.D..`vh.B7bw...+1]...37L.j.4l:i,.."..s.\B..z_...?..o........

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	7011
Entropy (8bit):	4.962724747838212
Encrypted:	false
SSDEEP:	192:d+NRdtecuh2NTPUogwdbNQVtO40AMTJJ0:s84NT8ogkbNitO4UJe
MD5:	BD18E9DCEF0847EAAA9B9A98A08AF583
SHA1:	5009EF1A482E44842093B782ED3D4427C4D1CF0F
SHA-256:	6970285035C9D16155EF6335D68EC6CA187ACB12A2DBAF72183C72D79868A990
SHA-512:	87647764FAABFEB41FF433AF85701296A35C102260191D7D1C768C91B9BD0F836BF7BD0747DFB8E9D3AD04AB848BD8D4DC12714C6D458A19F6237DE1EE158CD7
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 148.17 42.71"><defs><style>.cls-1,.cls-10,.cls-11,.cls-2,.cls-3,.cls-4,.cls-5,.cls-6,.cls-7,.cls-8,.cls-9{fill-rule:evenodd;}.cls-1{fill:url(#linear-gradient);}.cls-2{fill:#fff;}.cls-3{fill:url(#GradientFill_3);}.cls-4{fill:url(#GradientFill_4);}.cls-5{fill:url(#GradientFill_2);}.cls-6{fill:url(#GradientFill_5);}.cls-7{fill:url(#GradientFill_6);}.cls-8{fill:url(#GradientFill_7);}.cls-9{fill:url(#GradientFill_8);}.cls-10{fill:url(#GradientFill_9);}.cls-11{fill:url(#GradientFill_2-2);}</style><linearGradient id="linear-gradient" x1="131.15" y1="25.3" x2="143.52" y2="33.64" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#febe2d"/><stop offset="1" stop-color="#f85e23"/></linearGradient><linearGradient id="GradientFill_3" x1="16.85" y1="6.11" x2="36.49" y2="6.11" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#fbaa19"/><stop offset="1" stop-color="#ef3e23"/></linearGradi

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 01:19:40.628187895 CET	49674	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:19:40.628196955 CET	49673	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:19:40.956329107 CET	49672	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:19:47.794723034 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:47.794814110 CET	443	49715	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:47.794907093 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:47.795627117 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:47.795664072 CET	443	49715	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:48.693829060 CET	443	49715	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:48.693943024 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:48.716223001 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:48.716272116 CET	443	49715	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:48.717200041 CET	443	49715	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:48.766906023 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:48.769073963 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:48.769227982 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:48.769257069 CET	443	49715	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:48.769490004 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:48.811331987 CET	443	49715	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:48.950737953 CET	443	49715	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:48.950942993 CET	443	49715	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:48.951131105 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:48.951132059 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:49.251399994 CET	49715	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:49.251471996 CET	443	49715	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:49.621776104 CET	49717	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:19:49.621809959 CET	443	49717	216.58.206.36	192.168.2.6
Jan 15, 2025 01:19:49.621880054 CET	49717	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:19:49.622282028 CET	49717	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:19:49.622297049 CET	443	49717	216.58.206.36	192.168.2.6
Jan 15, 2025 01:19:50.235642910 CET	49673	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:19:50.235647917 CET	49674	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:19:50.263144016 CET	443	49717	216.58.206.36	192.168.2.6
Jan 15, 2025 01:19:50.263422966 CET	49717	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:19:50.263439894 CET	443	49717	216.58.206.36	192.168.2.6
Jan 15, 2025 01:19:50.264867067 CET	443	49717	216.58.206.36	192.168.2.6
Jan 15, 2025 01:19:50.264934063 CET	49717	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:19:50.268945932 CET	49717	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:19:50.269046068 CET	443	49717	216.58.206.36	192.168.2.6
Jan 15, 2025 01:19:50.313796043 CET	49717	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:19:50.313802958 CET	443	49717	216.58.206.36	192.168.2.6
Jan 15, 2025 01:19:50.360635042 CET	49717	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:19:50.563786983 CET	49672	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:19:52.284480095 CET	443	49705	173.222.162.64	192.168.2.6
Jan 15, 2025 01:19:52.284681082 CET	49705	443	192.168.2.6	173.222.162.64
Jan 15, 2025 01:19:52.831199884 CET	49721	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:19:52.831516027 CET	49722	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:19:52.836127043 CET	80	49721	143.244.60.193	192.168.2.6
Jan 15, 2025 01:19:52.836236954 CET	49721	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:19:52.836416006 CET	80	49722	143.244.60.193	192.168.2.6
Jan 15, 2025 01:19:52.836477995 CET	49721	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:19:52.836482048 CET	49722	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:19:52.841270924 CET	80	49721	143.244.60.193	192.168.2.6
Jan 15, 2025 01:19:53.326051950 CET	80	49721	143.244.60.193	192.168.2.6
Jan 15, 2025 01:19:53.370441914 CET	49721	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:19:53.566411972 CET	49728	80	192.168.2.6	178.63.2.112
Jan 15, 2025 01:19:53.567234993 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:53.567282915 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:53.567468882 CET	49730	443	192.168.2.6	169.150.247.39
Jan 15, 2025 01:19:53.567497015 CET	443	49730	169.150.247.39	192.168.2.6
Jan 15, 2025 01:19:53.567532063 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:53.567771912 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:53.567795992 CET	49730	443	192.168.2.6	169.150.247.39
Jan 15, 2025 01:19:53.567810059 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:53.567955017 CET	49730	443	192.168.2.6	169.150.247.39
Jan 15, 2025 01:19:53.567964077 CET	443	49730	169.150.247.39	192.168.2.6
Jan 15, 2025 01:19:53.571307898 CET	80	49728	178.63.2.112	192.168.2.6
Jan 15, 2025 01:19:53.571660995 CET	49728	80	192.168.2.6	178.63.2.112
Jan 15, 2025 01:19:53.571660995 CET	49728	80	192.168.2.6	178.63.2.112
Jan 15, 2025 01:19:53.576468945 CET	80	49728	178.63.2.112	192.168.2.6
Jan 15, 2025 01:19:54.211556911 CET	80	49728	178.63.2.112	192.168.2.6
Jan 15, 2025 01:19:54.221733093 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:54.221760988 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:54.221817970 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:54.222054958 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:54.222064972 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:54.232028008 CET	443	49730	169.150.247.39	192.168.2.6
Jan 15, 2025 01:19:54.232234001 CET	49730	443	192.168.2.6	169.150.247.39
Jan 15, 2025 01:19:54.232264042 CET	443	49730	169.150.247.39	192.168.2.6
Jan 15, 2025 01:19:54.233702898 CET	443	49730	169.150.247.39	192.168.2.6
Jan 15, 2025 01:19:54.233761072 CET	49730	443	192.168.2.6	169.150.247.39
Jan 15, 2025 01:19:54.234874964 CET	49730	443	192.168.2.6	169.150.247.39
Jan 15, 2025 01:19:54.234957933 CET	443	49730	169.150.247.39	192.168.2.6
Jan 15, 2025 01:19:54.235137939 CET	49730	443	192.168.2.6	169.150.247.39
Jan 15, 2025 01:19:54.235147953 CET	443	49730	169.150.247.39	192.168.2.6
Jan 15, 2025 01:19:54.255332947 CET	49728	80	192.168.2.6	178.63.2.112
Jan 15, 2025 01:19:54.266041994 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:54.266289949 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:54.266323090 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:54.267334938 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:54.267400026 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:54.269463062 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:54.269536972 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:54.269710064 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:54.269730091 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:54.286955118 CET	49730	443	192.168.2.6	169.150.247.39
Jan 15, 2025 01:19:54.317959070 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:54.502567053 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:54.507472992 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:54.507517099 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:54.507539034 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:54.507554054 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:54.507622957 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:54.508176088 CET	49729	443	192.168.2.6	212.102.46.118
Jan 15, 2025 01:19:54.508219004 CET	443	49729	212.102.46.118	192.168.2.6
Jan 15, 2025 01:19:54.508264065 CET	443	49730	169.150.247.39	192.168.2.6
Jan 15, 2025 01:19:54.508430958 CET	443	49730	169.150.247.39	192.168.2.6
Jan 15, 2025 01:19:54.508475065 CET	49730	443	192.168.2.6	169.150.247.39
Jan 15, 2025 01:19:54.523700953 CET	49730	443	192.168.2.6	169.150.247.39
Jan 15, 2025 01:19:54.523721933 CET	443	49730	169.150.247.39	192.168.2.6
Jan 15, 2025 01:19:54.541882992 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:54.541929007 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:54.541997910 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:54.542205095 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:54.542216063 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:54.969703913 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:54.969996929 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:54.970010042 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:54.970985889 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:54.971147060 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:54.972556114 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:54.972677946 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:54.972774982 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.019329071 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.020267963 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.020276070 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.066349983 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.257656097 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.284889936 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.284903049 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.284948111 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.284960032 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.284967899 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.285001993 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.285027981 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.285063028 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.285250902 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.287168026 CET	49736	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.287210941 CET	443	49736	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.288283110 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.294348001 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:55.294378996 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.295926094 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.296150923 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:55.297770977 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:55.297861099 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.302114964 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:55.308268070 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:55.308300018 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:55.308593035 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:55.308593035 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:55.308624029 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:55.336832047 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.336921930 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.337769032 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.337769032 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.337860107 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.338857889 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.338864088 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.338880062 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.338905096 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.338999987 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.339031935 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.339330912 CET	49721	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:19:55.339334965 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.339350939 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.339701891 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:55.339740038 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:55.343329906 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.344181061 CET	80	49721	143.244.60.193	192.168.2.6
Jan 15, 2025 01:19:55.347131968 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:55.347142935 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.394032955 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:55.452861071 CET	80	49721	143.244.60.193	192.168.2.6
Jan 15, 2025 01:19:55.506349087 CET	49721	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:19:55.574253082 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.583307981 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.583328009 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.583417892 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.583445072 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:55.585525990 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:55.594350100 CET	49737	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:55.594367027 CET	443	49737	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:55.995652914 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.007152081 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.007189035 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.008254051 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.008330107 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.016772032 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.016846895 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.016933918 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.016947031 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.034116983 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.046341896 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:56.046367884 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.047468901 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.048234940 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:56.065650940 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.071758032 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:56.071974039 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.081862926 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.082113981 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:56.082139969 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.083837986 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.083848953 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.084938049 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.085016966 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.096254110 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.129101038 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:56.149497986 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.179661036 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.179806948 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.180479050 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.180490017 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.180738926 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.180769920 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.181757927 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.181768894 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.181830883 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.187750101 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.187829971 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.187906027 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.195148945 CET	49752	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:56.195182085 CET	443	49752	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:56.195260048 CET	49752	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:56.199851990 CET	49752	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:56.199865103 CET	443	49752	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:56.225466967 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.235332012 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.241460085 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.241472960 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.281502962 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.285497904 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.310906887 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.313832998 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.313842058 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.313870907 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.313888073 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.313900948 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.313913107 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.313925982 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.313951015 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.313956022 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.313986063 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.327966928 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.327976942 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.328008890 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.328035116 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:56.328042030 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.328094959 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:56.328469992 CET	49743	443	192.168.2.6	169.150.247.36
Jan 15, 2025 01:19:56.328488111 CET	443	49743	169.150.247.36	192.168.2.6
Jan 15, 2025 01:19:56.360126972 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.368407011 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.368484974 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.368499994 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.368588924 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.368637085 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.369194031 CET	49744	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.369210005 CET	443	49744	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.371660948 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.387744904 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:56.387778997 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:56.387986898 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:56.388238907 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:56.388250113 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:56.393717051 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.401350021 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.401361942 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.401374102 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.401426077 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.401447058 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.401505947 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.408598900 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.408658981 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.408658981 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.408756971 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.420747042 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.420778036 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.420799017 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.420810938 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.420834064 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.420854092 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.420874119 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.420878887 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.420897007 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.420908928 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.420924902 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.420928955 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.420952082 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.437338114 CET	49746	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.437372923 CET	443	49746	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.472873926 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.484066963 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.484164000 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.484174967 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.484262943 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.484380007 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.484568119 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.484568119 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:56.484580040 CET	443	49745	144.76.236.44	192.168.2.6
Jan 15, 2025 01:19:56.484622955 CET	49745	443	192.168.2.6	144.76.236.44
Jan 15, 2025 01:19:57.003401041 CET	443	49752	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:57.003488064 CET	49752	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:57.010251045 CET	49752	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:57.010262012 CET	443	49752	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:57.011080980 CET	443	49752	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:57.013348103 CET	49752	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:57.013415098 CET	49752	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:57.013421059 CET	443	49752	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:57.013720036 CET	49752	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:57.059320927 CET	443	49752	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:57.113430023 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:57.113970041 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:57.113979101 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:57.114883900 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:57.114950895 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:57.116211891 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:57.116276979 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:57.116746902 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:57.116753101 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:57.158185959 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:57.187974930 CET	443	49752	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:57.188107014 CET	443	49752	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:57.188165903 CET	49752	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:57.188657045 CET	49752	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:19:57.188673973 CET	443	49752	40.113.110.67	192.168.2.6
Jan 15, 2025 01:19:57.394423962 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:57.404076099 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:57.404109955 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:57.404124975 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:57.404139042 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:19:57.404141903 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:57.404323101 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:57.405297995 CET	49758	443	192.168.2.6	169.150.247.38
Jan 15, 2025 01:19:57.405322075 CET	443	49758	169.150.247.38	192.168.2.6
Jan 15, 2025 01:20:00.185199976 CET	443	49717	216.58.206.36	192.168.2.6
Jan 15, 2025 01:20:00.185250998 CET	443	49717	216.58.206.36	192.168.2.6
Jan 15, 2025 01:20:00.185376883 CET	49717	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:20:01.493834972 CET	49717	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:20:01.493861914 CET	443	49717	216.58.206.36	192.168.2.6
Jan 15, 2025 01:20:08.918051004 CET	49841	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:08.918083906 CET	443	49841	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:08.918167114 CET	49841	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:08.918961048 CET	49841	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:08.918972969 CET	443	49841	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:09.730942965 CET	443	49841	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:09.731066942 CET	49841	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:09.736471891 CET	49841	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:09.736476898 CET	443	49841	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:09.736865997 CET	443	49841	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:09.738523006 CET	49841	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:09.738583088 CET	49841	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:09.738586903 CET	443	49841	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:09.738715887 CET	49841	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:09.783322096 CET	443	49841	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:09.917987108 CET	443	49841	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:09.918085098 CET	443	49841	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:09.918179989 CET	49841	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:09.918288946 CET	49841	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:09.918303967 CET	443	49841	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:28.306202888 CET	63111	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:20:28.311041117 CET	53	63111	1.1.1.1	192.168.2.6
Jan 15, 2025 01:20:28.311103106 CET	63111	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:20:28.311139107 CET	63111	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:20:28.315990925 CET	53	63111	1.1.1.1	192.168.2.6
Jan 15, 2025 01:20:28.758666039 CET	53	63111	1.1.1.1	192.168.2.6
Jan 15, 2025 01:20:28.759756088 CET	63111	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:20:28.767417908 CET	53	63111	1.1.1.1	192.168.2.6
Jan 15, 2025 01:20:28.767472982 CET	63111	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:20:29.087876081 CET	63118	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:29.087971926 CET	443	63118	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:29.088116884 CET	63118	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:29.088653088 CET	63118	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:29.088679075 CET	443	63118	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:29.885281086 CET	443	63118	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:29.885382891 CET	63118	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:29.886961937 CET	63118	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:29.886977911 CET	443	63118	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:29.887307882 CET	443	63118	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:29.889035940 CET	63118	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:29.889096975 CET	63118	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:29.889105082 CET	443	63118	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:29.889238119 CET	63118	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:29.935337067 CET	443	63118	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:30.059988022 CET	443	63118	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:30.060216904 CET	443	63118	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:30.060277939 CET	63118	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:30.060434103 CET	63118	443	192.168.2.6	40.113.110.67
Jan 15, 2025 01:20:30.060458899 CET	443	63118	40.113.110.67	192.168.2.6
Jan 15, 2025 01:20:37.846313953 CET	49722	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:20:37.851385117 CET	80	49722	143.244.60.193	192.168.2.6
Jan 15, 2025 01:20:39.221005917 CET	49728	80	192.168.2.6	178.63.2.112
Jan 15, 2025 01:20:39.227363110 CET	80	49728	178.63.2.112	192.168.2.6
Jan 15, 2025 01:20:40.455383062 CET	49721	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:20:40.460263014 CET	80	49721	143.244.60.193	192.168.2.6
Jan 15, 2025 01:20:49.675762892 CET	63166	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:20:49.675843954 CET	443	63166	216.58.206.36	192.168.2.6
Jan 15, 2025 01:20:49.675987005 CET	63166	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:20:49.676197052 CET	63166	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:20:49.676218033 CET	443	63166	216.58.206.36	192.168.2.6
Jan 15, 2025 01:20:50.315592051 CET	443	63166	216.58.206.36	192.168.2.6
Jan 15, 2025 01:20:50.316050053 CET	63166	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:20:50.316092014 CET	443	63166	216.58.206.36	192.168.2.6
Jan 15, 2025 01:20:50.316396952 CET	443	63166	216.58.206.36	192.168.2.6
Jan 15, 2025 01:20:50.316696882 CET	63166	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:20:50.316762924 CET	443	63166	216.58.206.36	192.168.2.6
Jan 15, 2025 01:20:50.361913919 CET	63166	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:20:53.241550922 CET	80	49722	143.244.60.193	192.168.2.6
Jan 15, 2025 01:20:53.241682053 CET	49722	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:20:53.503977060 CET	49722	80	192.168.2.6	143.244.60.193
Jan 15, 2025 01:20:53.509164095 CET	80	49722	143.244.60.193	192.168.2.6
Jan 15, 2025 01:20:56.832556009 CET	63167	443	192.168.2.6	40.113.103.199
Jan 15, 2025 01:20:56.832600117 CET	443	63167	40.113.103.199	192.168.2.6
Jan 15, 2025 01:20:56.832694054 CET	63167	443	192.168.2.6	40.113.103.199
Jan 15, 2025 01:20:56.833530903 CET	63167	443	192.168.2.6	40.113.103.199
Jan 15, 2025 01:20:56.833544016 CET	443	63167	40.113.103.199	192.168.2.6
Jan 15, 2025 01:20:57.653492928 CET	443	63167	40.113.103.199	192.168.2.6
Jan 15, 2025 01:20:57.653609991 CET	63167	443	192.168.2.6	40.113.103.199
Jan 15, 2025 01:20:57.656084061 CET	63167	443	192.168.2.6	40.113.103.199
Jan 15, 2025 01:20:57.656114101 CET	443	63167	40.113.103.199	192.168.2.6
Jan 15, 2025 01:20:57.656898975 CET	443	63167	40.113.103.199	192.168.2.6
Jan 15, 2025 01:20:57.659086943 CET	63167	443	192.168.2.6	40.113.103.199
Jan 15, 2025 01:20:57.659141064 CET	63167	443	192.168.2.6	40.113.103.199
Jan 15, 2025 01:20:57.659168005 CET	443	63167	40.113.103.199	192.168.2.6
Jan 15, 2025 01:20:57.659260035 CET	63167	443	192.168.2.6	40.113.103.199
Jan 15, 2025 01:20:57.699337959 CET	443	63167	40.113.103.199	192.168.2.6
Jan 15, 2025 01:20:57.836586952 CET	443	63167	40.113.103.199	192.168.2.6
Jan 15, 2025 01:20:57.836689949 CET	443	63167	40.113.103.199	192.168.2.6
Jan 15, 2025 01:20:57.836760044 CET	63167	443	192.168.2.6	40.113.103.199
Jan 15, 2025 01:20:57.837064028 CET	63167	443	192.168.2.6	40.113.103.199
Jan 15, 2025 01:20:57.837116003 CET	443	63167	40.113.103.199	192.168.2.6
Jan 15, 2025 01:21:00.249507904 CET	443	63166	216.58.206.36	192.168.2.6
Jan 15, 2025 01:21:00.249583006 CET	443	63166	216.58.206.36	192.168.2.6
Jan 15, 2025 01:21:00.249644041 CET	63166	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:21:01.504226923 CET	63166	443	192.168.2.6	216.58.206.36
Jan 15, 2025 01:21:01.504266977 CET	443	63166	216.58.206.36	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 01:19:47.313059092 CET	53	64969	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:47.316713095 CET	53	53410	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:48.375469923 CET	53	50453	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:49.612940073 CET	50630	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:49.613200903 CET	50403	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:49.620089054 CET	53	50403	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:49.620130062 CET	53	50630	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:52.818468094 CET	63736	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:52.819282055 CET	60458	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:52.827488899 CET	53	63736	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:52.827505112 CET	53	60458	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:53.553560019 CET	61861	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:53.553762913 CET	58338	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:53.554251909 CET	59205	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:53.554567099 CET	59194	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:53.555917978 CET	63120	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:53.555917978 CET	59214	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:53.561057091 CET	53	58338	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:53.562484980 CET	53	63120	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:53.562876940 CET	53	59205	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:53.563420057 CET	53	61861	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:53.563926935 CET	53	59194	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:53.564744949 CET	53	59214	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:54.213936090 CET	59421	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:54.214097023 CET	53364	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:54.220901012 CET	53	53364	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:54.221230984 CET	53	59421	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:54.532948971 CET	60590	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:54.533094883 CET	64290	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:54.539892912 CET	53	60590	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:54.541414022 CET	53	64290	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:55.295032978 CET	65475	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:55.295969963 CET	64884	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:55.303814888 CET	53	65475	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:55.307279110 CET	53	64884	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:56.365888119 CET	61378	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:56.366141081 CET	55977	53	192.168.2.6	1.1.1.1
Jan 15, 2025 01:19:56.376470089 CET	53	61378	1.1.1.1	192.168.2.6
Jan 15, 2025 01:19:56.378918886 CET	53	55977	1.1.1.1	192.168.2.6
Jan 15, 2025 01:20:05.497540951 CET	53	58898	1.1.1.1	192.168.2.6
Jan 15, 2025 01:20:24.261451960 CET	53	56898	1.1.1.1	192.168.2.6
Jan 15, 2025 01:20:28.305772066 CET	53	50825	1.1.1.1	192.168.2.6
Jan 15, 2025 01:20:45.465459108 CET	53	60523	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 15, 2025 01:19:49.612940073 CET	192.168.2.6	1.1.1.1	0x309b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:49.613200903 CET	192.168.2.6	1.1.1.1	0x9220	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 15, 2025 01:19:52.818468094 CET	192.168.2.6	1.1.1.1	0xd4c9	Standard query (0)	iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:52.819282055 CET	192.168.2.6	1.1.1.1	0x7e8	Standard query (0)	iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net	65	IN (0x0001)	false
Jan 15, 2025 01:19:53.553560019 CET	192.168.2.6	1.1.1.1	0x5758	Standard query (0)	fonts.bunny.net	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:53.553762913 CET	192.168.2.6	1.1.1.1	0xb7a2	Standard query (0)	fonts.bunny.net	65	IN (0x0001)	false
Jan 15, 2025 01:19:53.554251909 CET	192.168.2.6	1.1.1.1	0xebc	Standard query (0)	bunnycdn.b-cdn.net	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:53.554567099 CET	192.168.2.6	1.1.1.1	0x332a	Standard query (0)	bunnycdn.b-cdn.net	65	IN (0x0001)	false
Jan 15, 2025 01:19:53.555917978 CET	192.168.2.6	1.1.1.1	0x28f6	Standard query (0)	bunny.net	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:53.555917978 CET	192.168.2.6	1.1.1.1	0x5556	Standard query (0)	bunny.net	65	IN (0x0001)	false
Jan 15, 2025 01:19:54.213936090 CET	192.168.2.6	1.1.1.1	0x4dab	Standard query (0)	fonts.bunny.net	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:54.214097023 CET	192.168.2.6	1.1.1.1	0xde7	Standard query (0)	fonts.bunny.net	65	IN (0x0001)	false
Jan 15, 2025 01:19:54.532948971 CET	192.168.2.6	1.1.1.1	0x3030	Standard query (0)	bunny.net	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:54.533094883 CET	192.168.2.6	1.1.1.1	0xc628	Standard query (0)	bunny.net	65	IN (0x0001)	false
Jan 15, 2025 01:19:55.295032978 CET	192.168.2.6	1.1.1.1	0x1bce	Standard query (0)	bunnycdn.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:55.295969963 CET	192.168.2.6	1.1.1.1	0x4d71	Standard query (0)	bunnycdn.com	65	IN (0x0001)	false
Jan 15, 2025 01:19:56.365888119 CET	192.168.2.6	1.1.1.1	0xc2f9	Standard query (0)	bunnycdn.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:56.366141081 CET	192.168.2.6	1.1.1.1	0x409b	Standard query (0)	bunnycdn.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 01:19:49.620089054 CET	1.1.1.1	192.168.2.6	0x9220	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 15, 2025 01:19:49.620130062 CET	1.1.1.1	192.168.2.6	0x309b	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:52.827488899 CET	1.1.1.1	192.168.2.6	0xd4c9	No error (0)	iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net		143.244.60.193	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:53.561057091 CET	1.1.1.1	192.168.2.6	0xb7a2	No error (0)	fonts.bunny.net	bunnyfonts.b-cdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 01:19:53.562484980 CET	1.1.1.1	192.168.2.6	0x28f6	No error (0)	bunny.net		212.102.46.118	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:53.562876940 CET	1.1.1.1	192.168.2.6	0xebc	No error (0)	bunnycdn.b-cdn.net		169.150.247.39	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:53.563420057 CET	1.1.1.1	192.168.2.6	0x5758	No error (0)	fonts.bunny.net	bunnyfonts.b-cdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 01:19:53.563420057 CET	1.1.1.1	192.168.2.6	0x5758	No error (0)	bunnyfonts.b-cdn.net		178.63.2.112	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:54.220901012 CET	1.1.1.1	192.168.2.6	0xde7	No error (0)	fonts.bunny.net	bunnyfonts.b-cdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 01:19:54.221230984 CET	1.1.1.1	192.168.2.6	0x4dab	No error (0)	fonts.bunny.net	bunnyfonts.b-cdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 15, 2025 01:19:54.221230984 CET	1.1.1.1	192.168.2.6	0x4dab	No error (0)	bunnyfonts.b-cdn.net		144.76.236.44	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:54.539892912 CET	1.1.1.1	192.168.2.6	0x3030	No error (0)	bunny.net		169.150.247.38	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:55.303814888 CET	1.1.1.1	192.168.2.6	0x1bce	No error (0)	bunnycdn.com		169.150.247.36	A (IP address)	IN (0x0001)	false
Jan 15, 2025 01:19:56.376470089 CET	1.1.1.1	192.168.2.6	0xc2f9	No error (0)	bunnycdn.com		169.150.247.38	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net

bunnycdn.b-cdn.net

bunny.net

fonts.bunny.net

https:

bunnycdn.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49721	143.244.60.193	80	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 01:19:52.836477995 CET	462	OUT	GET / HTTP/1.1 Host: iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 01:19:53.326051950 CET	724	IN	HTTP/1.1 403 Forbidden Date: Wed, 15 Jan 2025 00:19:53 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Server: BunnyCDN-IL1-1236 CDN-RequestId: 068fb1a768bf8e192b6a51b88a43b0bf Content-Encoding: gzip Data Raw: 31 63 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 92 dd 6e 9c 30 10 85 ef fb 14 23 5f 07 bc d9 f4 47 dd 00 95 da dc 44 aa 72 d1 37 30 78 80 d1 1a 1b d9 03 29 7d fa 8e d9 66 b7 55 25 86 0b c6 3e e7 3b 33 54 23 4f ae a9 46 34 b6 81 ca 91 3f c3 18 b1 af d5 c8 3c 9f b4 ee 83 e7 54 b6 8b f7 5b e9 91 75 97 d2 97 de 4c e4 b6 fa c7 d2 d2 f9 f4 70 38 dc bd 97 fa 20 f5 49 ea f3 e1 a0 20 a2 ab 55 e2 cd 61 1a 11 59 01 6f 33 d6 8a f1 e7 ae a0 de ac fe 3b 77 f3 4e 62 be db 76 d6 97 6d 91 df d9 df a4 84 9c b4 33 de 92 1f 66 33 60 16 d4 8b ef 82 ef 69 58 22 da f2 8f 03 13 3b 6c be 66 8d 6f 4f 2f f0 12 2c c2 f3 f7 fb e2 fe f8 f0 b1 d2 97 6e a5 f7 e4 55 1b ec 26 50 96 56 20 2b e1 e5 23 c6 8c 69 2e 59 7c e8 83 73 e1 55 fd 35 9d 2b 61 06 53 4d 45 d3 00 7b e6 5a ad 18 99 3a e3 0a e3 68 f0 a7 89 ac 75 f8 08 34 09 6f 11 d1 8b b8 d0 9f a0 78 c5 f6 4c 5c 84 99 69 a2 5f 58 48 0a 8e 26 f1 a3 82 14 bb cb 16 fe f1 d1 eb 51 ef 32 e9 32 1d b1 2e 5c 18 42 99 d6 41 e9 a6 d2 46 4a 62 34 d7 2c 59 12 bd 00 42 35 1e 9b a7 30 19 f2 90 96 [TRUNCATED] Data Ascii: 1c1en0#_GDr70x)}fU%>;3T#OF4?<T[uLp8 I UaYo3;wNbvm3f3`iX";lfoO/,nU&PV +#i.Y\|sU5+aSME{Z:hu4oxL\i_XH&Q22.\BAFJb4,YB504g!Hrvn{&"`DCp]J 1J3xKD`vhB7bw+1]37Lj4l:i,"s\Bz_?o0
Jan 15, 2025 01:19:55.339330912 CET	438	OUT	GET /favicon.ico HTTP/1.1 Host: iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 01:19:55.452861071 CET	724	IN	HTTP/1.1 403 Forbidden Date: Wed, 15 Jan 2025 00:19:55 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Server: BunnyCDN-IL1-1236 CDN-RequestId: df345204fdaaca3bbc71ab4d51e7afb8 Content-Encoding: gzip Data Raw: 31 63 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 92 dd 6e 9c 30 10 85 ef fb 14 23 5f 07 bc d9 f4 47 dd 00 95 da dc 44 aa 72 d1 37 30 78 80 d1 1a 1b d9 03 29 7d fa 8e d9 66 b7 55 25 86 0b c6 3e e7 3b 33 54 23 4f ae a9 46 34 b6 81 ca 91 3f c3 18 b1 af d5 c8 3c 9f b4 ee 83 e7 54 b6 8b f7 5b e9 91 75 97 d2 97 de 4c e4 b6 fa c7 d2 d2 f9 f4 70 38 dc bd 97 fa 20 f5 49 ea f3 e1 a0 20 a2 ab 55 e2 cd 61 1a 11 59 01 6f 33 d6 8a f1 e7 ae a0 de ac fe 3b 77 f3 4e 62 be db 76 d6 97 6d 91 df d9 df a4 84 9c b4 33 de 92 1f 66 33 60 16 d4 8b ef 82 ef 69 58 22 da f2 8f 03 13 3b 6c be 66 8d 6f 4f 2f f0 12 2c c2 f3 f7 fb e2 fe f8 f0 b1 d2 97 6e a5 f7 e4 55 1b ec 26 50 96 56 20 2b e1 e5 23 c6 8c 69 2e 59 7c e8 83 73 e1 55 fd 35 9d 2b 61 06 53 4d 45 d3 00 7b e6 5a ad 18 99 3a e3 0a e3 68 f0 a7 89 ac 75 f8 08 34 09 6f 11 d1 8b b8 d0 9f a0 78 c5 f6 4c 5c 84 99 69 a2 5f 58 48 0a 8e 26 f1 a3 82 14 bb cb 16 fe f1 d1 eb 51 ef 32 e9 32 1d b1 2e 5c 18 42 99 d6 41 e9 a6 d2 46 4a 62 34 d7 2c 59 12 bd 00 42 35 1e 9b a7 30 19 f2 90 96 [TRUNCATED] Data Ascii: 1c1en0#_GDr70x)}fU%>;3T#OF4?<T[uLp8 I UaYo3;wNbvm3f3`iX";lfoO/,nU&PV +#i.Y\|sU5+aSME{Z:hu4oxL\i_XH&Q22.\BAFJb4,YB504g!Hrvn{&"`DCp]J 1J3xKD`vhB7bw+1]37Lj4l:i,"s\Bz_?o0
Jan 15, 2025 01:20:40.455383062 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49728	178.63.2.112	80	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 01:19:53.571660995 CET	385	OUT	GET /css?family=Rubik:300,400,500,700,900 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 15, 2025 01:19:54.211556911 CET	895	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 15 Jan 2025 00:19:54 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Server: BunnyCDN-DE1-1229 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Location: https://fonts.bunny.net/css?family=Rubik:300,400,500,700,900 CDN-RequestTime: 0 CDN-RequestId: eac4618c3f07ba7d18cc9d5031f5d340 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Jan 15, 2025 01:20:39.221005917 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49722	143.244.60.193	80	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jan 15, 2025 01:20:37.846313953 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49715	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:48 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 4f 4d 47 32 70 38 78 59 33 45 71 66 66 73 4f 64 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 32 37 31 33 34 35 39 65 37 66 66 34 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: OMG2p8xY3EqffsOd.1Context: ba2713459e7ff4f
2025-01-15 00:19:48 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:19:48 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 4f 4d 47 32 70 38 78 59 33 45 71 66 66 73 4f 64 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 32 37 31 33 34 35 39 65 37 66 66 34 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 71 36 79 4e 46 74 59 55 66 68 45 31 65 68 31 61 77 2f 4a 71 75 7a 6f 35 73 62 76 44 30 54 42 35 51 71 59 44 6a 2f 52 4a 6d 4d 36 4e 37 53 32 6f 33 35 48 61 51 6a 79 79 70 4d 62 78 54 74 6b 79 2b 58 6a 42 6e 46 47 53 2f 68 49 48 55 75 6f 66 51 6c 6e 53 7a 77 6d 5a 41 4f 31 33 67 75 6d 78 35 37 39 4c 41 37 39 34 70 59 35 74 67 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: OMG2p8xY3EqffsOd.2Context: ba2713459e7ff4f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfq6yNFtYUfhE1eh1aw/Jquzo5sbvD0TB5QqYDj/RJmM6N7S2o35HaQjyypMbxTtky+XjBnFGS/hIHUuofQlnSzwmZAO13gumx579LA794pY5tg
2025-01-15 00:19:48 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 4f 4d 47 32 70 38 78 59 33 45 71 66 66 73 4f 64 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 32 37 31 33 34 35 39 65 37 66 66 34 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: OMG2p8xY3EqffsOd.3Context: ba2713459e7ff4f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:19:48 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:19:48 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 51 67 72 74 46 44 57 52 44 6b 53 62 50 69 42 44 61 34 77 4c 2b 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: QgrtFDWRDkSbPiBDa4wL+Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49730	169.150.247.39	443	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:54 UTC	601	OUT	GET /assets/landingpage/css/unconfigured.css HTTP/1.1 Host: bunnycdn.b-cdn.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:19:54 UTC	975	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 00:19:54 GMT Content-Type: text/css Content-Length: 1199 Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1082 CDN-PullZone: 390 CDN-Uid: 51eb4203-ff94-48c6-99a5-954f277b91de CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 ETag: "0141189362db1:0" Last-Modified: Thu, 09 Jan 2025 12:36:24 GMT Backend: 1 CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 01/10/2025 03:20:57 CDN-EdgeStorageId: 1082 CDN-Status: 200 CDN-RequestTime: 2 CDN-RequestId: 121d35da27d52b75166afc2751f86034 CDN-Cache: HIT Accept-Ranges: bytes
2025-01-15 00:19:54 UTC	1199	IN	Data Raw: ef bb bf 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 75 62 69 6b 27 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 62 75 6e 6e 79 63 64 6e 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 32 2f 69 6d 61 67 65 73 2f 67 65 6e 65 72 61 6c 2f 69 6c 2d 62 67 2d 62 6c 61 63 6b 2d 66 6c 6f 77 65 72 2e 73 76 67 29 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0d 0a 20 20 Data Ascii: html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-image: url(https://bunnycdn.com/assets/v2/images/general/il-bg-black-flower.svg); background-repeat: no-repeat;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49729	212.102.46.118	443	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:54 UTC	626	OUT	GET /v2/images/bunnynet-logo.svg HTTP/1.1 Host: bunny.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:19:54 UTC	645	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 00:19:54 GMT Content-Type: image/svg+xml Content-Length: 7011 Connection: close Vary: Accept-Encoding Server: BunnyCDN-WA1-1120 CDN-PullZone: 876725 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Cache-Control: public, max-age=31536000 ETag: "1d8176d56a5be63" Last-Modified: Tue, 01 Feb 2022 13:12:18 GMT CDN-ProxyVer: 1.07 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 01/13/2025 14:57:05 CDN-EdgeStorageId: 1120 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: 0106fbf679551b56153ca0a831345b84 CDN-Cache: HIT Accept-Ranges: bytes
2025-01-15 00:19:54 UTC	7011	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 34 38 2e 31 37 20 34 32 2e 37 31 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 63 6c 73 2d 31 2c 2e 63 6c 73 2d 31 30 2c 2e 63 6c 73 2d 31 31 2c 2e 63 6c 73 2d 32 2c 2e 63 6c 73 2d 33 2c 2e 63 6c 73 2d 34 2c 2e 63 6c 73 2d 35 2c 2e 63 6c 73 2d 36 2c 2e 63 6c 73 2d 37 2c 2e 63 6c 73 2d 38 2c 2e 63 6c 73 2d 39 7b 66 69 6c 6c 2d 72 75 6c 65 3a 65 76 65 6e 6f 64 64 3b 7d 2e 63 6c 73 2d 31 7b 66 69 6c 6c 3a 75 72 6c 28 23 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 29 3b Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 148.17 42.71"><defs><style>.cls-1,.cls-10,.cls-11,.cls-2,.cls-3,.cls-4,.cls-5,.cls-6,.cls-7,.cls-8,.cls-9{fill-rule:evenodd;}.cls-1{fill:url(#linear-gradient);

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49736	144.76.236.44	443	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:54 UTC	465	OUT	GET /css?family=Rubik:300,400,500,700,900 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:19:55 UTC	977	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 00:19:53 GMT Content-Type: text/css; charset=utf-8 Content-Length: 14730 Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1222 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Alt-Svc: h3=":443" Cache-Control: public, max-age=2592000 Last-Modified: Sun, 22 Dec 2024 09:48:01 GMT CDN-ProxyVer: 1.07 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 12/22/2024 09:48:01 CDN-EdgeStorageId: 1222 CDN-Status: 200 CDN-RequestTime: 1 CDN-RequestId: 777868917a70d60c2f6d8c0994f1555c CDN-Cache: HIT Accept-Ranges: bytes
2025-01-15 00:19:55 UTC	14730	IN	Data Raw: 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 75 62 69 6b 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 66 6f 6e 74 2d 73 74 72 65 74 63 68 3a 20 31 30 30 25 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 72 75 62 69 6b 2f 66 69 6c 65 73 2f 72 75 62 69 6b 2d 6c 61 74 69 6e 2d 33 30 30 2d 6e 6f 72 6d 61 6c 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 2c 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 72 75 62 69 6b 2f 66 69 6c 65 73 2f 72 75 62 69 6b 2d 6c 61 Data Ascii: /* latin */@font-face { font-family: 'Rubik'; font-style: normal; font-weight: 300; font-stretch: 100%; src: url(https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2) format('woff2'), url(https://fonts.bunny.net/rubik/files/rubik-la

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49737	169.150.247.38	443	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:55 UTC	360	OUT	GET /v2/images/bunnynet-logo.svg HTTP/1.1 Host: bunny.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:19:55 UTC	645	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 00:19:55 GMT Content-Type: image/svg+xml Content-Length: 7011 Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1081 CDN-PullZone: 876725 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Cache-Control: public, max-age=31536000 ETag: "1d8176d56a5be63" Last-Modified: Tue, 01 Feb 2022 13:12:18 GMT CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 01/12/2025 12:17:15 CDN-EdgeStorageId: 1079 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: c1dc5000cfbf321340259d3d8ae038c3 CDN-Cache: HIT Accept-Ranges: bytes
2025-01-15 00:19:55 UTC	7011	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 34 38 2e 31 37 20 34 32 2e 37 31 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 63 6c 73 2d 31 2c 2e 63 6c 73 2d 31 30 2c 2e 63 6c 73 2d 31 31 2c 2e 63 6c 73 2d 32 2c 2e 63 6c 73 2d 33 2c 2e 63 6c 73 2d 34 2c 2e 63 6c 73 2d 35 2c 2e 63 6c 73 2d 36 2c 2e 63 6c 73 2d 37 2c 2e 63 6c 73 2d 38 2c 2e 63 6c 73 2d 39 7b 66 69 6c 6c 2d 72 75 6c 65 3a 65 76 65 6e 6f 64 64 3b 7d 2e 63 6c 73 2d 31 7b 66 69 6c 6c 3a 75 72 6c 28 23 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 29 3b Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 148.17 42.71"><defs><style>.cls-1,.cls-10,.cls-11,.cls-2,.cls-3,.cls-4,.cls-5,.cls-6,.cls-7,.cls-8,.cls-9{fill-rule:evenodd;}.cls-1{fill:url(#linear-gradient);

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49744	144.76.236.44	443	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:56 UTC	649	OUT	GET /rubik/files/rubik-latin-700-normal.woff2 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://fonts.bunny.net/css?family=Rubik:300,400,500,700,900 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:19:56 UTC	992	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 00:19:54 GMT Content-Type: font/woff2 Content-Length: 19064 Connection: close Server: BunnyCDN-DE1-1222 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 ETag: "66f08ecd-4a78" Last-Modified: Sun, 22 Sep 2024 21:40:29 GMT CDN-StorageServer: DE-677 CDN-FileServer: 658 CDN-ProxyVer: 1.07 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 11/22/2024 09:35:08 CDN-EdgeStorageId: 1222 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: d4322351110ecd6544bbed057e510cc4 CDN-Cache: HIT Accept-Ranges: bytes
2025-01-15 00:19:56 UTC	16384	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 4a 78 00 10 00 00 00 00 bc 84 00 00 4a 15 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 81 3e 1b f8 2e 1c 89 62 06 60 3f 53 54 41 54 44 00 84 76 11 08 0a 81 cd 64 81 a2 4d 0b 84 4e 00 01 36 02 24 03 89 18 04 20 05 84 56 07 8b 55 0c 07 1b 80 a3 07 f0 a6 a3 d5 72 3b 00 ff 9d bf bd b6 23 11 ba 1d 11 89 f2 bc 66 24 c2 6a 74 c3 e4 ff ff 9c 04 df 73 c8 ce 59 ef 03 99 d6 56 c2 21 1c 51 4a a5 f5 da 7a 1b 9a ef de b5 ba 9a 6a 1d b3 a9 a9 35 56 4d 4b 0f 9d a0 b2 87 0d 54 49 76 ed 2e 34 6d c1 21 1c c2 31 3e b8 6b 9a ad 33 2c b8 08 85 43 38 84 d9 a1 70 5f 71 9b 1d 76 1d b6 b1 60 c1 a2 e5 1f 55 3d bc e4 4f 97 39 d7 a7 25 e4 2c ff e4 63 cf 9c ff d4 26 6f 68 3a fc 97 57 61 51 6f 13 39 8d bc 3b 0d 0d ed ac 76 d8 Data Ascii: wOF2JxJ>.b`?STATDvdMN6$ VUr;#f$jtsYV!QJzj5VMKTIv.4m!1>k3,C8p_qv`U=O9%,c&oh:WaQo9;v
2025-01-15 00:19:56 UTC	2680	IN	Data Raw: 0f 3b 8f 91 29 73 43 42 99 c0 b9 32 71 c8 46 99 0a e6 7d 82 42 96 0b cc 57 08 b6 6c 22 45 d4 32 99 3c af 7c 85 b4 b5 f0 9b 7f 5a 11 82 cc 02 06 0d 09 74 77 ed fc 83 54 80 87 c7 5b bb 02 08 8d 6e 40 98 c3 15 fa 72 fd 30 93 08 ca 9f 23 cf eb 79 cd 6b 09 c3 62 4a d7 ad e4 f3 03 eb a4 4c 72 98 53 ad c3 1e 9a fb ef fd fa db cd dc 93 ad 83 40 ff 3a 39 e2 f9 55 f7 81 7b 7e 22 4f 2e 51 47 4e 17 d3 5f 23 8f a3 82 99 b0 6d 85 e4 6d 04 57 a9 7b 43 0d 5e 88 9d 39 b6 c8 ed 28 67 64 6c a3 ec 34 20 2a 93 e5 14 06 26 ca ff 89 b8 0b ec 19 11 96 d9 51 af b8 0c 93 51 f0 75 ee 8d 41 4d 9f 53 95 7b 49 92 cb 87 10 f3 e7 14 e5 db 24 90 e5 df b6 52 8a a1 b0 42 5c 49 5d 11 04 76 e1 e7 28 20 fd 57 d2 19 d5 30 c8 5a 4c ae d1 19 fa 38 5b 2b 9d 9b 3c 60 ff 4a 7b b8 78 79 b7 93 c0 61 Data Ascii: ;)sCB2qF}BWl"E2<\|ZtwT[n@r0#ykbJLrS@:9U{~"O.QGN_#mmW{C^9(gdl4 *&QQuAMS{I$RB\I]v( W0ZL8[+<`J{xya

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49743	169.150.247.36	443	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:56 UTC	621	OUT	GET /assets/v2/images/general/il-bg-black-flower.svg HTTP/1.1 Host: bunnycdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bunnycdn.b-cdn.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:19:56 UTC	654	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 00:19:56 GMT Content-Type: image/svg+xml Content-Length: 7267 Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1079 CDN-PullZone: 390 CDN-Uid: 51eb4203-ff94-48c6-99a5-954f277b91de CDN-RequestCountryCode: US Cache-Control: public, max-age=2592000 ETag: "0a1af20e05ddb1:0" Last-Modified: Fri, 03 Jan 2025 13:05:14 GMT Backend: 1 CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 01/06/2025 12:28:38 CDN-EdgeStorageId: 1082 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: 06081f3e0509bed276bcb32df4488dd4 CDN-Cache: HIT Accept-Ranges: bytes
2025-01-15 00:19:56 UTC	7267	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 73 76 67 20 77 69 64 74 68 3d 22 32 38 38 30 70 78 22 20 68 65 69 67 68 74 3d 22 31 34 32 34 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 38 38 30 20 31 34 32 34 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 3e 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 53 6b 65 74 63 68 20 35 32 2e 35 20 28 36 37 34 36 39 29 20 2d 20 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 68 65 6d 69 61 6e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><svg width="2880px" height="1424px" viewBox="0 0 2880 1424" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> ... Generator: Sketch 52.5 (67469) - http://www.bohemian

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49746	144.76.236.44	443	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:56 UTC	649	OUT	GET /rubik/files/rubik-latin-300-normal.woff2 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://fonts.bunny.net/css?family=Rubik:300,400,500,700,900 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:19:56 UTC	992	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 00:19:55 GMT Content-Type: font/woff2 Content-Length: 17556 Connection: close Server: BunnyCDN-DE1-1222 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 ETag: "66f08ec6-4494" Last-Modified: Sun, 22 Sep 2024 21:40:22 GMT CDN-StorageServer: DE-637 CDN-FileServer: 635 CDN-ProxyVer: 1.07 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 11/22/2024 09:35:08 CDN-EdgeStorageId: 1222 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: 6ad78830f009338f22cb8665cd5e1464 CDN-Cache: HIT Accept-Ranges: bytes
2025-01-15 00:19:56 UTC	16384	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 44 94 00 10 00 00 00 00 ba a8 00 00 44 31 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 81 3e 1b f7 52 1c 89 30 06 60 3f 53 54 41 54 44 00 84 76 11 08 0a 81 cb 34 81 a2 67 0b 84 4a 00 01 36 02 24 03 89 10 04 20 05 84 78 07 8b 26 0c 07 1b f7 a2 07 d8 36 8d f8 59 77 02 a9 b5 26 d9 9d 7c 34 a2 71 3b 28 4a 50 7c f3 11 a9 48 d7 ca fe ff bf 26 c8 31 46 73 d4 21 a8 f5 9f 70 08 47 92 30 ab 54 55 ea 55 4d 1b 92 de 75 d4 ea 9c 63 8a f1 51 6a 4d 18 d3 f7 6b 99 6f 9b f2 65 09 6c df b7 39 d8 bd 72 84 56 26 e6 b7 74 18 97 7b 76 13 06 47 a4 1d d3 2f b5 18 67 b8 09 83 05 8b ca 4e 9d a3 0c 95 ef cb 88 fc f4 8f 76 fc e1 2e 5b a9 6f cc 04 47 e8 10 6a 2e 6c 2d 3d 7a a7 e5 0b bf f1 2f be 08 8c 5b ec a8 33 f3 f2 fc ff Data Ascii: wOF2DD1>R0`?STATDv4gJ6$ x&6Yw&\|4q;(JP\|H&1Fs!pG0TUUMucQjMkoel9rV&t{vG/gNv.[oGj.l-=z/[3
2025-01-15 00:19:56 UTC	1172	IN	Data Raw: 93 14 83 17 6a 7d 7b 51 25 c1 af 8a a6 22 62 c9 76 ec b9 fe 7a b0 9d dd c6 3e 79 ab a5 49 e6 ea 30 0c 80 6b 81 ef e8 7c 12 ef be ba 2f ea 1e 97 5f c5 22 80 e8 ec a2 be 17 71 49 a0 27 54 3d 94 5c 8c af 79 6a 3a ce bd 63 ec 9d 25 e6 bc 44 b2 ef 43 58 e7 cb 0d b1 25 0c 3e 78 36 ff 57 01 ed 05 e5 f2 52 9b 54 82 a6 56 5c 9a a2 5a c9 12 3e d2 77 0d 36 d0 0c 7a 4f e2 ae 56 ae ab 4b 76 2e be 5a 66 48 91 66 66 bb ae ca 65 fb 5c 3e 2e 79 db 26 ed 0e c5 52 98 8e 9f b3 3d e9 a6 b1 d5 cf e1 8a e2 d5 ec 72 4f c1 33 bf c8 ca 19 77 9e 79 af b0 2f 46 3d da b7 f1 7a a5 6d 85 82 49 05 e6 10 9d 5b 41 df 89 f4 3d dd 8c 42 4b 57 b8 90 82 b6 89 2e c6 27 f6 33 07 60 2f c1 01 a1 8c ee c7 24 bb 08 d9 64 81 66 23 65 c2 46 30 c2 5c 58 f8 f3 e5 e5 d7 7a 9f 09 90 d9 26 23 69 46 dc 55 Data Ascii: j}{Q%"bvz>yI0k\|/_"qI'T=\yj:c%DCX%>x6WRTV\Z>w6zOVKv.ZfHffe\>.y&R=rO3wy/F=zmI[A=BKW.'3`/$df#eF0\Xz&#iFU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49745	144.76.236.44	443	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:56 UTC	649	OUT	GET /rubik/files/rubik-latin-400-normal.woff2 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://fonts.bunny.net/css?family=Rubik:300,400,500,700,900 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:19:56 UTC	992	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 00:19:55 GMT Content-Type: font/woff2 Content-Length: 18856 Connection: close Server: BunnyCDN-DE1-1222 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 ETag: "66f08ec8-49a8" Last-Modified: Sun, 22 Sep 2024 21:40:24 GMT CDN-StorageServer: DE-638 CDN-FileServer: 647 CDN-ProxyVer: 1.07 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 11/22/2024 09:34:13 CDN-EdgeStorageId: 1222 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: bd3747cec886e23ce8d06df0d9118f41 CDN-Cache: HIT Accept-Ranges: bytes
2025-01-15 00:19:56 UTC	16384	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 49 a8 00 10 00 00 00 00 bb 04 00 00 49 44 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 81 3e 1b f8 3a 1c 89 30 06 60 3f 53 54 41 54 48 00 84 76 11 08 0a 81 cb 38 81 a2 1c 0b 84 4a 00 01 36 02 24 03 89 10 04 20 05 84 62 07 8b 26 0c 07 1b 02 a3 07 d8 36 ed 1e 76 db 00 60 b3 8d ee 8b 9f 7a 05 e7 44 5f 6e c7 fb c2 1d de 7d 64 20 d8 38 00 b1 cc 5f 4b f2 ff 7f 4a 82 92 31 f6 fc f4 d8 30 c9 52 4a 38 84 a3 d3 41 d9 13 d5 38 5e 35 a8 53 53 59 f4 a9 b7 4a 75 55 89 cc 2e 94 aa 4f da 61 bf 89 c5 72 e3 7a e4 ed 78 f9 71 d8 14 8e c7 12 3e b0 60 d1 70 8c 19 bd 38 09 83 79 e8 c4 72 65 2e ce 76 24 a9 de cc cd e7 16 c3 d1 d4 a5 b1 a7 8c fc fe 7f 97 eb 3e db 15 af 1d dc f1 8c 7f d9 cb f3 2c 5b 81 44 34 08 81 af a6 Data Ascii: wOF2IID>:0`?STATHv8J6$ b&6v`zD_n}d 8_KJ10RJ8A8^5SSYJuU.Oarzxq>`p8yre.v$>,[D4
2025-01-15 00:19:56 UTC	2472	IN	Data Raw: c8 56 b2 21 02 d9 6a b6 2a d0 a4 19 97 a7 51 df e1 93 a4 64 5c fe a5 41 1a 8c 45 d4 35 43 d3 e6 1d ec 1d 22 81 1c fe 2f 0a 95 02 05 03 28 ac aa e2 02 32 07 61 4c 12 8c d0 72 d7 63 7c c5 27 0f 02 4e 23 c3 86 23 28 96 d3 14 9b 31 b6 d6 21 a2 f2 8a 17 63 20 8f ba be 87 e0 27 5a fa 66 8c eb 5f 99 93 1c 86 0c 24 77 c8 c3 74 ed 83 40 79 c6 28 9f 60 bc 7a ba 87 0e 1e df 21 7f 39 65 46 53 98 c4 ca 18 a7 fd 36 23 5e 1b 46 18 e9 c0 94 3b 4f 1b 09 af a3 5a fa 2d 2d 9e ce 22 85 67 34 cd fa 92 0c 92 77 e8 14 64 cf 60 45 29 ec b9 d5 02 f7 53 87 a4 27 e9 09 fe 4d 02 23 3f 5b da 06 24 c8 16 48 b0 c5 32 86 2a e4 cf 70 49 70 fd 24 d3 ca c0 fa 9f e4 02 85 9c a2 28 48 91 17 24 4b 43 40 fd 1c 2a c8 f5 6c 8c 1d 74 ca fe e5 64 a9 db 9c 46 df 31 f2 0f 16 8f 71 b0 0a db 07 c1 6c Data Ascii: V!jQd\AE5C"/(2aLrc\|'N##(1!c 'Zf_$wt@y(`z!9eFS6#^F;OZ--"g4wd`E)S'M#?[$H2pIp$(H$KC@*ltdF1ql

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49752	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:57 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 30 70 71 37 56 53 39 65 4f 30 43 78 79 34 77 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 36 34 34 65 34 34 63 66 33 39 35 33 39 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 0pq7VS9eO0Cxy4wA.1Context: df644e44cf39539c
2025-01-15 00:19:57 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:19:57 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 30 70 71 37 56 53 39 65 4f 30 43 78 79 34 77 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 36 34 34 65 34 34 63 66 33 39 35 33 39 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 71 36 79 4e 46 74 59 55 66 68 45 31 65 68 31 61 77 2f 4a 71 75 7a 6f 35 73 62 76 44 30 54 42 35 51 71 59 44 6a 2f 52 4a 6d 4d 36 4e 37 53 32 6f 33 35 48 61 51 6a 79 79 70 4d 62 78 54 74 6b 79 2b 58 6a 42 6e 46 47 53 2f 68 49 48 55 75 6f 66 51 6c 6e 53 7a 77 6d 5a 41 4f 31 33 67 75 6d 78 35 37 39 4c 41 37 39 34 70 59 35 74 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 0pq7VS9eO0Cxy4wA.2Context: df644e44cf39539c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfq6yNFtYUfhE1eh1aw/Jquzo5sbvD0TB5QqYDj/RJmM6N7S2o35HaQjyypMbxTtky+XjBnFGS/hIHUuofQlnSzwmZAO13gumx579LA794pY5t
2025-01-15 00:19:57 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 30 70 71 37 56 53 39 65 4f 30 43 78 79 34 77 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 66 36 34 34 65 34 34 63 66 33 39 35 33 39 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 0pq7VS9eO0Cxy4wA.3Context: df644e44cf39539c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:19:57 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:19:57 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 31 31 6a 78 6c 56 73 38 2f 55 53 70 79 39 6d 79 64 31 4c 66 4f 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 11jxlVs8/USpy9myd1LfOg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49758	169.150.247.38	443	6704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:19:57 UTC	383	OUT	GET /assets/v2/images/general/il-bg-black-flower.svg HTTP/1.1 Host: bunnycdn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 00:19:57 UTC	654	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 00:19:57 GMT Content-Type: image/svg+xml Content-Length: 7267 Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1081 CDN-PullZone: 390 CDN-Uid: 51eb4203-ff94-48c6-99a5-954f277b91de CDN-RequestCountryCode: US Cache-Control: public, max-age=2592000 ETag: "0a1af20e05ddb1:0" Last-Modified: Fri, 03 Jan 2025 13:05:14 GMT Backend: 1 CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 01/06/2025 12:28:38 CDN-EdgeStorageId: 1082 CDN-Status: 200 CDN-RequestTime: 1 CDN-RequestId: 281777cb242ca034cd0b8347e5d38c36 CDN-Cache: HIT Accept-Ranges: bytes
2025-01-15 00:19:57 UTC	7267	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 73 76 67 20 77 69 64 74 68 3d 22 32 38 38 30 70 78 22 20 68 65 69 67 68 74 3d 22 31 34 32 34 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 38 38 30 20 31 34 32 34 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 3e 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 65 6e 65 72 61 74 6f 72 3a 20 53 6b 65 74 63 68 20 35 32 2e 35 20 28 36 37 34 36 39 29 20 2d 20 68 74 74 70 3a 2f 2f 77 77 77 2e 62 6f 68 65 6d 69 61 6e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><svg width="2880px" height="1424px" viewBox="0 0 2880 1424" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> ... Generator: Sketch 52.5 (67469) - http://www.bohemian

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49841	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:20:09 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 67 75 39 66 48 77 2f 57 4c 30 71 61 50 73 2b 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 30 31 31 37 37 31 32 35 39 32 65 33 39 31 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: gu9fHw/WL0qaPs+T.1Context: 20117712592e3912
2025-01-15 00:20:09 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:20:09 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 67 75 39 66 48 77 2f 57 4c 30 71 61 50 73 2b 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 30 31 31 37 37 31 32 35 39 32 65 33 39 31 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 71 36 79 4e 46 74 59 55 66 68 45 31 65 68 31 61 77 2f 4a 71 75 7a 6f 35 73 62 76 44 30 54 42 35 51 71 59 44 6a 2f 52 4a 6d 4d 36 4e 37 53 32 6f 33 35 48 61 51 6a 79 79 70 4d 62 78 54 74 6b 79 2b 58 6a 42 6e 46 47 53 2f 68 49 48 55 75 6f 66 51 6c 6e 53 7a 77 6d 5a 41 4f 31 33 67 75 6d 78 35 37 39 4c 41 37 39 34 70 59 35 74 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: gu9fHw/WL0qaPs+T.2Context: 20117712592e3912<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfq6yNFtYUfhE1eh1aw/Jquzo5sbvD0TB5QqYDj/RJmM6N7S2o35HaQjyypMbxTtky+XjBnFGS/hIHUuofQlnSzwmZAO13gumx579LA794pY5t
2025-01-15 00:20:09 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 67 75 39 66 48 77 2f 57 4c 30 71 61 50 73 2b 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 30 31 31 37 37 31 32 35 39 32 65 33 39 31 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: gu9fHw/WL0qaPs+T.3Context: 20117712592e3912<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:20:09 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:20:09 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 45 6d 42 50 77 56 2f 2f 55 32 63 5a 4d 51 55 50 42 76 73 6f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: bEmBPwV//U2cZMQUPBvsoA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	63118	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:20:29 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 79 54 73 71 70 6a 67 52 45 57 34 4d 59 30 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 35 39 61 61 38 63 33 65 36 64 34 66 63 61 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 2yTsqpjgREW4MY02.1Context: c59aa8c3e6d4fca6
2025-01-15 00:20:29 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:20:29 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 32 79 54 73 71 70 6a 67 52 45 57 34 4d 59 30 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 35 39 61 61 38 63 33 65 36 64 34 66 63 61 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 71 36 79 4e 46 74 59 55 66 68 45 31 65 68 31 61 77 2f 4a 71 75 7a 6f 35 73 62 76 44 30 54 42 35 51 71 59 44 6a 2f 52 4a 6d 4d 36 4e 37 53 32 6f 33 35 48 61 51 6a 79 79 70 4d 62 78 54 74 6b 79 2b 58 6a 42 6e 46 47 53 2f 68 49 48 55 75 6f 66 51 6c 6e 53 7a 77 6d 5a 41 4f 31 33 67 75 6d 78 35 37 39 4c 41 37 39 34 70 59 35 74 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 2yTsqpjgREW4MY02.2Context: c59aa8c3e6d4fca6<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfq6yNFtYUfhE1eh1aw/Jquzo5sbvD0TB5QqYDj/RJmM6N7S2o35HaQjyypMbxTtky+XjBnFGS/hIHUuofQlnSzwmZAO13gumx579LA794pY5t
2025-01-15 00:20:29 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 32 79 54 73 71 70 6a 67 52 45 57 34 4d 59 30 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 35 39 61 61 38 63 33 65 36 64 34 66 63 61 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 2yTsqpjgREW4MY02.3Context: c59aa8c3e6d4fca6<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:20:30 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:20:30 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 2b 49 64 36 4e 56 59 38 35 45 2b 43 49 79 72 6a 46 7a 2f 32 4a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: +Id6NVY85E+CIyrjFz/2JA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	63167	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-15 00:20:57 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 61 5a 67 33 63 67 48 63 55 2b 68 6e 79 38 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 39 38 35 64 31 65 39 64 61 30 34 64 64 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 5aZg3cgHcU+hny8b.1Context: 58985d1e9da04dda
2025-01-15 00:20:57 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-15 00:20:57 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 61 5a 67 33 63 67 48 63 55 2b 68 6e 79 38 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 39 38 35 64 31 65 39 64 61 30 34 64 64 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 71 36 79 4e 46 74 59 55 66 68 45 31 65 68 31 61 77 2f 4a 71 75 7a 6f 35 73 62 76 44 30 54 42 35 51 71 59 44 6a 2f 52 4a 6d 4d 36 4e 37 53 32 6f 33 35 48 61 51 6a 79 79 70 4d 62 78 54 74 6b 79 2b 58 6a 42 6e 46 47 53 2f 68 49 48 55 75 6f 66 51 6c 6e 53 7a 77 6d 5a 41 4f 31 33 67 75 6d 78 35 37 39 4c 41 37 39 34 70 59 35 74 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 5aZg3cgHcU+hny8b.2Context: 58985d1e9da04dda<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfq6yNFtYUfhE1eh1aw/Jquzo5sbvD0TB5QqYDj/RJmM6N7S2o35HaQjyypMbxTtky+XjBnFGS/hIHUuofQlnSzwmZAO13gumx579LA794pY5t
2025-01-15 00:20:57 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 35 61 5a 67 33 63 67 48 63 55 2b 68 6e 79 38 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 39 38 35 64 31 65 39 64 61 30 34 64 64 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 5aZg3cgHcU+hny8b.3Context: 58985d1e9da04dda<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-15 00:20:57 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-15 00:20:57 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 39 31 6a 63 71 61 54 6e 54 30 32 5a 74 69 36 76 44 76 56 79 6d 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 91jcqaTnT02Zti6vDvVymQ.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2688, Parent PID: 1012

General

Target ID:	1
Start time:	19:19:43
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6704, Parent PID: 2688

General

Target ID:	3
Start time:	19:19:44
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2680 --field-trial-handle=2396,i,1547266261387973456,15779412877395964346,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6260, Parent PID: 1012

General

Target ID:	4
Start time:	19:19:52
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2688, Parent PID: 1012

Windows Analysis Report
http://iuyhrgjyujliyhgdhtyhuggdchrtgfdhfhtjh.b-cdn.net/