Edit tour

Windows Analysis Report
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/

Overview

General Information

Sample URL:	https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/
Analysis ID:	1591886
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected non-DNS traffic on DNS port

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2012,i,4056487226617403426,4358257475477362112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/

Avira URL Cloud: detection malicious, Label: phishing

Source: global traffic	TCP traffic: 192.168.2.5:49758 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:53539 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: pub-2d00d32ff6d84ef6999828eaf509b772.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=d.MjyeBQAR_2ToVpwgo85A1IrLwOI9qF99GW9RcRZFY-1736950972-1.0.1.1-jVusjLGyiN2A3pIdyVHCz_bPF4TVABKYWCoGI7MPwaWaoqG6QnYL4eIsGZTZFzeE5HsqPQsMWfKM1vdVw38PWGK1hEpf2uZUxBGHw5OlOKY

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev
Source: global traffic	DNS traffic detected: DNS query: www.cloudflare.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:22:51 GMTContent-Type: text/htmlContent-Length: 27150Connection: closeServer: cloudflareCF-RAY: 902685345a93238a-EWR

Source: chromecache_61.2.dr	String found in binary or memory: https://developers.cloudflare.com/r2/data-access/public-buckets/
Source: chromecache_61.2.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53656
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 53656 -> 443

Source: classification engine

Classification label: mal48.win@16/11@8/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2012,i,4056487226617403426,4358257475477362112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2012,i,4056487226617403426,4358257475477362112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	172.66.0.235	true	false	unknown
www.cloudflare.com	104.16.123.96	true	false	high
www.google.com	142.250.186.100	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/favicon.ico	false		high
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://developers.cloudflare.com/r2/data-access/public-buckets/	chromecache_61.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
172.66.0.235	pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	United States	13335	CLOUDFLARENETUS	false
104.16.123.96	www.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591886
Start date and time:	2025-01-15 15:21:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/11@8/5

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 172.217.16.206, 108.177.15.84, 172.217.18.14, 216.58.206.46, 172.217.23.110, 199.232.214.172, 2.23.77.188, 142.250.185.142, 216.58.206.78, 142.250.186.46, 142.250.185.238, 142.250.184.206, 142.250.186.78, 142.250.186.35, 184.28.90.27, 172.202.163.200, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true, "reasoning": "This appears to be a Cloudflare R2 storage URL with .dev TLD. While .dev is a legitimate TLD, it's less common. The subdomain contains a long hexadecimal string which is typical for cloud storage services but could be flagged as suspicious due to its length." }
URL: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev
URL: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/ Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 13:22:46 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9754056638953874
Encrypted:	false
SSDEEP:	48:8DMdhTJpEHeOidAKZdA19ehwiZUklqeh9y+3:82PbEey
MD5:	52A69094AA62EED34878EAB697D80DE1
SHA1:	D42EC7F4C9CBC2DF39004C01CF7F260F91E88C86
SHA-256:	11CC2B9FAE84562C6DA04C801A197DFCAFF55E2AA1272FFF87ADDE5FBF4ED214
SHA-512:	2EF45103F17280301A2B6FA20472C1FF08506134F3469A49B7CA233BFA0A2DB3B3626FF53E960545971450783E525D80E0E65217F67E5ED8CF2231F970B9DA94
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....@..Xg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I/Z.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/Z.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/Z.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/Z.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/Z.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 13:22:46 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9907232936331005
Encrypted:	false
SSDEEP:	48:8xMdhTJpEHeOidAKZdA1weh/iZUkAQkqehOy+2:8wPb29Qry
MD5:	E6031C19B5539054D27AE7F5605D70C9
SHA1:	73EAA46CCBDBA190DA229DCEE96E21F3EB4C5772
SHA-256:	E4C7BB8AE74ED17CF742FB68DACA387E424C2ADF2E977CA449A9899CD90B2E1E
SHA-512:	25F1C952DCAB5DDA564762BE3DD57ED320483BC9E68A2ABA5B78AFBACE64BB68B4B9BF6F49C3EBC25A51958045A1F29C55E8572A8A7B53B1E2DE920F0685E642
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......Xg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I/Z.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/Z.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/Z.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/Z.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/Z.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.00325945080487
Encrypted:	false
SSDEEP:	48:8xtMdhTJpsHeOidAKZdA14tseh7sFiZUkmgqeh7ssy+BX:8xEPz+nKy
MD5:	7FD28E65004332AAB0DE57A2857F1240
SHA1:	9E40F43329F55283CEADD7916BB47B49CC9AA7F8
SHA-256:	AA95D23E638800B6721D3BD2FB973DD116A2D62834BF2A09C198A77F487D6E63
SHA-512:	FC7F9E5462C00107FF0EE0976C847E66CF6E3D7118385088268038271CF21BF31F1B61A0026017C4FAF7371512A31D93DAACFEC2F0588861980FDE4A2C826E40
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I/Z.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/Z.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/Z.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/Z.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 13:22:46 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.990546745419176
Encrypted:	false
SSDEEP:	48:8aMdhTJpEHeOidAKZdA1vehDiZUkwqehiy+R:8bPbdky
MD5:	A71CE57B389B496944EFB97F61365CFC
SHA1:	411B45629FBEAC655710BA1D69A3180A97C608B4
SHA-256:	D8120ABEE8E434B998409957961745C0E1EF6ADC1C38F20E6307DF115AF99F85
SHA-512:	FF946F4E43EC7B41562FFE4FE1215977D56C329F4FA56054AA6D604D3F88F1E11CDE654EC82F710A039FA883765D073605DAEED5B38A0B2C9DBB3A75CB6A72E4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......Xg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I/Z.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/Z.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/Z.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/Z.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/Z.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 13:22:46 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.979398231457859
Encrypted:	false
SSDEEP:	48:8VMdhTJpEHeOidAKZdA1hehBiZUk1W1qehYy+C:8MPb994y
MD5:	C96FD234FD630BB9E4495911AC115CB3
SHA1:	69D8BEE618A54BA7A82A2C47AF63DA89ACDC6F54
SHA-256:	0B076A0FBB5D16242EC7CDFE6360F7B362FDFB35A3EF766073CCD27E5C304A31
SHA-512:	65872CFA37DE29C18518A5F720733A4DDD0A00CF5E2264DDEE8A7E03B34CE815E1EE9BE116439141CB3897ED3D3941DDECB0E45CBFD84EBD99F4FB4C39FE3ACF
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........Xg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I/Z.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/Z.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/Z.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/Z.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/Z.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 13:22:46 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9912391873810154
Encrypted:	false
SSDEEP:	48:8WMdhTJpEHeOidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbKy+yT+:8fPbBT/TbxWOvTbKy7T
MD5:	F4477DB0A3397DFB1C74BB632DCC598E
SHA1:	5D3B35E28046D774E6EBDD9F4DB5123CDFDD88DD
SHA-256:	250ACBB78B1E0D6CAA40D1093C2ABBC955248587B182A825A732757309CC0274
SHA-512:	E23D2773C3CDFCB879CF1127ADCEFD82C74FB5D6B0D864B178154644A1099B5A907D2DA5BF9CEAF55B2AF9C3A1DA6A8BF817F6A58E580B6107629FFE3E40CC67
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......Xg..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I/Z.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/Z.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V/Z.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V/Z.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V/Z.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.\|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2485
Entropy (8bit):	7.876592005079966
Encrypted:	false
SSDEEP:	48:v/xwXiYbH0Y39tgMknRXn+wq4C/l8ppeOsiPZzY4Jz4hMgzSJun4NNNNNNN5:HcVIY39tgMkRX+wq4mifNvPpYSqnK
MD5:	112AD5F84433E5F46D607F73FB64BD60
SHA1:	A8BF11F3F6099CA49D1CBF73C050EB7E6FBC68B4
SHA-256:	0F84307AD691800E391FCCB42B4BA290A87FEBF001ABEDFBE03B34767D45E441
SHA-512:	A0FDDEC2CECC71AA2FE16EB01AA541051A5FD1B9F0FEAB18413007186826E81C2E582EC7F48F7242FA4142E7BB0105B29D1F11F1062F96D255F743050C97B65C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...`...`......w8....pHYs..........+.....gIDATx^...TU..._..\|_..!.....R....(S...@....A.Si.Y~....#.3E.4.9EJ..h..5....4#D...{o...{.....GO.........y......{....B.x.... ..... ..... ..... ..... ..... ..... ..... ..... ....%.t.&.....P.M...E.vB.G......,..e..3.-....;.Z.uD.....Df;?,t.....K.Q...G..?J...../.R..I.S......T..O$.`=o...#.#...r.[..cG.o{>..t.`...z..A.h..<._]..`k.j....o.n..G.5Y...Q#.e..yx!..c..IM....tz.3.K..O....Z7.E..A.:..K..mY#...J...".."ZS.H..v.b.....%.".....U....".\|.K.....'.v.........y....+cZ.4U..H...Na..w.3.J....\.....J..._.....?.LW.ZI.........l[8....{.r..].....g..N..o..Y....s.. d.O...b.N..fx.s.............a....8........,.R..U.\...S5M.D.....k....x.....K....l..J./.M.v....[h...y......u......{'t..i]+.)yX..`...w.q...+.]Z?."_.S.+EY..\>ct@3.....$N.F."+.z.x..v....~...~w%..}..W_s.X=...x....Y...AR..8R._.V.)qp.:...~-.-6.\|_.3..x..U.h....S^}.\9#S.K....\|.J...:..\|.R..y.!.+..o.~.......F......M.._ ......w...%. ...g.u72.....(.4..9.

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2485
Entropy (8bit):	7.876592005079966
Encrypted:	false
SSDEEP:	48:v/xwXiYbH0Y39tgMknRXn+wq4C/l8ppeOsiPZzY4Jz4hMgzSJun4NNNNNNN5:HcVIY39tgMkRX+wq4mifNvPpYSqnK
MD5:	112AD5F84433E5F46D607F73FB64BD60
SHA1:	A8BF11F3F6099CA49D1CBF73C050EB7E6FBC68B4
SHA-256:	0F84307AD691800E391FCCB42B4BA290A87FEBF001ABEDFBE03B34767D45E441
SHA-512:	A0FDDEC2CECC71AA2FE16EB01AA541051A5FD1B9F0FEAB18413007186826E81C2E582EC7F48F7242FA4142E7BB0105B29D1F11F1062F96D255F743050C97B65C
Malicious:	false
Reputation:	low
URL:	https://www.cloudflare.com/favicon.ico
Preview:	.PNG........IHDR...`...`......w8....pHYs..........+.....gIDATx^...TU..._..\|_..!.....R....(S...@....A.Si.Y~....#.3E.4.9EJ..h..5....4#D...{o...{.....GO.........y......{....B.x.... ..... ..... ..... ..... ..... ..... ..... ..... ....%.t.&.....P.M...E.vB.G......,..e..3.-....;.Z.uD.....Df;?,t.....K.Q...G..?J...../.R..I.S......T..O$.`=o...#.#...r.[..cG.o{>..t.`...z..A.h..<._]..`k.j....o.n..G.5Y...Q#.e..yx!..c..IM....tz.3.K..O....Z7.E..A.:..K..mY#...J...".."ZS.H..v.b.....%.".....U....".\|.K.....'.v.........y....+cZ.4U..H...Na..w.3.J....\.....J..._.....?.LW.ZI.........l[8....{.r..].....g..N..o..Y....s.. d.O...b.N..fx.s.............a....8........,.R..U.\...S5M.D.....k....x.....K....l..J./.M.v....[h...y......u......{'t..i]+.)yX..`...w.q...+.]Z?."_.S.+EY..\>ct@3.....$N.F."+.z.x..v....~...~w%..}..W_s.X=...x....Y...AR..8R._.V.)qp.:...~-.-6.\|_.3..x..U.h....S^}.\9#S.K....\|.J...:..\|.R..y.!.+..o.~.......F......M.._ ......w...%. ...g.u72.....(.4..9.

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (611)
Category:	downloaded
Size (bytes):	27150
Entropy (8bit):	4.357340680151037
Encrypted:	false
SSDEEP:	384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3
MD5:	46DD133EE00DC1BAE5E4EEBA7B88432F
SHA1:	8AF86A4AC91CE48C062216FB94A6E1D57618A19B
SHA-256:	9EB52EE46C7AB5EA4CA0982415DA99FDED1B7D7354F75E50847BDAE6CB44EB66
SHA-512:	CB49F9E3812E2C262AF374E79BD8905CB508A45BF2C2D6AF62EED85AF43770872486A55E9425882FEDA9FB3A57A317A3C18BE1E286ADAF0C76BE7F1B0DFA8474
Malicious:	false
Reputation:	low
URL:	https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 15:22:35.013514996 CET	49674	443	192.168.2.5	23.1.237.91
Jan 15, 2025 15:22:35.013540983 CET	49675	443	192.168.2.5	23.1.237.91
Jan 15, 2025 15:22:35.122837067 CET	49673	443	192.168.2.5	23.1.237.91
Jan 15, 2025 15:22:44.622833014 CET	49675	443	192.168.2.5	23.1.237.91
Jan 15, 2025 15:22:44.622917891 CET	49674	443	192.168.2.5	23.1.237.91
Jan 15, 2025 15:22:44.732846975 CET	49673	443	192.168.2.5	23.1.237.91
Jan 15, 2025 15:22:46.366689920 CET	443	49703	23.1.237.91	192.168.2.5
Jan 15, 2025 15:22:46.366790056 CET	49703	443	192.168.2.5	23.1.237.91
Jan 15, 2025 15:22:49.442636967 CET	49712	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:22:49.442665100 CET	443	49712	142.250.186.100	192.168.2.5
Jan 15, 2025 15:22:49.442874908 CET	49712	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:22:49.443166971 CET	49712	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:22:49.443176031 CET	443	49712	142.250.186.100	192.168.2.5
Jan 15, 2025 15:22:50.107737064 CET	443	49712	142.250.186.100	192.168.2.5
Jan 15, 2025 15:22:50.108160019 CET	49712	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:22:50.108190060 CET	443	49712	142.250.186.100	192.168.2.5
Jan 15, 2025 15:22:50.109247923 CET	443	49712	142.250.186.100	192.168.2.5
Jan 15, 2025 15:22:50.109329939 CET	49712	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:22:50.110605001 CET	49712	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:22:50.110686064 CET	443	49712	142.250.186.100	192.168.2.5
Jan 15, 2025 15:22:50.151612997 CET	49712	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:22:50.151623964 CET	443	49712	142.250.186.100	192.168.2.5
Jan 15, 2025 15:22:50.198489904 CET	49712	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:22:50.928448915 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:50.928519964 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:50.928668976 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:50.928698063 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:50.928738117 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:50.928813934 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:50.929164886 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:50.929182053 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:50.929328918 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:50.929351091 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.410353899 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.417154074 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.467168093 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.467180014 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.517653942 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.517688990 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.517930031 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.517971039 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.518976927 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.519087076 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.519232035 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.519251108 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.519308090 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.525486946 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.525588036 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.525773048 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.525966883 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.526760101 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.526773930 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.575479984 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.575552940 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.575624943 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.624074936 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.733755112 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.733813047 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.733845949 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.733901978 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.733930111 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.733975887 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.734013081 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.734024048 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.734030008 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.734055042 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.734098911 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.734303951 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.734309912 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.734416962 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.734467030 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.734472036 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.786881924 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.786910057 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.825992107 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.826025963 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.826061010 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.826189041 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.826189041 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.826217890 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.826337099 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.826379061 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.826384068 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.826390028 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.826430082 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.826863050 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.826968908 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.827030897 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.828679085 CET	49714	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:22:51.828696012 CET	443	49714	172.66.0.235	192.168.2.5
Jan 15, 2025 15:22:51.866940022 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:51.866981030 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:51.867398977 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:51.868005037 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:51.868026972 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.336527109 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.336893082 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.336919069 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.337955952 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.338027000 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.340800047 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.340863943 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.341267109 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.341272116 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.384676933 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.494062901 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.494116068 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.494178057 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.494205952 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.494219065 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.494340897 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.503669977 CET	49717	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.503685951 CET	443	49717	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.537777901 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.537838936 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:52.537909985 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.538959026 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:52.538990974 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:53.018698931 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:53.019155025 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:53.019238949 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:53.020240068 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:53.020313978 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:53.020843983 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:53.020922899 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:53.021029949 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:53.061604023 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:53.061635971 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:53.103518963 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:53.183484077 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:53.183532953 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:53.183635950 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:53.183696032 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:53.185322046 CET	49718	443	192.168.2.5	104.16.123.96
Jan 15, 2025 15:22:53.185352087 CET	443	49718	104.16.123.96	192.168.2.5
Jan 15, 2025 15:22:59.999172926 CET	443	49712	142.250.186.100	192.168.2.5
Jan 15, 2025 15:22:59.999227047 CET	443	49712	142.250.186.100	192.168.2.5
Jan 15, 2025 15:22:59.999435902 CET	49712	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:23:01.527080059 CET	49712	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:23:01.527097940 CET	443	49712	142.250.186.100	192.168.2.5
Jan 15, 2025 15:23:03.318510056 CET	49758	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:23:03.324327946 CET	53	49758	1.1.1.1	192.168.2.5
Jan 15, 2025 15:23:03.324385881 CET	49758	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:23:03.325563908 CET	49758	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:23:03.325644016 CET	49758	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:23:03.330354929 CET	53	49758	1.1.1.1	192.168.2.5
Jan 15, 2025 15:23:03.330382109 CET	53	49758	1.1.1.1	192.168.2.5
Jan 15, 2025 15:23:03.770320892 CET	53	49758	1.1.1.1	192.168.2.5
Jan 15, 2025 15:23:03.770575047 CET	49758	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:23:03.775760889 CET	53	49758	1.1.1.1	192.168.2.5
Jan 15, 2025 15:23:03.776029110 CET	49758	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:23:06.315517902 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:23:06.315681934 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:23:06.315767050 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:23:07.516515970 CET	49715	443	192.168.2.5	172.66.0.235
Jan 15, 2025 15:23:07.516556978 CET	443	49715	172.66.0.235	192.168.2.5
Jan 15, 2025 15:23:23.432043076 CET	53539	53	192.168.2.5	162.159.36.2
Jan 15, 2025 15:23:23.436819077 CET	53	53539	162.159.36.2	192.168.2.5
Jan 15, 2025 15:23:23.436901093 CET	53539	53	192.168.2.5	162.159.36.2
Jan 15, 2025 15:23:23.442645073 CET	53	53539	162.159.36.2	192.168.2.5
Jan 15, 2025 15:23:23.881922007 CET	53539	53	192.168.2.5	162.159.36.2
Jan 15, 2025 15:23:23.887208939 CET	53	53539	162.159.36.2	192.168.2.5
Jan 15, 2025 15:23:23.887289047 CET	53539	53	192.168.2.5	162.159.36.2
Jan 15, 2025 15:23:49.498253107 CET	53656	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:23:49.498301029 CET	443	53656	142.250.186.100	192.168.2.5
Jan 15, 2025 15:23:49.498372078 CET	53656	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:23:49.498914003 CET	53656	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:23:49.498927116 CET	443	53656	142.250.186.100	192.168.2.5
Jan 15, 2025 15:23:50.344974041 CET	443	53656	142.250.186.100	192.168.2.5
Jan 15, 2025 15:23:50.346072912 CET	53656	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:23:50.346095085 CET	443	53656	142.250.186.100	192.168.2.5
Jan 15, 2025 15:23:50.347182989 CET	443	53656	142.250.186.100	192.168.2.5
Jan 15, 2025 15:23:50.347870111 CET	53656	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:23:50.348051071 CET	443	53656	142.250.186.100	192.168.2.5
Jan 15, 2025 15:23:50.391952991 CET	53656	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:24:00.274977922 CET	443	53656	142.250.186.100	192.168.2.5
Jan 15, 2025 15:24:00.275057077 CET	443	53656	142.250.186.100	192.168.2.5
Jan 15, 2025 15:24:00.275105000 CET	53656	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:24:01.530050993 CET	53656	443	192.168.2.5	142.250.186.100
Jan 15, 2025 15:24:01.530080080 CET	443	53656	142.250.186.100	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 15:22:45.041045904 CET	53	52696	1.1.1.1	192.168.2.5
Jan 15, 2025 15:22:45.140090942 CET	53	55925	1.1.1.1	192.168.2.5
Jan 15, 2025 15:22:46.143798113 CET	53	52412	1.1.1.1	192.168.2.5
Jan 15, 2025 15:22:49.434402943 CET	63323	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:22:49.434612989 CET	54740	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:22:49.441071987 CET	53	63323	1.1.1.1	192.168.2.5
Jan 15, 2025 15:22:49.441394091 CET	53	54740	1.1.1.1	192.168.2.5
Jan 15, 2025 15:22:50.908370972 CET	51365	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:22:50.908737898 CET	53988	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:22:50.918001890 CET	53	51365	1.1.1.1	192.168.2.5
Jan 15, 2025 15:22:50.918282032 CET	53	53988	1.1.1.1	192.168.2.5
Jan 15, 2025 15:22:51.857758045 CET	58780	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:22:51.858346939 CET	51388	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:22:51.864574909 CET	53	58780	1.1.1.1	192.168.2.5
Jan 15, 2025 15:22:51.865591049 CET	53	51388	1.1.1.1	192.168.2.5
Jan 15, 2025 15:22:52.523988008 CET	52929	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:22:52.524555922 CET	60382	53	192.168.2.5	1.1.1.1
Jan 15, 2025 15:22:52.530860901 CET	53	52929	1.1.1.1	192.168.2.5
Jan 15, 2025 15:22:52.532269001 CET	53	60382	1.1.1.1	192.168.2.5
Jan 15, 2025 15:23:03.317995071 CET	53	53878	1.1.1.1	192.168.2.5
Jan 15, 2025 15:23:22.431531906 CET	53	64065	1.1.1.1	192.168.2.5
Jan 15, 2025 15:23:23.430757999 CET	53	57847	162.159.36.2	192.168.2.5
Jan 15, 2025 15:23:23.907640934 CET	53	63879	1.1.1.1	192.168.2.5
Jan 15, 2025 15:23:44.822300911 CET	53	63172	1.1.1.1	192.168.2.5
Jan 15, 2025 15:23:45.244884968 CET	53	60824	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 15, 2025 15:22:49.434402943 CET	192.168.2.5	1.1.1.1	0xccc7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:49.434612989 CET	192.168.2.5	1.1.1.1	0x7f8c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 15, 2025 15:22:50.908370972 CET	192.168.2.5	1.1.1.1	0x3469	Standard query (0)	pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:50.908737898 CET	192.168.2.5	1.1.1.1	0x746d	Standard query (0)	pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	65	IN (0x0001)	false
Jan 15, 2025 15:22:51.857758045 CET	192.168.2.5	1.1.1.1	0x1319	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:51.858346939 CET	192.168.2.5	1.1.1.1	0x9b0e	Standard query (0)	www.cloudflare.com	65	IN (0x0001)	false
Jan 15, 2025 15:22:52.523988008 CET	192.168.2.5	1.1.1.1	0xef05	Standard query (0)	www.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:52.524555922 CET	192.168.2.5	1.1.1.1	0x689c	Standard query (0)	www.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 15:22:49.441071987 CET	1.1.1.1	192.168.2.5	0xccc7	No error (0)	www.google.com	142.250.186.100	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:49.441394091 CET	1.1.1.1	192.168.2.5	0x7f8c	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 15, 2025 15:22:50.918001890 CET	1.1.1.1	192.168.2.5	0x3469	No error (0)	pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	172.66.0.235	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:50.918001890 CET	1.1.1.1	192.168.2.5	0x3469	No error (0)	pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	162.159.140.237	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:51.864574909 CET	1.1.1.1	192.168.2.5	0x1319	No error (0)	www.cloudflare.com	104.16.123.96	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:51.864574909 CET	1.1.1.1	192.168.2.5	0x1319	No error (0)	www.cloudflare.com	104.16.124.96	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:51.865591049 CET	1.1.1.1	192.168.2.5	0x9b0e	No error (0)	www.cloudflare.com		65	IN (0x0001)	false
Jan 15, 2025 15:22:52.530860901 CET	1.1.1.1	192.168.2.5	0xef05	No error (0)	www.cloudflare.com	104.16.123.96	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:52.530860901 CET	1.1.1.1	192.168.2.5	0xef05	No error (0)	www.cloudflare.com	104.16.124.96	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:22:52.532269001 CET	1.1.1.1	192.168.2.5	0x689c	No error (0)	www.cloudflare.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev

https:

www.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49714	172.66.0.235	443	2428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:22:51 UTC	686	OUT	GET / HTTP/1.1 Host: pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 14:22:51 UTC	180	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:22:51 GMT Content-Type: text/html Content-Length: 27150 Connection: close Server: cloudflare CF-RAY: 902685345a93238a-EWR
2025-01-15 14:22:51 UTC	1189	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
2025-01-15 14:22:51 UTC	1369	IN	Data Raw: 32 20 7b 0a 20 20 20 20 20 20 20 20 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 25 2c 0a 20 20 20 20 20 20 20 20 35 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 35 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 36 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20 Data Ascii: 2 { 0% { transform: translateX(0); } 10%, 50% { transform: translateX(5px); } 60% { transform: translateX(0); } 100% { transform: translateX(0px);
2025-01-15 14:22:51 UTC	1369	IN	Data Raw: 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4c 65 61 72 6e 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 72 32 2f 64 61 74 61 2d 61 63 63 65 73 73 2f 70 75 62 6c 69 63 2d 62 75 63 6b 65 74 73 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 50 75 62 6c 69 63 20 41 63 63 65 73 73 3c 2f 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 3c 73 65 63 74 Data Ascii: p> <p> Learn how to enable <a href="https://developers.cloudflare.com/r2/data-access/public-buckets/" >Public Access</a > </p> </div> </section> <sect
2025-01-15 14:22:51 UTC	1369	IN	Data Raw: 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 43 31 32 31 2e 30 35 33 20 31 33 2e 32 37 37 20 31 31 38 2e 32 30 34 20 31 30 2e 34 32 38 38 20 31 31 38 2e 32 30 34 20 36 2e 39 31 35 33 34 43 31 31 38 2e 32 30 34 20 33 2e 34 30 31 39 31 20 31 32 31 2e 30 35 33 20 30 2e 35 35 33 37 31 31 20 31 32 34 2e 35 36 36 20 30 2e 35 35 33 37 31 31 43 31 32 38 2e 30 38 20 30 2e 35 35 33 37 31 31 20 31 33 30 2e 39 32 38 20 33 2e 34 30 31 39 31 20 31 33 30 2e 39 32 38 20 36 2e 39 31 35 33 34 43 31 33 30 2e 39 32 38 20 31 30 2e 34 32 38 38 20 31 32 38 2e 30 38 20 31 33 2e 32 37 37 20 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 Data Ascii: <path d="M124.566 13.277C121.053 13.277 118.204 10.4288 118.204 6.91534C118.204 3.40191 121.053 0.553711 124.566 0.553711C128.08 0.553711 130.928 3.40191 130.928 6.91534C130.928 10.4288 128.08 13.277 124.566 13.277Z" fill="#0055DC
2025-01-15 14:22:51 UTC	1369	IN	Data Raw: 33 30 34 20 39 39 2e 36 31 34 39 43 37 33 2e 31 38 38 38 20 31 30 30 2e 38 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 48 37 35 2e 35 34 35 39 43 37 35 2e 35 34 35 39 20 31 30 38 2e 31 39 35 20 37 38 2e 33 33 35 33 20 39 35 2e 39 36 31 31 20 36 38 2e 36 38 36 38 20 39 34 2e 30 34 34 35 43 35 39 2e 30 33 38 34 20 39 32 2e 31 32 37 38 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 36 2e 31 37 36 20 31 31 31 2e 39 35 33 43 31 Data Ascii: 304 99.6149C73.1888 100.895 71.2559 108.195 71.2559 108.195H75.5459C75.5459 108.195 78.3353 95.9611 68.6868 94.0445C59.0384 92.1278 56.0777 105.406 56.0777 105.406Z" fill="#0055DC" /> <path d="M136.176 111.953C1
2025-01-15 14:22:51 UTC	1369	IN	Data Raw: 2e 39 34 31 20 31 32 31 2e 31 37 20 31 30 38 2e 34 30 37 43 31 32 30 2e 37 30 34 20 31 30 38 2e 38 37 32 20 31 32 30 2e 33 33 35 20 31 30 39 2e 34 32 35 20 31 32 30 2e 30 38 33 20 31 31 30 2e 30 33 34 43 31 31 39 2e 38 33 31 20 31 31 30 2e 36 34 32 20 31 31 39 2e 37 30 31 20 31 31 31 2e 32 39 35 20 31 31 39 2e 37 30 31 20 31 31 31 2e 39 35 33 56 31 31 31 2e 39 35 33 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 33 38 34 20 31 31 31 2e 39 35 33 43 31 30 33 2e 33 38 34 20 31 31 32 2e 36 31 32 20 31 30 33 2e 35 31 33 20 31 31 33 2e 32 36 34 20 31 30 33 2e 37 36 36 20 31 Data Ascii: .941 121.17 108.407C120.704 108.872 120.335 109.425 120.083 110.034C119.831 110.642 119.701 111.295 119.701 111.953V111.953Z" fill="#0055DC" /> <path d="M103.384 111.953C103.384 112.612 103.513 113.264 103.766 1
2025-01-15 14:22:51 UTC	1369	IN	Data Raw: 36 38 34 20 31 33 34 2e 39 39 35 20 33 31 2e 35 37 39 35 20 31 33 39 2e 37 39 32 20 33 31 2e 35 37 39 35 43 31 34 34 2e 35 38 39 20 33 31 2e 35 37 39 35 20 31 34 38 2e 34 37 38 20 33 35 2e 34 36 38 34 20 31 34 38 2e 34 37 38 20 34 30 2e 32 36 35 36 43 31 34 38 2e 34 37 38 20 34 35 2e 30 36 32 37 20 31 34 34 2e 35 38 39 20 34 38 2e 39 35 31 36 20 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 77 68 69 74 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 Data Ascii: 684 134.995 31.5795 139.792 31.5795C144.589 31.5795 148.478 35.4684 148.478 40.2656C148.478 45.0627 144.589 48.9516 139.792 48.9516Z" fill="white" stroke="#0055DC" stroke-width="2" stroke-miterlimit="10"
2025-01-15 14:22:51 UTC	1369	IN	Data Raw: 32 2e 34 39 32 31 20 31 31 35 2e 36 38 20 34 31 2e 34 32 31 36 20 31 31 35 2e 36 38 20 34 30 2e 33 30 35 35 43 31 31 35 2e 36 37 38 20 33 39 2e 31 39 30 37 20 31 31 35 2e 32 33 34 20 33 38 2e 31 32 32 34 20 31 31 34 2e 34 34 35 20 33 37 2e 33 33 34 39 43 31 31 33 2e 36 35 36 20 33 36 2e 35 34 37 34 20 31 31 32 2e 35 38 36 20 33 36 2e 31 30 35 32 20 31 31 31 2e 34 37 32 20 33 36 2e 31 30 35 32 43 31 31 30 2e 33 35 38 20 33 36 2e 31 30 37 33 20 31 30 39 2e 32 39 31 20 33 36 2e 35 35 30 36 20 31 30 38 2e 35 30 34 20 33 37 2e 33 33 37 38 43 31 30 37 2e 37 31 37 20 33 38 2e 31 32 35 20 31 30 37 2e 32 37 34 20 33 39 2e 31 39 32 31 20 31 30 37 2e 32 37 31 20 34 30 2e 33 30 35 35 56 34 30 2e 33 30 35 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d Data Ascii: 2.4921 115.68 41.4216 115.68 40.3055C115.678 39.1907 115.234 38.1224 114.445 37.3349C113.656 36.5474 112.586 36.1052 111.472 36.1052C110.358 36.1073 109.291 36.5506 108.504 37.3378C107.717 38.125 107.274 39.1921 107.271 40.3055V40.3055Z" fill=
2025-01-15 14:22:51 UTC	1369	IN	Data Raw: 34 34 20 31 33 33 2e 30 32 20 31 34 36 2e 36 31 31 20 31 33 37 2e 34 31 32 20 31 34 36 2e 36 31 31 20 31 34 32 2e 38 33 31 43 31 34 36 2e 36 31 31 20 31 34 38 2e 32 34 39 20 31 34 32 2e 33 34 34 20 31 35 32 2e 36 34 31 20 31 33 37 2e 30 38 31 20 31 35 32 2e 36 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 20 73 74 79 6c 65 3d 22 6d 69 78 2d 62 6c 65 6e 64 2d 6d 6f 64 65 3a 20 6d 75 6c 74 69 70 6c 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 30 37 34 20 31 34 32 2e 38 33 31 43 31 30 33 2e 30 Data Ascii: 44 133.02 146.611 137.412 146.611 142.831C146.611 148.249 142.344 152.641 137.081 152.641Z" fill="#C5EBF5" /> </g> <g style="mix-blend-mode: multiply"> <path d="M103.074 142.831C103.0
2025-01-15 14:22:51 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 37 35 2e 36 33 35 48 31 34 32 2e 31 37 37 56 37 39 2e 37 33 37 39 48 31 33 37 2e 30 38 37 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 37 35 2e 36 33 35 48 31 33 34 2e 39 33 34 56 37 39 2e 37 33 37 39 48 31 32 39 2e 38 35 32 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 Data Ascii: d="M137.087 75.635H142.177V79.7379H137.087V75.635Z" fill="#0055DC" /> <path d="M129.852 75.635H134.934V79.7379H129.852V75.635Z" fill="#0055DC" /> <path d="M137

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49717	104.16.123.96	443	2428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:22:52 UTC	616	OUT	GET /favicon.ico HTTP/1.1 Host: www.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 14:22:52 UTC	1215	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 14:22:52 GMT Content-Type: image/vnd.microsoft.icon Transfer-Encoding: chunked Connection: close ETag: W/"ffb25f3edc5c56acfdf7e7cdffcb217c" Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: geolocation=(), camera=(), microphone=() Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-GWW-LOC: EN-US X-PGS-LOC: EN-US X-XSS-Protection: 1; mode=block Set-Cookie: __cf_bm=d.MjyeBQAR_2ToVpwgo85A1IrLwOI9qF99GW9RcRZFY-1736950972-1.0.1.1-jVusjLGyiN2A3pIdyVHCz_bPF4TVABKYWCoGI7MPwaWaoqG6QnYL4eIsGZTZFzeE5HsqPQsMWfKM1vdVw38PWGK1hEpf2uZUxBGHw5OlOKY; path=/; expires=Wed, 15-Jan-25 14:52:52 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6tRbqfG1FWsGKcnCM4wYuBiuJUk7pgPrYbIJLk%2FOjcG1HePv%2ByN%2BmrY5v4Lj6AxC5TCjGOjH9%2BRm%2F69PKOy89y21SQ59GDvi%2BE%2FJ0pNTdjsYgkACHFyfR7ZwnJnkiLhWm%2F%2B5LQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90268539a9e278e7-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:22:52 UTC	154	IN	Data Raw: 39 62 35 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 60 00 00 00 60 08 06 00 00 00 e2 98 77 38 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 09 67 49 44 41 54 78 5e ed 9c 0d b0 54 55 1d c0 cf b9 5f fb fd 7c 5f fb f0 21 8f 8f 92 04 b3 52 9f cc 18 90 28 53 d6 a4 98 cd 40 84 f6 01 8a 41 08 53 69 8d 59 7e 94 d9 c8 a7 90 23 98 33 45 c1 34 a0 39 45 4a d9 d0 68 81 02 35 bd 1a 13 1a 34 23 44 94 07 cb 7b 6f df be dd bd bb 7b Data Ascii: 9b5PNGIHDR``w8pHYs+gIDATx^TU_\|_!R(S@ASiY~#3E49EJh54#D{o{
2025-01-15 14:22:52 UTC	1369	IN	Data Raw: bf ce bf ff b9 8f 47 4f e2 c1 dd bd bb fb f6 c9 d9 99 c3 79 bb f7 ff f9 fb 9f 7b f7 9e b3 e7 42 88 78 09 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 ef 25 02 74 a4 26 03 db be fc 01 12 50 e7 80 4d af 03 87 45 c1 76 42 d8 47 08 00 a5 12 b5 a9 2c eb 12 65 af 13 33 bf 2d d1 d3 b7 ed c2 a5 3b ec 5a cc 75 44 15 00 9e fe ec 44 66 3b 3f 2c 74 f5 ce 86 d4 11 ef b1 4b 0a 51 9a c7 fd 47 0e ca 3f 4a e5 d9 c6 f8 9d 2f ea b5 52 0c ef 49 0c 53 c4 f6 a6 1b a8 1c 54 97 e4 4f 24 1f 60 3d 6f b5 f8 0e 23 10 23 a1 d6 b6 a7 72 16 5b 1a bb 63 47 8f 6f 7b 3e 0d d4 74 01 60 d3 a7 a6 e6 7a d3 cf 41 ea 68 93 cf 3c ff 5f 5d 8b 90 60 6b Data Ascii: GOy{Bx %t&PMEvBG,e3-;ZuDDf;?,tKQG?J/RISTO$`=o##r[cGo{>t`zAh<_]`k
2025-01-15 14:22:52 UTC	969	IN	Data Raw: 2f e3 43 28 d3 f8 44 47 d6 c2 19 90 35 85 48 8a 84 bf 07 50 ec 79 c3 a5 15 ec 29 8e 05 49 06 6c 0c f7 97 33 22 61 c3 29 0d 06 88 0d 72 84 82 81 7d 9e 00 e1 b3 51 9b 52 52 e0 27 34 1e 37 b1 77 1b 05 30 70 7b 7a 9e 30 07 1b cb 13 db c9 11 c7 29 60 e3 9f e1 d2 00 a0 1c 58 04 58 ce 71 ec a3 39 cb dc 57 b7 f8 59 f7 36 b3 98 17 ec 5f de 4c 02 da 1c 62 1a 57 12 cb 88 61 0b f1 06 96 19 01 c7 0e 83 5d d0 c0 cc d4 b1 42 72 cc 90 76 83 8d 44 89 8c 55 4f 15 20 fd 68 fb 72 29 dd 7d 4f 31 81 78 96 55 83 44 ad 1b 17 d1 b3 85 7c e3 bd 2f 15 9d b0 67 3f 55 14 84 c3 8f 53 a2 48 2a 61 f8 1b 9f 8d 8f 1e 98 06 23 46 01 08 5f 20 33 74 1c 26 85 80 99 7c eb 38 ae 1b 0d b9 dd 46 1b 7d f9 0c b7 00 89 e5 57 7e 28 62 f4 ee c3 91 51 b1 14 a4 a6 f7 25 89 6d 75 e1 10 77 fa 47 37 e5 bb Data Ascii: /C(DG5HPy)Il3"a)r}QRR'47w0p{z0)`XXq9WY6_LbWa]BrvDUO hr)}O1xUD\|/g?USH*a#F_ 3t&\|8F}W~(bQ%muwG7
2025-01-15 14:22:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49718	104.16.123.96	443	2428	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:22:53 UTC	541	OUT	GET /favicon.ico HTTP/1.1 Host: www.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=d.MjyeBQAR_2ToVpwgo85A1IrLwOI9qF99GW9RcRZFY-1736950972-1.0.1.1-jVusjLGyiN2A3pIdyVHCz_bPF4TVABKYWCoGI7MPwaWaoqG6QnYL4eIsGZTZFzeE5HsqPQsMWfKM1vdVw38PWGK1hEpf2uZUxBGHw5OlOKY
2025-01-15 14:22:53 UTC	905	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 14:22:53 GMT Content-Type: image/vnd.microsoft.icon Transfer-Encoding: chunked Connection: close ETag: W/"ffb25f3edc5c56acfdf7e7cdffcb217c" Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: geolocation=(), camera=(), microphone=() Referrer-Policy: strict-origin-when-cross-origin X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-GWW-LOC: EN-US X-PGS-LOC: EN-US X-XSS-Protection: 1; mode=block Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DucCkllAf7GlnuxZfBEiHV8l2SQ8vHXiNBN4JOKOJKEZnxX8L3PSAHXRCiU%2FXlvaM1y7sFyD75GnBZG%2FDYJpZ4mPsxvT59pcTKztV%2FyrPEqLsDPqh6U7VnwqvPKbdLlWSkmv1Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9026853ddd900f5d-EWR alt-svc: h3=":443"; ma=86400
2025-01-15 14:22:53 UTC	464	IN	Data Raw: 39 62 35 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 60 00 00 00 60 08 06 00 00 00 e2 98 77 38 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 09 67 49 44 41 54 78 5e ed 9c 0d b0 54 55 1d c0 cf b9 5f fb fd 7c 5f fb f0 21 8f 8f 92 04 b3 52 9f cc 18 90 28 53 d6 a4 98 cd 40 84 f6 01 8a 41 08 53 69 8d 59 7e 94 d9 c8 a7 90 23 98 33 45 c1 34 a0 39 45 4a d9 d0 68 81 02 35 bd 1a 13 1a 34 23 44 94 07 cb 7b 6f df be dd bd bb 7b bf ce bf ff b9 8f 47 4f e2 c1 dd bd bb fb f6 c9 d9 99 c3 79 bb f7 ff f9 fb 9f 7b f7 9e b3 e7 42 88 78 09 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 ef 25 Data Ascii: 9b5PNGIHDR``w8pHYs+gIDATx^TU_\|_!R(S@ASiY~#3E49EJh54#D{o{GOy{Bx %
2025-01-15 14:22:53 UTC	1369	IN	Data Raw: 5a 37 ad 45 01 d6 41 fa 3a c7 fa 4b ad 08 6d 59 23 e1 89 ed 0f 4a 9f 7f ea a1 22 b4 ca 22 5a 53 05 48 ad 9d 76 b1 62 1b 07 88 de a5 96 25 bb 22 8d 84 2e 9b b1 55 9e bd f9 96 22 d5 7c 89 4b be b4 cb a8 8c f0 27 a8 76 e1 df c3 05 9f a7 92 ff e7 ae 79 ec d7 f3 1f 2b 63 5a e7 34 55 13 05 48 ac bc ba 4e 61 c6 ab a0 77 9f 33 e0 4a 0b e4 f6 ef 5c 06 bf fd ca fc 4a fb 19 b0 5f 13 05 88 06 95 3f 92 4c 57 ac 5a 49 9f d5 0f 00 d1 f7 ed fe 19 6c 5b 38 a9 1a f1 0c 7b 01 72 1b ae 5d 0c c9 b7 db ab 91 ac 67 1f a6 4e 0a 9d 6f be ec 59 de 87 e0 b0 16 a0 73 e5 d4 20 64 d3 4f f8 88 bf 62 aa 4e d7 c1 66 78 fa 73 df ad 98 83 93 86 87 b5 00 b1 00 dd 00 b9 61 9f 8c 0e c9 38 f7 f6 a1 87 cd 8d b3 82 95 2c 82 52 09 e3 89 55 d7 5c 1c 0d ca 53 35 4d 99 44 a8 14 b6 cc c2 6b 05 c3 de Data Ascii: Z7EA:KmY#J""ZSHvb%".U"\|K'vy+cZ4UHNaw3J\J_?LWZIl[8{r]gNoYs dObNfxsa8,RU\S5MDk
2025-01-15 14:22:53 UTC	659	IN	Data Raw: de f3 b3 83 30 13 cf 22 13 9d f7 d9 44 7a ed a2 fb 3b 4a 4a 18 fe 7e 6f 0b 91 c9 14 b4 3f 0e 0b d0 82 0f 86 c4 f1 2c 6b 61 96 5d 8f 0f 8a 34 82 a5 6b 2c 9f 6a a5 66 f6 ac bb ba b5 b1 1f de e8 16 a0 6f cd 15 db e5 4c f2 c6 8a d1 af 45 c3 78 0d 53 e3 6d 7b b1 52 37 45 ef dc 7d ce ad 19 f0 97 65 71 42 d9 0a 2b d9 77 0b 64 8f 06 ca 91 92 dc 3c f9 1d 9a 58 3d b5 35 a2 1f eb ac e4 e8 2f 47 b0 15 b3 11 ac 23 52 43 c3 47 c2 8b 5e da 37 94 0f d8 f9 85 2d 66 f7 b1 79 e5 66 44 63 e3 88 72 41 88 cd b1 b3 25 9d 89 15 63 52 55 c3 38 c1 64 7a 68 2f fa 8c 9e ee d7 f9 fd ec 7a 60 d6 ab 66 d7 d1 8a 6c 95 87 42 37 de 83 84 9a 96 54 35 e1 5a 74 96 4e 44 f4 1f 4f bf 74 70 68 6c fb 4d 4d 4e 21 73 d0 c9 a5 2b 02 df f5 65 e9 44 32 0a d6 25 b5 c8 a4 da 31 c9 14 4e dd 7e eb 5b 67 Data Ascii: 0"Dz;JJ~o?,ka]4k,jfoLExSm{R7E}eqB+wd<X=5/G#RCG^7-fyfDcrA%cRU8dzh/z`flB7T5ZtNDOtphlMMN!s+eD2%1N~[g
2025-01-15 14:22:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3012, Parent PID: 5828

General

Target ID:	0
Start time:	09:22:36
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2428, Parent PID: 3012

General

Target ID:	2
Start time:	09:22:43
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2012,i,4056487226617403426,4358257475477362112,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4984, Parent PID: 5828

General

Target ID:	3
Start time:	09:22:49
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3012, Parent PID: 5828

General

Chronological Activities

Analysis Process: chrome.exePID: 2428, Parent PID: 3012

General

Windows Analysis Report
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/