Edit tour

Windows Analysis Report
https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg

Overview

General Information

Sample URL:	https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg
Analysis ID:	1602300
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,9332338034156328529,9724105199883106818,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-29T17:32:19.690951+0100	2049038	1	A Network Trojan was detected	104.17.201.1	443	192.168.2.6	49752	TCP

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Source: https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg	HTTP Parser: No favicon
Source: https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49998 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 104.17.201.1:443 -> 192.168.2.6:49752

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg HTTP/1.1Host: res.cloudinary.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: res.cloudinary.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpgAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: res.cloudinary.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: res.cloudinary.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49998 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/4@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,9332338034156328529,9724105199883106818,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,9332338034156328529,9724105199883106818,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
resc.cloudinary.com.cdn.cloudflare.net	104.17.201.1	true	false	high
e1315.dsca.akamaiedge.net	23.219.148.49	true	false	high
www.google.com	142.250.185.228	true	false	high
res.cloudinary.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg	false		high
https://res.cloudinary.com/favicon.ico	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.219.148.49	e1315.dsca.akamaiedge.net	United States	22047	VTRBANDAANCHASACL	false
104.17.201.1	resc.cloudinary.com.cdn.cloudflare.net	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1602300
Start date and time:	2025-01-29 17:31:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/4@6/5

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 172.217.18.110, 142.250.110.84, 142.250.185.238, 216.58.206.78, 142.250.186.174, 142.250.184.238, 142.250.181.238, 142.250.186.142, 2.22.50.117, 104.102.63.47, 142.250.185.195, 172.217.18.14, 13.107.253.45, 184.28.90.27, 4.175.87.197, 20.12.23.50
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://res.cloudinary.com Model: Joe Sandbox AI	```json{ "brand": "Cloudinary", "brand_classification": "known", "legit_url": "https://cloudinary.com", "similarity": 7, "spoofed": 2, "reasoning": "The URL 'https://res.cloudinary.com' uses a subdomain 'res' which is commonly used by Cloudinary for resource management and content delivery. The main domain 'cloudinary.com' is intact and matches the legitimate brand's domain. There are no character substitutions or misleading structural changes. The use of the subdomain 'res' is legitimate and typical for Cloudinary's service architecture, indicating that this is not a typosquatting attempt. The similarity score reflects the structural similarity to the legitimate domain, but the low spoofed score indicates a low likelihood of deception."}
URL: https://res.cloudinary.com
URL: https://cloudinary.com Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 0, "spoofed": 0, "reasoning": "The URL 'https://cloudinary.com' does not appear to be a typosquatting attempt. It is a legitimate domain for Cloudinary, a well-known cloud-based image and video management service. There are no visual character substitutions, structural changes, or misleading subdomains/extensions present. The domain name is unique and does not closely resemble any other known brand, reducing the likelihood of user confusion."}
URL: https://cloudinary.com

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2880x1800, components 3
Category:	downloaded
Size (bytes):	389137
Entropy (8bit):	7.7904849580140105
Encrypted:	false
SSDEEP:	6144:CJTdViMz1l+ocDXNwAigxxAeNOManomRDLTeIgGGglHh1r91vzAGGajFgyXdMnIc:CJuUUoZAPxxAkEDRDLTCGXhV92KE
MD5:	EDF30872BBF07D17ABB4EF952A58637D
SHA1:	845C5D3DAEF05957988A09FE751891455A5E071B
SHA-256:	AE975A53CD22F894950A77F3F627D755D4D4300A945EFB04997B3F3E5B5FADCB
SHA-512:	BECA02D56E2D14DD0DD8F43509407BFB7A8C7D0613CD8A8F50DE746EB6FEF1CA9F5E108F3EB8347615413D153C2CD8E646C9D83A86BFB115D621E1F573F43EC5
Malicious:	false
Reputation:	low
URL:	https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........@..".............................................................................>..B...B.M3J..SL...U.#R\.H.....e.J&j\.BMdf.&...MfP.P.L.X.k %.#."J3inl..s5...5....(..t^h,..V* .... J%........R.....,..(....X..X.J"......(.".". ".... "(..A. .H..T.K..,Aa....J5.....K.....E3D.(....=.(...X....."........7....P..R(..,...(.....?l.w..N@....S!..(M\"..$-.-....f.;.....$.s5.....J..d.`$..R.....XR..R"..E2..A....M..BP..^H..X.(.."....O..K....H.......R..@P .....X........PJ%.(.,.%.......,R.........%..A.....,.N`B.... .....P..l..H.... .......,. ..A............Y".....h...?fOw..Z...P...J. ....D[s...3s.s...D.,"..#.C3Ir.X..%.p...%H..J$.]b..X..)b.../..)(...0...$.T.E..J P."(.J ...@ ...(J". ,.Y5....,...J ..(.R. .........,_g...J"...J ..X.X,.. ..,.$.`.....J&. P...T.@...%..,..........* .J.... ......`X....@........P@X...VK..@.@...!..

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
Category:	downloaded
Size (bytes):	13294
Entropy (8bit):	4.175578761210609
Encrypted:	false
SSDEEP:	96:HMH+O1hKVXVAQUmaZ8PNfNNF7yS0wNBupelswk826v5:HM3hKVv3aZ8PN/vzfCjkv
MD5:	87A8B6CADDB0FE093E46BF24FC80F155
SHA1:	E1E44B9A1A1D8ACC06B1FCB75207ED3CD0082713
SHA-256:	6921180D2F5AA10F464C8DAEE904D5ADFAB0765F0BB763EDBDD323017FB11204
SHA-512:	D427445AA888587CB9678A8B24070BE1F8370B887823C0C9E43DA70AE93675238A4A1B9BFE1D9BD625A0DE50EE922A23A0943D19BA998B68951611A408B03F1E
Malicious:	false
Reputation:	low
URL:	https://res.cloudinary.com/favicon.ico
Preview:	..............h...6... ..............00.... ..%..F...(....... ................................H4..TA..Q>...q..............o`..v......VC..`N......WD..........S@......R?......\|n..l[........\|..iX...........xj..w..zk..J7..N;......VD...........{m..........m]......k[....td..L9......]L..te......~.....UB..m^........q..........\|m.......}n..I5..YG..P=..K7..XF...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-29T17:32:19.690951+0100	2049038	ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2	1	104.17.201.1	443	192.168.2.6	49752	TCP

Network Port Distribution

Total Packets: 220
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 29, 2025 17:32:07.195652962 CET	49673	443	192.168.2.6	173.222.162.64
Jan 29, 2025 17:32:07.195662975 CET	49674	443	192.168.2.6	173.222.162.64
Jan 29, 2025 17:32:07.523786068 CET	49672	443	192.168.2.6	173.222.162.64
Jan 29, 2025 17:32:07.872580051 CET	49711	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:07.872611046 CET	443	49711	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:07.872733116 CET	49711	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:07.873738050 CET	49711	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:07.873755932 CET	443	49711	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:08.778479099 CET	443	49711	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:08.778563976 CET	49711	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:09.198777914 CET	49711	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:09.198796034 CET	443	49711	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:09.199840069 CET	443	49711	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:09.221532106 CET	49711	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:09.221617937 CET	49711	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:09.221625090 CET	443	49711	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:09.221889973 CET	49711	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:09.263375998 CET	443	49711	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:09.400043011 CET	443	49711	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:09.400252104 CET	443	49711	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:09.400346041 CET	49711	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:09.753657103 CET	49711	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:09.753679037 CET	443	49711	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:16.803504944 CET	49673	443	192.168.2.6	173.222.162.64
Jan 29, 2025 17:32:16.803539038 CET	49674	443	192.168.2.6	173.222.162.64
Jan 29, 2025 17:32:17.131639004 CET	49672	443	192.168.2.6	173.222.162.64
Jan 29, 2025 17:32:17.250550985 CET	49740	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:32:17.250605106 CET	443	49740	142.250.185.228	192.168.2.6
Jan 29, 2025 17:32:17.250674009 CET	49740	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:32:17.250945091 CET	49740	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:32:17.250961065 CET	443	49740	142.250.185.228	192.168.2.6
Jan 29, 2025 17:32:17.895536900 CET	443	49740	142.250.185.228	192.168.2.6
Jan 29, 2025 17:32:17.896193981 CET	49740	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:32:17.896209002 CET	443	49740	142.250.185.228	192.168.2.6
Jan 29, 2025 17:32:17.897855043 CET	443	49740	142.250.185.228	192.168.2.6
Jan 29, 2025 17:32:17.897945881 CET	49740	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:32:17.899426937 CET	49740	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:32:17.899512053 CET	443	49740	142.250.185.228	192.168.2.6
Jan 29, 2025 17:32:17.944041967 CET	49740	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:32:17.944063902 CET	443	49740	142.250.185.228	192.168.2.6
Jan 29, 2025 17:32:17.969338894 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:17.969381094 CET	443	49746	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:17.969470978 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:17.970124960 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:17.970139027 CET	443	49746	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:17.990901947 CET	49740	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:32:18.592906952 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:18.592953920 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:18.593096018 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:18.593106985 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:18.593133926 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:18.593178988 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:18.593574047 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:18.593591928 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:18.593846083 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:18.593868971 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:18.784506083 CET	443	49746	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:18.784645081 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:18.787518978 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:18.787537098 CET	443	49746	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:18.788404942 CET	443	49746	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:18.793246031 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:18.793659925 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:18.793673038 CET	443	49746	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:18.793937922 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:18.839332104 CET	443	49746	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:18.931735039 CET	443	49707	173.222.162.64	192.168.2.6
Jan 29, 2025 17:32:18.931843996 CET	49707	443	192.168.2.6	173.222.162.64
Jan 29, 2025 17:32:18.974822998 CET	443	49746	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:18.975106955 CET	443	49746	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:18.975174904 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:18.976466894 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:18.976479053 CET	443	49746	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:18.976527929 CET	49746	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:19.064795017 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.065135002 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.065206051 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.066390038 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.066471100 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.067645073 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.067727089 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.067945004 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.067962885 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.070122004 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.070511103 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.070537090 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.072105885 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.072180033 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.073163986 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.073251009 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.120138884 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.120155096 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.120181084 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.166536093 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.246524096 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.246572018 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.246601105 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.246629000 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.246653080 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.246685028 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.246711969 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.246741056 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.246850967 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.246889114 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.247194052 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.247222900 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.247251987 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.247268915 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.247500896 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.251233101 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.251276970 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.251348972 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.251365900 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.303427935 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.335093975 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.335180044 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.335221052 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.335275888 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.335302114 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.335459948 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.335509062 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.335526943 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.335597992 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.335627079 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.335690975 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.335756063 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.335769892 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.336179972 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.336225033 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.336231947 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.336244106 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.336292982 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.336308002 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.336357117 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.336405993 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.336452007 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.336467028 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.336599112 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.336961031 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.337205887 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.337239981 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.337255001 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.337271929 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.337323904 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.337352037 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.337357044 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.337373018 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.337404966 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.337975025 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.338026047 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.338041067 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.383805037 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.423871994 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.423940897 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.423978090 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424035072 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424041986 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424093008 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.424093008 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.424165964 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424196005 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424258947 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.424278021 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424331903 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.424345970 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424489021 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424542904 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.424578905 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424624920 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.424760103 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424793959 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424815893 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.424834013 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424858093 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.424863100 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.424906969 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.424918890 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.425259113 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.425306082 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.425321102 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.425379992 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.425499916 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.425544977 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.425549984 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.425561905 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.425597906 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.425622940 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.425693035 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.425707102 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.426245928 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.426281929 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.426302910 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.426311970 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.426321030 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.426342964 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.426367998 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.426367998 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.512664080 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.512711048 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.512737036 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.512748003 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.512758970 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.512789965 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.512837887 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.512883902 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.512893915 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.513051033 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.513052940 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.513061047 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.513088942 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.513099909 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.513144016 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.513153076 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.513267994 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.513411999 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.513453960 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.513550043 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.513602972 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.513729095 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.513766050 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.513786077 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.513794899 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.513811111 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.513839006 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.514157057 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514199972 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514202118 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.514209032 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514250040 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514261961 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.514269114 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514283895 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.514292955 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514339924 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.514348030 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514386892 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.514642000 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514718056 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.514832973 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514877081 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514880896 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.514888048 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514931917 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.514935017 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514945030 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.514976978 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.514986038 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.515022039 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.515039921 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.515048027 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.515069962 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.515096903 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.517539024 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.517580032 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.517594099 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.517601013 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.517630100 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.517636061 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.517649889 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.517657042 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.517678976 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.517680883 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.517735004 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.517741919 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.517829895 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.518160105 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.518198013 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.518218994 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.518228054 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.518246889 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.518311977 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.601516962 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.601542950 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.601603031 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.601640940 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.601680040 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.601702929 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.601753950 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.601845026 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.601861954 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.601922035 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.601944923 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.601970911 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.602086067 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602108955 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602147102 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.602161884 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602191925 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.602365971 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602380037 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602431059 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.602447033 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602473021 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.602787018 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602807045 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602845907 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.602864981 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602890015 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.602935076 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602951050 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.602988958 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.603008986 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.603033066 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.603341103 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.603358984 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.603401899 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.603415966 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.603446960 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.646725893 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.651962042 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.690551043 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.690601110 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.690640926 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.690661907 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.690684080 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.690702915 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.690808058 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.690840006 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.690886021 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.690907955 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.690929890 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.690938950 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.690978050 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.691005945 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.691006899 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.691021919 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.691071033 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.691078901 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.691143990 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.691205978 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.691643953 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.691668987 CET	443	49752	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:19.691685915 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:19.691843987 CET	49752	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:20.017976046 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:20.063340902 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.240380049 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.240511894 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.240575075 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:20.240591049 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.240686893 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.240791082 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.240839958 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:20.240848064 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.240885973 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:20.240891933 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.241030931 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.241132021 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.241178036 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:20.241185904 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.241225004 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:20.241238117 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.241509914 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.243274927 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:20.295756102 CET	49753	443	192.168.2.6	104.17.201.1
Jan 29, 2025 17:32:20.295766115 CET	443	49753	104.17.201.1	192.168.2.6
Jan 29, 2025 17:32:20.309487104 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:20.309514999 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:20.309568882 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:20.309811115 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:20.309825897 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.210480928 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.211483002 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:21.211496115 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.212999105 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.213078976 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:21.214423895 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:21.214524984 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.214689016 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:21.214704990 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.258133888 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:21.401220083 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.401252031 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.401262045 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.401298046 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.401324034 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:21.401331902 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.401338100 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.401356936 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:21.401376009 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:21.401398897 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:21.402430058 CET	49766	443	192.168.2.6	23.219.148.49
Jan 29, 2025 17:32:21.402442932 CET	443	49766	23.219.148.49	192.168.2.6
Jan 29, 2025 17:32:27.786411047 CET	443	49740	142.250.185.228	192.168.2.6
Jan 29, 2025 17:32:27.786495924 CET	443	49740	142.250.185.228	192.168.2.6
Jan 29, 2025 17:32:27.786541939 CET	49740	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:32:29.540113926 CET	49740	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:32:29.540134907 CET	443	49740	142.250.185.228	192.168.2.6
Jan 29, 2025 17:32:33.670730114 CET	49845	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:33.670757055 CET	443	49845	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:33.670852900 CET	49845	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:33.671679020 CET	49845	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:33.671690941 CET	443	49845	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:34.465620995 CET	443	49845	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:34.465763092 CET	49845	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:34.547507048 CET	49845	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:34.547522068 CET	443	49845	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:34.547951937 CET	443	49845	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:34.552587032 CET	49845	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:34.552656889 CET	49845	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:34.552661896 CET	443	49845	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:34.552884102 CET	49845	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:34.599328995 CET	443	49845	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:34.734039068 CET	443	49845	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:34.734406948 CET	443	49845	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:34.734544992 CET	49845	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:34.734658003 CET	49845	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:34.734671116 CET	443	49845	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:51.780193090 CET	49951	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:51.780241013 CET	443	49951	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:51.780363083 CET	49951	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:51.780976057 CET	49951	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:51.780992985 CET	443	49951	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:52.619581938 CET	443	49951	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:52.619657040 CET	49951	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:52.621715069 CET	49951	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:52.621721983 CET	443	49951	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:52.621953964 CET	443	49951	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:52.623905897 CET	49951	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:52.623974085 CET	49951	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:52.623979092 CET	443	49951	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:52.624125004 CET	49951	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:52.671330929 CET	443	49951	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:52.794697046 CET	443	49951	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:52.794857025 CET	443	49951	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:52.795173883 CET	49951	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:32:52.795198917 CET	443	49951	40.113.110.67	192.168.2.6
Jan 29, 2025 17:32:52.795209885 CET	49951	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:10.392220020 CET	49998	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:10.392270088 CET	443	49998	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:10.392395020 CET	49998	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:10.393027067 CET	49998	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:10.393055916 CET	443	49998	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:11.208363056 CET	443	49998	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:11.208568096 CET	49998	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:11.211842060 CET	49998	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:11.211870909 CET	443	49998	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:11.212573051 CET	443	49998	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:11.214324951 CET	49998	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:11.214387894 CET	49998	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:11.214400053 CET	443	49998	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:11.214631081 CET	49998	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:11.255335093 CET	443	49998	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:11.408998966 CET	443	49998	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:11.409141064 CET	443	49998	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:11.409207106 CET	49998	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:11.409466028 CET	49998	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:11.409508944 CET	443	49998	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:17.304626942 CET	50001	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:33:17.304665089 CET	443	50001	142.250.185.228	192.168.2.6
Jan 29, 2025 17:33:17.304744959 CET	50001	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:33:17.305016041 CET	50001	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:33:17.305032015 CET	443	50001	142.250.185.228	192.168.2.6
Jan 29, 2025 17:33:17.949224949 CET	443	50001	142.250.185.228	192.168.2.6
Jan 29, 2025 17:33:17.949810028 CET	50001	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:33:17.949841976 CET	443	50001	142.250.185.228	192.168.2.6
Jan 29, 2025 17:33:17.950937033 CET	443	50001	142.250.185.228	192.168.2.6
Jan 29, 2025 17:33:17.951560020 CET	50001	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:33:17.951646090 CET	443	50001	142.250.185.228	192.168.2.6
Jan 29, 2025 17:33:18.006107092 CET	50001	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:33:27.848061085 CET	443	50001	142.250.185.228	192.168.2.6
Jan 29, 2025 17:33:27.848143101 CET	443	50001	142.250.185.228	192.168.2.6
Jan 29, 2025 17:33:27.848221064 CET	50001	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:33:29.539278984 CET	50001	443	192.168.2.6	142.250.185.228
Jan 29, 2025 17:33:29.539323092 CET	443	50001	142.250.185.228	192.168.2.6
Jan 29, 2025 17:33:37.952186108 CET	50002	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:37.952229023 CET	443	50002	40.113.110.67	192.168.2.6
Jan 29, 2025 17:33:37.952297926 CET	50002	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:37.952904940 CET	50002	443	192.168.2.6	40.113.110.67
Jan 29, 2025 17:33:37.952920914 CET	443	50002	40.113.110.67	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 29, 2025 17:32:13.016062021 CET	53	58550	1.1.1.1	192.168.2.6
Jan 29, 2025 17:32:13.051450968 CET	53	59555	1.1.1.1	192.168.2.6
Jan 29, 2025 17:32:14.229245901 CET	53	51999	1.1.1.1	192.168.2.6
Jan 29, 2025 17:32:17.242499113 CET	58827	53	192.168.2.6	1.1.1.1
Jan 29, 2025 17:32:17.242827892 CET	62591	53	192.168.2.6	1.1.1.1
Jan 29, 2025 17:32:17.249439955 CET	53	58827	1.1.1.1	192.168.2.6
Jan 29, 2025 17:32:17.249571085 CET	53	62591	1.1.1.1	192.168.2.6
Jan 29, 2025 17:32:18.578450918 CET	60649	53	192.168.2.6	1.1.1.1
Jan 29, 2025 17:32:18.578775883 CET	56934	53	192.168.2.6	1.1.1.1
Jan 29, 2025 17:32:18.586124897 CET	53	60649	1.1.1.1	192.168.2.6
Jan 29, 2025 17:32:18.586797953 CET	53	56934	1.1.1.1	192.168.2.6
Jan 29, 2025 17:32:20.301541090 CET	56227	53	192.168.2.6	1.1.1.1
Jan 29, 2025 17:32:20.301713943 CET	51086	53	192.168.2.6	1.1.1.1
Jan 29, 2025 17:32:20.308867931 CET	53	51086	1.1.1.1	192.168.2.6
Jan 29, 2025 17:32:20.308922052 CET	53	56227	1.1.1.1	192.168.2.6
Jan 29, 2025 17:32:31.282366037 CET	53	50537	1.1.1.1	192.168.2.6
Jan 29, 2025 17:32:50.202617884 CET	53	56661	1.1.1.1	192.168.2.6
Jan 29, 2025 17:33:12.750328064 CET	53	62358	1.1.1.1	192.168.2.6
Jan 29, 2025 17:33:12.877319098 CET	53	58711	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 29, 2025 17:32:17.242499113 CET	192.168.2.6	1.1.1.1	0x69d3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 29, 2025 17:32:17.242827892 CET	192.168.2.6	1.1.1.1	0xeb8b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 29, 2025 17:32:18.578450918 CET	192.168.2.6	1.1.1.1	0xd37f	Standard query (0)	res.cloudinary.com	A (IP address)	IN (0x0001)	false
Jan 29, 2025 17:32:18.578775883 CET	192.168.2.6	1.1.1.1	0x5892	Standard query (0)	res.cloudinary.com	65	IN (0x0001)	false
Jan 29, 2025 17:32:20.301541090 CET	192.168.2.6	1.1.1.1	0x493b	Standard query (0)	res.cloudinary.com	A (IP address)	IN (0x0001)	false
Jan 29, 2025 17:32:20.301713943 CET	192.168.2.6	1.1.1.1	0xb60c	Standard query (0)	res.cloudinary.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 29, 2025 17:32:17.249439955 CET	1.1.1.1	192.168.2.6	0x69d3	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Jan 29, 2025 17:32:17.249571085 CET	1.1.1.1	192.168.2.6	0xeb8b	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 29, 2025 17:32:18.586124897 CET	1.1.1.1	192.168.2.6	0xd37f	No error (0)	res.cloudinary.com	resc.cloudinary.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 29, 2025 17:32:18.586124897 CET	1.1.1.1	192.168.2.6	0xd37f	No error (0)	resc.cloudinary.com.cdn.cloudflare.net		104.17.201.1	A (IP address)	IN (0x0001)	false
Jan 29, 2025 17:32:18.586124897 CET	1.1.1.1	192.168.2.6	0xd37f	No error (0)	resc.cloudinary.com.cdn.cloudflare.net		104.17.202.1	A (IP address)	IN (0x0001)	false
Jan 29, 2025 17:32:18.586797953 CET	1.1.1.1	192.168.2.6	0x5892	No error (0)	res.cloudinary.com	resc.cloudinary.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 29, 2025 17:32:20.308867931 CET	1.1.1.1	192.168.2.6	0xb60c	No error (0)	res.cloudinary.com	resc.cloudinary.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 29, 2025 17:32:20.308922052 CET	1.1.1.1	192.168.2.6	0x493b	No error (0)	res.cloudinary.com	ion.cloudinary.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 29, 2025 17:32:20.308922052 CET	1.1.1.1	192.168.2.6	0x493b	No error (0)	ion.cloudinary.com.edgekey.net	e1315.dsca.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 29, 2025 17:32:20.308922052 CET	1.1.1.1	192.168.2.6	0x493b	No error (0)	e1315.dsca.akamaiedge.net		23.219.148.49	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

res.cloudinary.com

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49711	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-29 16:32:09 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 4d 55 46 51 6e 32 41 72 45 75 78 4e 57 34 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 63 63 33 61 61 63 35 63 36 61 63 38 64 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: bMUFQn2ArEuxNW4a.1Context: d2cc3aac5c6ac8da
2025-01-29 16:32:09 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-29 16:32:09 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 62 4d 55 46 51 6e 32 41 72 45 75 78 4e 57 34 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 63 63 33 61 61 63 35 63 36 61 63 38 64 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 53 76 45 42 73 51 62 75 2b 78 39 53 4d 36 4d 6d 2b 49 6c 61 42 65 77 6c 59 54 5a 73 37 4f 74 2b 70 65 78 4a 4a 43 34 70 4e 57 71 42 52 4a 6f 6c 56 61 33 6c 48 78 32 57 4b 6b 64 41 71 39 64 4b 54 2b 4c 33 70 4b 44 69 35 38 78 4e 4e 77 62 65 4d 7a 70 4d 45 79 59 31 30 54 6b 61 73 39 33 2b 48 6d 66 76 6f 79 41 44 34 47 34 51 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: bMUFQn2ArEuxNW4a.2Context: d2cc3aac5c6ac8da<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbSvEBsQbu+x9SM6Mm+IlaBewlYTZs7Ot+pexJJC4pNWqBRJolVa3lHx2WKkdAq9dKT+L3pKDi58xNNwbeMzpMEyY10Tkas93+HmfvoyAD4G4Q
2025-01-29 16:32:09 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 4d 55 46 51 6e 32 41 72 45 75 78 4e 57 34 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 63 63 33 61 61 63 35 63 36 61 63 38 64 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: bMUFQn2ArEuxNW4a.3Context: d2cc3aac5c6ac8da<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-29 16:32:09 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-29 16:32:09 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 59 6c 6d 46 6a 71 73 6f 71 30 75 4f 6e 6e 34 79 79 56 49 78 2b 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: YlmFjqsoq0uOnn4yyVIx+w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49746	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-29 16:32:18 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2b 44 47 4e 70 51 49 42 6a 45 4b 79 59 48 4e 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 33 66 35 64 32 64 36 33 36 66 62 33 36 34 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: +DGNpQIBjEKyYHN9.1Context: f3f5d2d636fb364b
2025-01-29 16:32:18 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-29 16:32:18 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 2b 44 47 4e 70 51 49 42 6a 45 4b 79 59 48 4e 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 33 66 35 64 32 64 36 33 36 66 62 33 36 34 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 53 76 45 42 73 51 62 75 2b 78 39 53 4d 36 4d 6d 2b 49 6c 61 42 65 77 6c 59 54 5a 73 37 4f 74 2b 70 65 78 4a 4a 43 34 70 4e 57 71 42 52 4a 6f 6c 56 61 33 6c 48 78 32 57 4b 6b 64 41 71 39 64 4b 54 2b 4c 33 70 4b 44 69 35 38 78 4e 4e 77 62 65 4d 7a 70 4d 45 79 59 31 30 54 6b 61 73 39 33 2b 48 6d 66 76 6f 79 41 44 34 47 34 51 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: +DGNpQIBjEKyYHN9.2Context: f3f5d2d636fb364b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbSvEBsQbu+x9SM6Mm+IlaBewlYTZs7Ot+pexJJC4pNWqBRJolVa3lHx2WKkdAq9dKT+L3pKDi58xNNwbeMzpMEyY10Tkas93+HmfvoyAD4G4Q
2025-01-29 16:32:18 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2b 44 47 4e 70 51 49 42 6a 45 4b 79 59 48 4e 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 33 66 35 64 32 64 36 33 36 66 62 33 36 34 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: +DGNpQIBjEKyYHN9.3Context: f3f5d2d636fb364b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-29 16:32:18 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-29 16:32:18 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4a 38 35 54 52 78 35 55 5a 6b 4f 34 43 51 45 56 79 47 4e 68 52 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: J85TRx5UZkO4CQEVyGNhRw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49752	104.17.201.1	443	6968	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-29 16:32:19 UTC	720	OUT	GET /dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg HTTP/1.1 Host: res.cloudinary.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-29 16:32:19 UTC	832	IN	HTTP/1.1 200 OK Date: Wed, 29 Jan 2025 16:32:19 GMT Content-Type: image/jpeg Content-Length: 389137 Connection: close CF-Ray: 909a9e17adc17c93-EWR Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: public, no-transform, immutable, max-age=2592000 ETag: "edf30872bbf07d17abb4ef952a58637d" Last-Modified: Tue, 28 Jan 2025 16:08:38 GMT Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options server-timing: cld-cloudflare;dur=37;start=2025-01-29T16:32:19.156Z;desc=hit,rtt;dur=2,content-info;desc="width=2880,height=1800,bytes=389137,format="jpg",o=1,crt=1738080517,ef=(17);" timing-allow-origin: * x-content-type-options: nosniff x-request-id: 40372272aa87ec9eac1e9a3825b77776 Server: cloudflare
2025-01-29 16:32:19 UTC	537	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c2 00 11 08 07 08 0b 40 03 01 22 00 02 11 01 03 11 01 ff c4 00 1a 00 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 ff c4 00 19 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 d2 3e 8f 84 42 a4 2a 0b 00 Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222@">B*
2025-01-29 16:32:19 UTC	1369	IN	Data Raw: ce 99 88 b0 4a 8c d1 64 a9 60 24 d4 88 b1 52 89 ac 88 b0 80 58 52 a2 03 52 22 cd e1 45 32 04 d6 41 0b 05 8b 12 4d 0c cd 42 50 8b 07 5e 48 8b 2a c2 58 b0 28 b9 00 22 c5 00 05 88 4f 7f 80 4b 04 a2 00 a1 2a 48 14 04 a2 00 08 00 16 52 14 cd 40 50 20 16 00 04 b2 c2 58 00 08 b0 00 08 b0 05 10 50 4a 25 81 28 80 2c 80 25 08 b2 92 88 b0 08 01 2c 52 c4 00 00 12 88 01 16 a5 10 25 b9 01 41 00 08 b2 c0 a2 2c a7 4e 60 42 c0 02 c0 00 20 08 b0 a8 02 82 50 b2 e6 89 6c 88 01 48 02 88 00 05 20 00 00 00 00 00 04 a2 2c 0a 20 00 09 41 02 80 d6 05 02 c0 a8 2e f9 80 00 03 59 22 c0 00 b0 10 a4 2a 68 80 00 9a 3f 66 4f 77 8e c4 5a 95 08 02 50 15 0b 90 4a 00 20 b2 c2 a0 b6 0d 44 5b 73 b1 d3 1d 33 73 9d 73 b2 c8 d4 44 b1 2c 22 89 bc 23 0d 43 33 49 72 b2 58 b0 95 25 93 70 ca a5 cc d4 Data Ascii: Jd`$RXRR"E2AMBP^HX("OKHR@P XPJ%(,%,R%A,N`B PlH , A.Y"*h?fOwZPJ D[s3ssD,"#C3IrX%p
2025-01-29 16:32:19 UTC	1369	IN	Data Raw: 40 4e fc 00 42 55 8b 00 50 49 42 2c 16 16 a1 16 03 59 2a 68 92 8c ac 15 49 2c 82 c0 06 b2 02 82 2c 14 08 b2 c2 c9 45 20 12 90 16 29 12 89 50 58 00 54 0b 00 00 58 00 00 b0 58 50 01 02 10 b4 00 0d 42 4a 25 94 00 04 d4 20 2c 00 16 e4 b9 a2 28 4b 05 96 00 fd 88 f6 79 40 a8 2a e4 b6 59 64 d4 22 c2 2c ad 63 79 97 2a 42 8c d5 5d 7a b8 f5 e7 79 66 c5 cc 4d 49 35 94 01 02 4b 9a 02 02 00 01 2b 79 20 02 50 81 61 2a 0a 94 0a 24 2a 51 51 2a 4b 6a 10 09 52 54 a5 ca c1 2a 58 a8 ca 89 28 92 95 2c 8d 62 8c a9 60 00 4a 88 0d 66 c2 02 01 28 8b 14 22 28 8b 00 0b 21 2c 50 12 c0 d6 44 a1 28 8b 04 a2 00 58 80 02 2c 50 25 00 00 00 20 00 20 15 d5 78 29 22 c1 5d 57 8a 88 b0 93 50 8b 00 00 4b 4c 84 94 80 12 88 a2 54 12 84 14 00 22 c0 08 b0 02 2c 00 02 28 8b 00 22 92 05 6f 01 28 81 Data Ascii: @NBUPIB,YhI,,E )PXTXXPBJ% ,(Ky@Yd",cyB]zyfMI5K+y Pa$QQKjRT*X(,b`Jf("(!,PD(X,P% x)"]WPKLT",("o(
2025-01-29 16:32:19 UTC	1369	IN	Data Raw: 7e 62 c9 65 96 01 62 c1 65 95 73 a0 42 04 59 55 bc d9 5d 79 7a 73 60 cb eb 7c bf 57 a3 94 f8 dc fa f3 ef 71 35 35 24 a4 96 50 80 94 10 41 32 d4 a8 53 2b 09 28 8b 01 00 52 51 28 80 4a 20 88 b2 85 84 00 00 10 0a 08 a8 2a 50 82 a5 21 2a 80 05 82 c0 04 b2 ca 8b 22 ca 24 d4 20 13 b7 25 93 52 24 a1 2a 59 d3 02 02 28 cb 51 62 a2 2c 00 00 59 62 c0 04 b4 82 20 00 29 62 a4 8a 54 eb c8 15 60 2c e9 82 2a 22 84 a2 28 8a 97 2d 4b 13 49 72 b4 cb 50 8a 22 d3 0d 0c cd 0c cd 23 2d 42 4d 2b 2d 55 e6 d4 92 4d 17 33 52 a4 d4 48 a3 33 50 8b 08 a2 0a 08 04 4a 5c aa a2 c2 28 8b 00 90 08 b2 a0 50 04 14 12 92 01 28 8a 22 88 a2 01 2a 58 b0 2c 13 db e3 a8 b0 54 35 90 58 2c 00 02 00 b0 00 8a 21 44 a2 28 80 00 00 40 00 00 00 01 52 84 54 8b 14 00 00 d6 75 90 00 8b 02 2d ac 82 50 02 c0 Data Ascii: ~bebesBYU]yzs`\|Wq55$PA2S+(RQ(J P!"$ %R$Y(Qb,Yb )bT`,"(-KIrP"#-BM+-UM3RH3PJ\(P("*X,T5X,!D(@RTu-P
2025-01-29 16:32:19 UTC	1369	IN	Data Raw: 28 b9 d4 d6 73 29 32 a2 02 e7 59 94 15 8d 42 00 82 c0 10 8b 09 50 02 2c 25 08 42 c5 2e 45 58 84 b1 02 89 51 00 95 40 5c e8 96 20 0b 01 35 2a 00 00 22 a2 05 01 60 20 16 20 a0 02 09 48 51 2c 00 01 ac 80 16 52 00 42 82 80 05 00 01 16 50 00 a0 82 88 d4 58 d0 ca a5 2a 24 d0 ca d5 8a 88 a5 b2 a5 eb 9e 74 8a 32 a5 8d 23 2d 42 2d 32 d4 96 28 8b 4c b4 5c da 0a 96 68 96 2a 5c b4 25 a9 64 d2 de 9c 7d 3c 23 0d a5 e6 dc 24 de 4c cd cb 30 dc 8c 4d ab 0d 13 9b 65 e7 3a 62 cc b7 93 33 71 30 dc 33 9e 99 4e 6d cd 4c 4d 12 4b 04 a4 ca ca 8b 12 0a 04 4a 32 a5 93 50 8b 04 a4 80 28 92 88 b2 a0 00 01 04 a2 58 a2 00 04 aa 4b 02 80 12 c0 00 04 2a 51 28 82 00 00 2a 50 4a 88 b0 00 28 20 00 0b 04 a4 94 50 00 80 a4 14 05 24 b0 d6 40 03 59 12 88 b0 2d 32 00 00 00 04 a3 f5 b6 5f 4f 0b Data Ascii: (s)2YBP,%B.EXQ@\ 5"` HQ,RBPX$t2#-B-2(L\h\%d}<#$L0Me:b3q03NmLMKJ2P(XKQ(*PJ( P$@Y-2_O
2025-01-29 16:32:19 UTC	1369	IN	Data Raw: 7c df 27 5f 77 7c bc 3d fd dd 73 7c 7d bd 7b 97 cf d3 b6 a3 96 b7 63 36 82 94 05 82 a2 28 16 0a 88 a8 4b 60 a9 2b 6c ab 48 ad 23 52 a5 a0 a8 a8 e7 9e d3 9d f3 79 3e a4 cf 4f 85 c3 f4 3c 79 f7 fc f7 3f b1 e5 cf af e5 f9 7e b7 1b bf 99 ae d3 59 e1 8e f9 3c ce fc f5 ce 6b 0a df 1d e2 e7 18 eb 8d 73 c6 77 9b cf 13 79 b3 33 52 e7 2a b3 33 59 49 35 2c 92 93 22 c9 35 13 2d 66 a2 c2 28 d7 3a 49 2a c8 b2 12 ca 4a 44 a3 2a 20 b4 24 8b 28 b0 4b 00 84 aa 80 01 65 22 c0 00 26 f0 85 82 c5 a8 08 b0 00 00 0d 64 00 00 80 40 00 8a 25 95 4b 08 b0 00 02 c0 08 b0 50 8b 03 59 00 1a 32 05 b9 00 00 08 a2 54 2c 0f d6 ab bf 2b df 87 49 74 cf 49 7a 5e 53 36 f5 9d b2 f1 4d 67 70 94 ce 75 29 2c 24 b1 16 05 64 a8 a9 65 44 42 c0 42 ac 0b ac 68 91 10 a2 2e ce 4a 22 c1 2a 5d 73 d6 56 50 Data Ascii: \|'_w\|=s\|}{c6(K`+lH#Ry>O<y?~Y<kswy3R3YI5,"5-f(:IJD* $(Ke"&d@%KPY2T,+ItIz^S6Mgpu),$deDBBh.J"*]sVP
2025-01-29 16:32:19 UTC	1369	IN	Data Raw: 77 17 93 ae 56 33 0b 9d 43 0b 2d a9 23 53 30 de 61 6c 42 dc 17 a5 e5 23 b4 e5 0e ee 05 ec e3 57 ac c2 3a b8 25 ed 78 d3 bf 4f 2d 8f 5d f1 ea 67 d7 7c da 93 d1 af 35 99 f4 bc db cc ea e7 63 77 98 eb bf 3a 4f 4d f3 69 9f 43 8d 4e b7 8d b3 bb 96 b5 9e 8c 6b 72 e6 dd 3c de 2f ab cf 3d 7e 17 8f ef f8 de cf 8b e7 fa fe 0d f5 f1 e7 bf 2d 67 9f 3e 99 d6 31 8e b9 d7 3e 59 e9 8b 8c ac b2 4d 44 ce 7a 66 e7 33 52 c9 35 2e 64 d4 4c 4d 66 c8 b2 a2 c4 ca 92 4a 48 04 b0 4a b2 16 24 b2 93 db e3 22 8c aa 32 aa 8b 00 12 92 2c 22 c1 2a 80 01 28 8b 0b 00 21 00 00 00 02 50 4a 22 ca 00 00 80 12 ac 41 6c a8 45 21 a3 20 00 00 00 01 60 80 00 00 15 20 6c c0 10 af d9 dd eb 78 cd ef ef c5 f3 fb fc bf 4f 8d f4 fc 3e 5e 7d 38 e3 a7 3e f2 4d 65 18 d6 69 2a 99 b0 9a cd 19 b9 11 48 52 00 Data Ascii: wV3C-#S0alB#W:%xO-]g\|5cw:OMiCNkr</=~-g>1>YMDzf3R5.dLMfJHJ$"2,"(!PJ"AlE! ` lxO>^}8>MeiHR
2025-01-29 16:32:19 UTC	1369	IN	Data Raw: 55 48 a0 2c 59 40 25 b0 22 88 e9 cc 54 2c a2 5a 88 50 a5 8a 82 89 54 08 50 b6 50 b4 5d 7a a5 e3 de fb 73 73 ee d7 a7 9d 9d 6d ce a2 a6 a2 c5 02 50 28 ca c5 08 93 59 23 50 85 59 9e 92 30 dc 33 9d 45 93 50 ca 97 2a 97 33 59 19 d4 5c 6a 65 75 32 5d 60 11 15 2c 54 b0 ba e6 8e b3 16 35 32 5d 42 24 d4 33 8d cb 71 c3 d1 9a f3 5e ab 39 ba 26 b8 67 d3 8d 39 5c ae 74 cc 96 eb 0a ed 7c fb ce ba f5 f3 59 af 4e 78 f4 97 5a c6 57 d1 7c fa 8f 46 b8 58 ef 78 d9 3a de 55 3d 1d 3c 9b 63 d9 bf 2e e7 2e be 6e f8 5f 9b f3 fe df 93 a7 6f 8b c7 e8 79 bb f2 f3 3a 67 79 e4 eb 86 73 35 2e 62 8d f6 f3 5c f4 eb ca d5 e5 8f 47 3b 8e 78 dd d7 3e 53 ae 6e 79 37 9b 9c cd c4 c4 d2 cc cd 44 8a 49 35 09 37 94 92 aa 2c 5a a8 cb 54 c3 d0 9b f3 ce 92 e3 13 79 33 35 12 0b 00 6b 28 94 ac a9 22 Data Ascii: UH,Y@%"T,ZPTPP]zssmP(Y#PY03EP*3Y\jeu2]`,T52]B$3q^9&g9\t\|YNxZW\|FXx:U=<c..n_oy:gys5.b\G;x>Sny7DI57,ZTy35k("
2025-01-29 16:32:19 UTC	1369	IN	Data Raw: 88 b0 14 96 0b 72 00 00 29 28 8a 89 ac 80 3f 65 9e f9 db 36 49 66 75 2e 66 a7 49 72 eb cb 37 1d 39 74 b1 ad 49 ad 70 fa 9f 3b 33 93 59 de 71 2c d4 4b 05 94 96 e8 e7 28 84 00 4b 13 51 0a 8a a8 5b 02 c9 52 50 12 2a 15 28 84 28 12 e8 c2 84 00 54 de 00 01 54 80 16 01 49 77 88 82 c8 a2 14 01 60 a1 6d 90 d2 00 14 00 6b 20 20 a1 a8 97 59 50 50 59 65 a5 69 a8 bd a7 ab 37 7f 47 9f bf 95 df 69 bc 50 80 58 b0 40 10 11 52 c1 2c 58 40 85 b9 15 28 92 88 16 2c 22 c5 93 50 92 89 62 52 43 59 80 85 21 51 0d 39 c5 eb 9e 7a 8b 9b 9a 73 a6 b1 35 ca d1 02 42 cb 91 26 4d b9 97 73 03 57 12 5e b8 ca 5e ce 3a 97 7d 39 b3 7d 3d be 76 b3 3d dc 38 73 4f 66 7c de 86 a7 3f 67 3c e7 cd 9d 63 a2 eb 3c ee b7 39 ea eb cb 7d 19 de 38 77 d7 a7 2f 0f 2f 67 8f 53 1d 78 dd ce ef 3d 9b f5 75 f2 Data Ascii: r)(?e6Ifu.fIr79tIp;3Yq,K(KQ[RP*((TTIw`mk YPPYei7GiPX@R,X@(,"PbRCY!Q9zs5B&MsW^^:}9}=v=8sOf\|?g<c<9}8w//gSx=u
2025-01-29 16:32:19 UTC	1369	IN	Data Raw: b7 02 2e 6c 21 35 be 5a 9a eb e8 f1 e7 17 ea 70 e5 e8 e7 d7 c7 8f 6f 2e 98 f2 f1 f5 63 a7 3f 16 b5 c3 af 9b a6 79 ae 3b f7 f1 6a 74 fa 1e 8f 99 e8 e5 df e8 f2 cb 96 b8 f9 bd 5c 3a f9 78 67 78 eb cb 23 52 58 66 4b 2c 12 c4 b2 c5 80 44 a8 2a 2c 08 40 4a ac ae 8c 6a 48 4a 22 96 51 7a f3 cd 8d 5c 59 6e 76 5e 6e 91 39 b5 2c 92 c6 52 96 00 94 4a 20 00 42 2c 44 b0 a0 12 c0 08 b0 04 8a 05 ac ac 00 4a 20 96 3a 73 40 b6 29 22 c2 cb 21 2c 2b a7 30 00 37 8d e0 02 28 80 03 f5 5a cd dc d3 3a 8e 9b c6 f3 ae dc 7a 70 8d 4e 7a de 76 dc 97 9b 58 47 5c 75 97 df e3 fa 5e 5e 3a f0 e3 df e5 e8 e0 de ee 78 de dc 08 92 ad c1 66 75 2c ca ab 33 54 c3 b7 24 92 d3 2d e0 b2 89 50 54 5e 93 09 02 ae 6c 05 20 00 4a 16 0a 94 4b 57 35 a8 b9 b1 52 81 a9 73 35 94 92 ca 58 41 48 b1 65 44 50 Data Ascii: .l!5Zpo.c?y;jt\:xgx#RXfK,D*,@JjHJ"Qz\Ynv^n9,RJ B,DJ :s@)"!,+07(Z:zpNzvXG\u^^:xfu,3T$-PT^l JKW5Rs5XAHeDP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49753	104.17.201.1	443	6968	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-29 16:32:20 UTC	651	OUT	GET /favicon.ico HTTP/1.1 Host: res.cloudinary.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-29 16:32:20 UTC	666	IN	HTTP/1.1 200 OK Date: Wed, 29 Jan 2025 16:32:20 GMT Content-Type: image/x-icon Transfer-Encoding: chunked Connection: close CF-Ray: 909a9e1d7b548cb9-EWR Access-Control-Allow-Origin: * Cache-Control: private, no-transform, max-age=0, no-cache ETag: W/"6798d312-33ee" Last-Modified: Tue, 28 Jan 2025 12:52:34 GMT Strict-Transport-Security: max-age=604800 Vary: Accept-Encoding Pragma: no-cache access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options server-timing: cld-cloudflare;dur=91;start=2025-01-29T16:32:20.097Z;desc=hit,rtt;dur=2 timing-allow-origin: * x-content-type-options: nosniff Server: cloudflare
2025-01-29 16:32:20 UTC	703	IN	Data Raw: 33 33 65 65 0d 0a 00 00 01 00 03 00 10 10 00 00 01 00 08 00 68 05 00 00 36 00 00 00 20 20 00 00 01 00 08 00 a8 08 00 00 9e 05 00 00 30 30 00 00 01 00 20 00 a8 25 00 00 46 0e 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 12 0b 00 00 12 0b 00 00 00 01 00 00 00 01 00 00 c5 48 34 00 c9 54 41 00 c8 51 3e 00 d6 7f 71 00 f3 d9 d4 00 f0 cf c9 00 f1 d2 cd 00 d1 6f 60 00 d8 83 76 00 ef cc c6 00 c9 56 43 00 cc 60 4e 00 f2 d7 d3 00 ca 57 44 00 eb c0 b9 00 f3 d8 d4 00 c8 53 40 00 f1 d4 cf 00 c8 52 3f 00 f0 d1 cc 00 d6 7c 6e 00 d0 6c 5b 00 e1 9f 94 00 f4 db d7 00 da 89 7c 00 cf 69 58 00 ea be b7 00 de 96 8a 00 fe fd fd 00 d4 78 6a 00 d8 85 77 00 d5 7a 6b 00 c6 4a 37 00 c7 4e 3b 00 f3 d9 d5 00 c9 56 44 00 e7 b4 ac 00 dd 94 88 00 ff ff ff Data Ascii: 33eeh6 00 %F( H4TAQ>qo`vVC`NWDS@R?\|nl[\|iXxjwzkJ7N;VD
2025-01-29 16:32:20 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-29 16:32:20 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-29 16:32:20 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: (0` $
2025-01-29 16:32:20 UTC	1369	IN	Data Raw: 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 fe c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 fe c5 48 34 ff c5 Data Ascii: 4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4
2025-01-29 16:32:20 UTC	1369	IN	Data Raw: ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 fe c5 48 34 ff c5 46 32 ff c4 3d 22 fe c4 39 18 ff e1 b5 b1 ff ff ff ff fe fc f6 f6 ff c9 5d 4f ff c1 21 00 ff d5 91 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f3 e3 e2 ff c3 36 0f ff c1 18 00 ff e9 cc c9 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e0 b1 ae ff c0 00 00 ff c8 5b 4d ff fa f3 f3 ff ff ff ff ff ff ff ff ff ff ff ff ff fd f9 f9 ff cd 6f 66 ff c1 1a 00 ff ce 73 6a ff ff ff ff ff ff ff ff ff ee d6 d4 ff cb 66 5b ff c3 32 00 ff c5 45 2f ff c5 47 33 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 fe c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 fe c5 47 33 ff c4 41 29 ff c3 30 00 fe e1 b6 b3 ff ff ff ff ff ff ff ff fe f6 e9 e8 ff c7 53 Data Ascii: H4H4H4H4H4H4H4H4H4F2="9]O!6[Mofsjf[2E/G3H4H4H4H4H4H4H4H4G3A)0S
2025-01-29 16:32:20 UTC	1369	IN	Data Raw: c5 47 33 ff c5 42 2b fe c4 3d 21 ff f2 e2 e1 ff ff ff ff fe ec d1 cf ff c2 25 00 ff c5 43 2c fe c5 47 33 ff c5 45 30 ff c2 22 00 ff d5 90 89 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f0 dc da ff c1 08 00 ff cf 7a 71 ff f7 ec eb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ef da d8 ff c9 5f 53 ff c3 36 11 ff c2 2a 00 ff dd ab a7 ff fc f8 f8 ff e0 b1 ae ff c3 2e 00 ff c4 3e 23 ff c5 46 31 ff c5 48 33 ff c5 47 33 ff c4 41 28 ff c3 31 00 ff f0 dc db ff ff ff ff ff f0 db d9 ff c3 35 0d ff c5 43 2d ff c5 48 33 ff c5 48 34 ff c5 48 34 fe c5 48 34 ff c5 48 34 ff c5 47 33 ff c5 43 2c ff c3 38 16 ff f1 de dd ff ff ff ff ff ee d8 d6 ff c2 2c 00 ff c5 42 2b ff c5 47 33 ff c4 40 28 ff ca 64 57 ff ea cb c9 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: G3B+=!%C,G3E0"zq_S6*.>#F1H3G3A(15C-H3H4H4H4H4G3C,8,B+G3@(dW
2025-01-29 16:32:20 UTC	1369	IN	Data Raw: d6 d4 ff ff ff ff ff ff ff ff ff fe fd fd ff f2 e0 de ff e6 c4 c1 ff d5 90 8a ff c3 33 07 ff c5 44 2e ff c5 47 33 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 47 32 ff c4 3d 21 ff c6 48 34 ff f4 e7 e5 ff ff ff ff ff f7 ec eb ff de ae aa ff cf 7b 73 ff c3 37 14 ff c3 34 0a ff c5 44 2d ff c5 47 32 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 fe c5 48 34 ff c5 47 33 ff c5 45 2f fe c3 36 11 ff c6 4b 37 ff e2 b8 b5 fe fb f6 f6 ff ff ff ff ff ff ff ff ff ff ff ff ff f8 ee ee ff c9 5c 4f ff c3 37 15 ff c5 46 31 ff c5 48 33 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff Data Ascii: 3D.G3H4H4H4H4H4H4H4H4H4H4H4H4G2=!H4{s74D-G2H4H4H4H4H4H4H4H4H4H4H4G3E/6K7\O7F1H3H4H4H4H4H4
2025-01-29 16:32:20 UTC	1369	IN	Data Raw: 2b ff c2 2b 00 ff cb 69 5e ff ea cc ca ff fe fc fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe fc fc ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f7 ed ec ff db a4 9f ff c4 3b 1d ff c3 38 17 ff c5 45 30 ff c5 47 33 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 fe c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 fe c5 48 34 ff c5 48 34 ff c5 48 34 fe c5 48 34 ff c5 48 34 ff c5 48 34 fe c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 47 32 ff c5 44 2e ff c3 36 10 ff c3 33 04 ff d1 81 7a ff e7 c5 c2 ff f6 eb ea ff fe fc fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb f6 f6 ff f0 dd dc ff dd aa a6 ff c9 5b 4d ff c2 Data Ascii: ++i^;8E0G3H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4G2D.63z[M
2025-01-29 16:32:20 UTC	1369	IN	Data Raw: ff c5 48 34 fe c5 48 34 fe c5 48 34 ff c5 48 34 fe c5 48 34 fe c5 48 34 ff c5 48 34 fe c5 48 34 fe c5 48 34 ff c5 48 34 fe c5 48 34 fe c5 48 34 ff c5 48 34 fe c5 48 34 fe c5 48 34 ff c5 48 34 fe c5 48 34 fe c5 48 34 ff c5 48 34 fe c5 48 34 fe c5 48 34 ff c5 48 34 fe c5 48 34 fe c5 48 34 ff c5 48 34 fe c5 48 34 fe c5 48 34 fe c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 34 ff c5 48 Data Ascii: H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H4H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49766	23.219.148.49	443	6968	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-29 16:32:21 UTC	353	OUT	GET /favicon.ico HTTP/1.1 Host: res.cloudinary.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-29 16:32:21 UTC	676	IN	HTTP/1.1 200 OK Content-Type: image/x-icon ETag: W/"670513d8-33ee" Last-Modified: Tue, 08 Oct 2024 11:13:28 GMT Date: Wed, 29 Jan 2025 16:32:21 GMT Content-Length: 13294 Connection: close Cache-Control: private, no-transform, max-age=0, no-cache, no-store Access-Control-Expose-Headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options Access-Control-Allow-Origin: * Accept-Ranges: bytes Timing-Allow-Origin: * Server: Cloudinary Strict-Transport-Security: max-age=604800 X-Content-Type-Options: nosniff Server-Timing: cld-akam;dur=5;start=2025-01-29T16:32:21.302Z;desc=hit,rtt;dur=150
2025-01-29 16:32:21 UTC	13294	IN	Data Raw: 00 00 01 00 03 00 10 10 00 00 01 00 08 00 68 05 00 00 36 00 00 00 20 20 00 00 01 00 08 00 a8 08 00 00 9e 05 00 00 30 30 00 00 01 00 20 00 a8 25 00 00 46 0e 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 01 00 00 12 0b 00 00 12 0b 00 00 00 01 00 00 00 01 00 00 c5 48 34 00 c9 54 41 00 c8 51 3e 00 d6 7f 71 00 f3 d9 d4 00 f0 cf c9 00 f1 d2 cd 00 d1 6f 60 00 d8 83 76 00 ef cc c6 00 c9 56 43 00 cc 60 4e 00 f2 d7 d3 00 ca 57 44 00 eb c0 b9 00 f3 d8 d4 00 c8 53 40 00 f1 d4 cf 00 c8 52 3f 00 f0 d1 cc 00 d6 7c 6e 00 d0 6c 5b 00 e1 9f 94 00 f4 db d7 00 da 89 7c 00 cf 69 58 00 ea be b7 00 de 96 8a 00 fe fd fd 00 d4 78 6a 00 d8 85 77 00 d5 7a 6b 00 c6 4a 37 00 c7 4e 3b 00 f3 d9 d5 00 c9 56 44 00 e7 b4 ac 00 dd 94 88 00 ff ff ff 00 d5 7b 6d 00 fa Data Ascii: h6 00 %F( H4TAQ>qo`vVC`NWDS@R?\|nl[\|iXxjwzkJ7N;VD{m

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49845	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-29 16:32:34 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 56 5a 6d 58 30 4c 68 65 55 32 57 77 32 7a 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 63 65 65 62 37 36 32 66 34 37 63 36 34 66 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: kVZmX0LheU2Ww2zN.1Context: eceeb762f47c64f4
2025-01-29 16:32:34 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-29 16:32:34 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6b 56 5a 6d 58 30 4c 68 65 55 32 57 77 32 7a 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 63 65 65 62 37 36 32 66 34 37 63 36 34 66 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 53 76 45 42 73 51 62 75 2b 78 39 53 4d 36 4d 6d 2b 49 6c 61 42 65 77 6c 59 54 5a 73 37 4f 74 2b 70 65 78 4a 4a 43 34 70 4e 57 71 42 52 4a 6f 6c 56 61 33 6c 48 78 32 57 4b 6b 64 41 71 39 64 4b 54 2b 4c 33 70 4b 44 69 35 38 78 4e 4e 77 62 65 4d 7a 70 4d 45 79 59 31 30 54 6b 61 73 39 33 2b 48 6d 66 76 6f 79 41 44 34 47 34 51 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: kVZmX0LheU2Ww2zN.2Context: eceeb762f47c64f4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbSvEBsQbu+x9SM6Mm+IlaBewlYTZs7Ot+pexJJC4pNWqBRJolVa3lHx2WKkdAq9dKT+L3pKDi58xNNwbeMzpMEyY10Tkas93+HmfvoyAD4G4Q
2025-01-29 16:32:34 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6b 56 5a 6d 58 30 4c 68 65 55 32 57 77 32 7a 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 63 65 65 62 37 36 32 66 34 37 63 36 34 66 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: kVZmX0LheU2Ww2zN.3Context: eceeb762f47c64f4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-29 16:32:34 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-29 16:32:34 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 63 31 63 48 54 36 2b 32 74 45 65 72 4e 4e 73 4b 53 48 53 66 4b 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: c1cHT6+2tEerNNsKSHSfKg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49951	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-29 16:32:52 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 5a 42 6c 4c 32 49 4f 76 4e 6b 6d 2f 34 31 34 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 32 35 65 35 37 63 64 65 63 35 64 63 32 36 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ZBlL2IOvNkm/414E.1Context: c25e57cdec5dc268
2025-01-29 16:32:52 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-29 16:32:52 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 5a 42 6c 4c 32 49 4f 76 4e 6b 6d 2f 34 31 34 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 32 35 65 35 37 63 64 65 63 35 64 63 32 36 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 53 76 45 42 73 51 62 75 2b 78 39 53 4d 36 4d 6d 2b 49 6c 61 42 65 77 6c 59 54 5a 73 37 4f 74 2b 70 65 78 4a 4a 43 34 70 4e 57 71 42 52 4a 6f 6c 56 61 33 6c 48 78 32 57 4b 6b 64 41 71 39 64 4b 54 2b 4c 33 70 4b 44 69 35 38 78 4e 4e 77 62 65 4d 7a 70 4d 45 79 59 31 30 54 6b 61 73 39 33 2b 48 6d 66 76 6f 79 41 44 34 47 34 51 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ZBlL2IOvNkm/414E.2Context: c25e57cdec5dc268<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbSvEBsQbu+x9SM6Mm+IlaBewlYTZs7Ot+pexJJC4pNWqBRJolVa3lHx2WKkdAq9dKT+L3pKDi58xNNwbeMzpMEyY10Tkas93+HmfvoyAD4G4Q
2025-01-29 16:32:52 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 5a 42 6c 4c 32 49 4f 76 4e 6b 6d 2f 34 31 34 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 32 35 65 35 37 63 64 65 63 35 64 63 32 36 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ZBlL2IOvNkm/414E.3Context: c25e57cdec5dc268<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-29 16:32:52 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-29 16:32:52 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4d 39 63 45 54 64 44 6f 51 55 71 56 30 66 30 51 49 53 55 79 4a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: M9cETdDoQUqV0f0QISUyJw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49998	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-29 16:33:11 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 68 71 69 55 45 66 36 4b 30 55 47 65 4d 7a 6a 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 38 66 62 32 33 39 32 31 32 31 63 37 33 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: hqiUEf6K0UGeMzjA.1Context: 1c8fb2392121c736
2025-01-29 16:33:11 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-29 16:33:11 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 68 71 69 55 45 66 36 4b 30 55 47 65 4d 7a 6a 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 38 66 62 32 33 39 32 31 32 31 63 37 33 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 53 76 45 42 73 51 62 75 2b 78 39 53 4d 36 4d 6d 2b 49 6c 61 42 65 77 6c 59 54 5a 73 37 4f 74 2b 70 65 78 4a 4a 43 34 70 4e 57 71 42 52 4a 6f 6c 56 61 33 6c 48 78 32 57 4b 6b 64 41 71 39 64 4b 54 2b 4c 33 70 4b 44 69 35 38 78 4e 4e 77 62 65 4d 7a 70 4d 45 79 59 31 30 54 6b 61 73 39 33 2b 48 6d 66 76 6f 79 41 44 34 47 34 51 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: hqiUEf6K0UGeMzjA.2Context: 1c8fb2392121c736<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbSvEBsQbu+x9SM6Mm+IlaBewlYTZs7Ot+pexJJC4pNWqBRJolVa3lHx2WKkdAq9dKT+L3pKDi58xNNwbeMzpMEyY10Tkas93+HmfvoyAD4G4Q
2025-01-29 16:33:11 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 68 71 69 55 45 66 36 4b 30 55 47 65 4d 7a 6a 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 63 38 66 62 32 33 39 32 31 32 31 63 37 33 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: hqiUEf6K0UGeMzjA.3Context: 1c8fb2392121c736<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-29 16:33:11 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-29 16:33:11 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4e 4c 76 39 55 57 55 36 56 6b 57 5a 5a 42 49 58 65 39 53 71 37 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: NLv9UWU6VkWZZBIXe9Sq7w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	50002	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-29 16:33:38 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 2f 52 63 31 4a 52 4c 75 30 6b 53 73 2f 34 5a 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 63 37 38 65 34 30 64 65 66 63 61 37 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: /Rc1JRLu0kSs/4Zr.1Context: 94c78e40defca7c
2025-01-29 16:33:38 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-29 16:33:38 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 2f 52 63 31 4a 52 4c 75 30 6b 53 73 2f 34 5a 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 63 37 38 65 34 30 64 65 66 63 61 37 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 53 76 45 42 73 51 62 75 2b 78 39 53 4d 36 4d 6d 2b 49 6c 61 42 65 77 6c 59 54 5a 73 37 4f 74 2b 70 65 78 4a 4a 43 34 70 4e 57 71 42 52 4a 6f 6c 56 61 33 6c 48 78 32 57 4b 6b 64 41 71 39 64 4b 54 2b 4c 33 70 4b 44 69 35 38 78 4e 4e 77 62 65 4d 7a 70 4d 45 79 59 31 30 54 6b 61 73 39 33 2b 48 6d 66 76 6f 79 41 44 34 47 34 51 49 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: /Rc1JRLu0kSs/4Zr.2Context: 94c78e40defca7c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbSvEBsQbu+x9SM6Mm+IlaBewlYTZs7Ot+pexJJC4pNWqBRJolVa3lHx2WKkdAq9dKT+L3pKDi58xNNwbeMzpMEyY10Tkas93+HmfvoyAD4G4QI
2025-01-29 16:33:38 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 2f 52 63 31 4a 52 4c 75 30 6b 53 73 2f 34 5a 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 34 63 37 38 65 34 30 64 65 66 63 61 37 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: /Rc1JRLu0kSs/4Zr.3Context: 94c78e40defca7c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-29 16:33:39 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-29 16:33:39 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 39 33 2b 46 44 4c 77 50 74 45 61 38 53 53 41 70 4b 69 46 6c 63 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 93+FDLwPtEa8SSApKiFlcw.0Payload parsing failed.

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6280, Parent PID: 6120

Function Logs

General

Target ID:	1
Start time:	11:32:07
Start date:	29/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6968, Parent PID: 6280

Function Logs

General

Target ID:	3
Start time:	11:32:11
Start date:	29/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2476,i,9332338034156328529,9724105199883106818,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5684, Parent PID: 6120

Function Logs

General

Target ID:	4
Start time:	11:32:17
Start date:	29/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6280, Parent PID: 6120

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Windows Analysis Report
https://res.cloudinary.com/dkz9eje69/image/upload/v1738080517/wlypzfbarhray47qsrol.jpg