Edit tour

Windows Analysis Report
http://becorsolaom.com

Overview

General Information

Sample URL:	http://becorsolaom.com
Analysis ID:	1676581
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2216,i,16619801991616152303,16160226599429284375,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2240 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://becorsolaom.com" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://becorsolaom.com/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.45.197.116:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 192.178.49.195
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1host: becorsolaom.comupgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1host: becorsolaom.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagereferer: https://becorsolaom.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=57BTGxa3mGnGvh7&MD=hxbKXg9z HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=57BTGxa3mGnGvh7&MD=hxbKXg9z HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: becorsolaom.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not Foundserver: nginxdate: Mon, 28 Apr 2025 18:24:40 GMTcontent-type: text/plain; charset=utf-8content-length: 9

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.45.197.116:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@22/2@6/3

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2216,i,16619801991616152303,16160226599429284375,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2240 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://becorsolaom.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2216,i,16619801991616152303,16160226599429284375,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2240 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://becorsolaom.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.69.4	true	false		high
becorsolaom.com	139.45.197.116	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://becorsolaom.com/	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.69.4	www.google.com	United States		15169	GOOGLEUS	false
139.45.197.116	becorsolaom.com	Netherlands		9002	RETN-ASEU	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1676581
Start date and time:	2025-04-28 20:23:33 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://becorsolaom.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@22/2@6/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.69.3, 142.250.68.238, 142.250.101.84, 192.178.49.206, 199.232.210.172, 142.250.68.227, 184.29.183.29
Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://becorsolaom.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	9
Entropy (8bit):	2.94770277922009
Encrypted:	false
SSDEEP:	3:Obn:Obn
MD5:	9D1EAD73E678FA2F51A70A933B0BF017
SHA1:	D205CBD6783332A212C5AE92D73C77178C2D2F28
SHA-256:	0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
SHA-512:	935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34
Malicious:	false
Reputation:	low
URL:	https://becorsolaom.com/
Preview:	Not Found

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 101
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 28, 2025 20:24:31.820317984 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 28, 2025 20:24:32.203887939 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 28, 2025 20:24:32.835995913 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 28, 2025 20:24:33.063220024 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 28, 2025 20:24:34.195832968 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 28, 2025 20:24:36.674206018 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 28, 2025 20:24:37.972414970 CEST	49731	443	192.168.2.4	142.250.69.4
Apr 28, 2025 20:24:37.972461939 CEST	443	49731	142.250.69.4	192.168.2.4
Apr 28, 2025 20:24:37.972701073 CEST	49731	443	192.168.2.4	142.250.69.4
Apr 28, 2025 20:24:37.972814083 CEST	49731	443	192.168.2.4	142.250.69.4
Apr 28, 2025 20:24:37.972820997 CEST	443	49731	142.250.69.4	192.168.2.4
Apr 28, 2025 20:24:38.306204081 CEST	443	49731	142.250.69.4	192.168.2.4
Apr 28, 2025 20:24:38.306274891 CEST	49731	443	192.168.2.4	142.250.69.4
Apr 28, 2025 20:24:38.307679892 CEST	49731	443	192.168.2.4	142.250.69.4
Apr 28, 2025 20:24:38.307688951 CEST	443	49731	142.250.69.4	192.168.2.4
Apr 28, 2025 20:24:38.308373928 CEST	443	49731	142.250.69.4	192.168.2.4
Apr 28, 2025 20:24:38.359683990 CEST	49731	443	192.168.2.4	142.250.69.4
Apr 28, 2025 20:24:39.687278986 CEST	49733	80	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:39.687479973 CEST	49734	80	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:39.716958046 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:39.717001915 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:39.717153072 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:39.717367887 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:39.717374086 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:39.956670046 CEST	80	49734	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:39.956883907 CEST	49734	80	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:39.957513094 CEST	80	49733	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:39.957592964 CEST	49733	80	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:40.408782959 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 28, 2025 20:24:40.547310114 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:40.547372103 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:40.554490089 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:40.554522038 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:40.554744959 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:40.554749012 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:40.555031061 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:40.555037975 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:40.555195093 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:40.555771112 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:40.555816889 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:40.555952072 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:40.557231903 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:40.613315105 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:40.720088959 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 28, 2025 20:24:40.828736067 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:40.828998089 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:40.829046011 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:40.830055952 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:40.872143984 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:41.046632051 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:41.088296890 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:41.321439028 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:24:41.321531057 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 28, 2025 20:24:41.377183914 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:24:41.488022089 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 28, 2025 20:24:41.722851038 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 28, 2025 20:24:41.722851038 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 28, 2025 20:24:41.723381996 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 28, 2025 20:24:41.862859011 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 28, 2025 20:24:41.863178968 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 28, 2025 20:24:41.864248991 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 28, 2025 20:24:41.864326000 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 28, 2025 20:24:41.864497900 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 28, 2025 20:24:41.867027044 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 28, 2025 20:24:41.867039919 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 28, 2025 20:24:41.869168997 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 28, 2025 20:24:41.869730949 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 28, 2025 20:24:41.897159100 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 28, 2025 20:24:42.011218071 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 28, 2025 20:24:42.037022114 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 28, 2025 20:24:42.039356947 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 28, 2025 20:24:42.039383888 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 28, 2025 20:24:42.041161060 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 28, 2025 20:24:42.192919016 CEST	49738	443	192.168.2.4	131.253.33.254
Apr 28, 2025 20:24:42.192964077 CEST	443	49738	131.253.33.254	192.168.2.4
Apr 28, 2025 20:24:42.193025112 CEST	49738	443	192.168.2.4	131.253.33.254
Apr 28, 2025 20:24:42.193517923 CEST	49738	443	192.168.2.4	131.253.33.254
Apr 28, 2025 20:24:42.193526030 CEST	443	49738	131.253.33.254	192.168.2.4
Apr 28, 2025 20:24:42.531985044 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 28, 2025 20:24:42.700030088 CEST	443	49738	131.253.33.254	192.168.2.4
Apr 28, 2025 20:24:42.700113058 CEST	49738	443	192.168.2.4	131.253.33.254
Apr 28, 2025 20:24:44.021069050 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:44.021115065 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:44.021364927 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:44.022389889 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:44.022399902 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:44.585014105 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:44.585082054 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:44.588360071 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:44.588377953 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:44.589025021 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:44.641314983 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:44.664964914 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:44.665009975 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:44.666872978 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:44.668956041 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:44.670418978 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:44.671499968 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:44.719451904 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:44.938220978 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 28, 2025 20:24:45.032525063 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.032846928 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.032856941 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.032881975 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.032901049 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.032916069 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:45.032927036 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.032936096 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.032947063 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.032949924 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:45.032958031 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.032968044 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.032973051 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:45.032989979 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:45.033025980 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.033029079 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:45.034440994 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.034482956 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:45.550014019 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:45.550888062 CEST	443	49739	52.149.20.212	192.168.2.4
Apr 28, 2025 20:24:45.551119089 CEST	49739	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:24:49.750780106 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 28, 2025 20:24:51.085865974 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 28, 2025 20:24:59.358699083 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 28, 2025 20:25:16.328733921 CEST	49714	80	192.168.2.4	192.178.49.195
Apr 28, 2025 20:25:16.477175951 CEST	80	49714	192.178.49.195	192.168.2.4
Apr 28, 2025 20:25:22.110363960 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:22.110420942 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:22.110518932 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:22.110868931 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:22.110889912 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:22.653183937 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:22.653332949 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:22.656518936 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:22.656548023 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:22.657162905 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:22.662417889 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:22.662461042 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:22.662482023 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:22.662966967 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:22.663151026 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:22.663742065 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:22.703857899 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:23.018424034 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:23.018678904 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:23.018686056 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:23.018716097 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:23.018764019 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:23.018827915 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:23.018865108 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:23.018882036 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:23.018892050 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:23.018908978 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:23.018945932 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:23.018959999 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:23.018985987 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:23.020348072 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:23.029871941 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:23.030061960 CEST	443	49742	52.149.20.212	192.168.2.4
Apr 28, 2025 20:25:23.030118942 CEST	49742	443	192.168.2.4	52.149.20.212
Apr 28, 2025 20:25:23.313239098 CEST	49731	443	192.168.2.4	142.250.69.4
Apr 28, 2025 20:25:23.313251972 CEST	443	49731	142.250.69.4	192.168.2.4
Apr 28, 2025 20:25:24.969372034 CEST	49734	80	192.168.2.4	139.45.197.116
Apr 28, 2025 20:25:24.969579935 CEST	49733	80	192.168.2.4	139.45.197.116
Apr 28, 2025 20:25:25.238790989 CEST	80	49734	139.45.197.116	192.168.2.4
Apr 28, 2025 20:25:25.239912033 CEST	80	49733	139.45.197.116	192.168.2.4
Apr 28, 2025 20:25:26.328855991 CEST	49735	443	192.168.2.4	139.45.197.116
Apr 28, 2025 20:25:26.328874111 CEST	443	49735	139.45.197.116	192.168.2.4
Apr 28, 2025 20:25:38.503160954 CEST	49731	443	192.168.2.4	142.250.69.4
Apr 28, 2025 20:25:38.503520012 CEST	443	49731	142.250.69.4	192.168.2.4
Apr 28, 2025 20:25:38.503571033 CEST	49731	443	192.168.2.4	142.250.69.4
Apr 28, 2025 20:25:40.228513002 CEST	80	49734	139.45.197.116	192.168.2.4
Apr 28, 2025 20:25:40.228557110 CEST	80	49733	139.45.197.116	192.168.2.4
Apr 28, 2025 20:25:40.228755951 CEST	49734	80	192.168.2.4	139.45.197.116
Apr 28, 2025 20:25:40.228863955 CEST	49733	80	192.168.2.4	139.45.197.116
Apr 28, 2025 20:25:40.503241062 CEST	49734	80	192.168.2.4	139.45.197.116
Apr 28, 2025 20:25:40.503432989 CEST	49733	80	192.168.2.4	139.45.197.116
Apr 28, 2025 20:25:40.772567987 CEST	80	49734	139.45.197.116	192.168.2.4
Apr 28, 2025 20:25:40.774267912 CEST	80	49733	139.45.197.116	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 28, 2025 20:24:34.334923983 CEST	53	49526	1.1.1.1	192.168.2.4
Apr 28, 2025 20:24:34.569231987 CEST	53	54832	1.1.1.1	192.168.2.4
Apr 28, 2025 20:24:35.634258032 CEST	53	53499	1.1.1.1	192.168.2.4
Apr 28, 2025 20:24:37.830005884 CEST	61305	53	192.168.2.4	1.1.1.1
Apr 28, 2025 20:24:37.830058098 CEST	63550	53	192.168.2.4	1.1.1.1
Apr 28, 2025 20:24:37.970711946 CEST	53	61305	1.1.1.1	192.168.2.4
Apr 28, 2025 20:24:37.971148014 CEST	53	63550	1.1.1.1	192.168.2.4
Apr 28, 2025 20:24:39.504276037 CEST	53818	53	192.168.2.4	1.1.1.1
Apr 28, 2025 20:24:39.504698038 CEST	52871	53	192.168.2.4	1.1.1.1
Apr 28, 2025 20:24:39.532813072 CEST	55155	53	192.168.2.4	1.1.1.1
Apr 28, 2025 20:24:39.532947063 CEST	59917	53	192.168.2.4	1.1.1.1
Apr 28, 2025 20:24:39.686228991 CEST	53	52871	1.1.1.1	192.168.2.4
Apr 28, 2025 20:24:39.686252117 CEST	53	53818	1.1.1.1	192.168.2.4
Apr 28, 2025 20:24:39.702697992 CEST	53	55155	1.1.1.1	192.168.2.4
Apr 28, 2025 20:24:39.716351032 CEST	53	59917	1.1.1.1	192.168.2.4
Apr 28, 2025 20:24:52.695914984 CEST	53	59157	1.1.1.1	192.168.2.4
Apr 28, 2025 20:25:11.533184052 CEST	53	64889	1.1.1.1	192.168.2.4
Apr 28, 2025 20:25:33.943336010 CEST	53	58718	1.1.1.1	192.168.2.4
Apr 28, 2025 20:25:34.021132946 CEST	53	55382	1.1.1.1	192.168.2.4
Apr 28, 2025 20:25:40.007863998 CEST	138	138	192.168.2.4	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 28, 2025 20:24:37.830005884 CEST	192.168.2.4	1.1.1.1	0x913c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:24:37.830058098 CEST	192.168.2.4	1.1.1.1	0x3f86	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 28, 2025 20:24:39.504276037 CEST	192.168.2.4	1.1.1.1	0x3bec	Standard query (0)	becorsolaom.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:24:39.504698038 CEST	192.168.2.4	1.1.1.1	0x655f	Standard query (0)	becorsolaom.com	65	IN (0x0001)	false
Apr 28, 2025 20:24:39.532813072 CEST	192.168.2.4	1.1.1.1	0xf7dd	Standard query (0)	becorsolaom.com	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:24:39.532947063 CEST	192.168.2.4	1.1.1.1	0x2035	Standard query (0)	becorsolaom.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 28, 2025 20:24:37.970711946 CEST	1.1.1.1	192.168.2.4	0x913c	No error (0)	www.google.com	142.250.69.4	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:24:37.971148014 CEST	1.1.1.1	192.168.2.4	0x3f86	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 28, 2025 20:24:39.686252117 CEST	1.1.1.1	192.168.2.4	0x3bec	No error (0)	becorsolaom.com	139.45.197.116	A (IP address)	IN (0x0001)	false
Apr 28, 2025 20:24:39.702697992 CEST	1.1.1.1	192.168.2.4	0xf7dd	No error (0)	becorsolaom.com	139.45.197.116	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

becorsolaom.com

slscr.update.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	139.45.197.116	80	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Apr 28, 2025 20:25:24.969372034 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49733	139.45.197.116	80	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Apr 28, 2025 20:25:24.969579935 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	139.45.197.116	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-28 18:24:40 UTC	644	OUT	GET / HTTP/1.1 host: becorsolaom.com upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-fetch-site: none sec-fetch-mode: navigate sec-fetch-user: ?1 sec-fetch-dest: document accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=0, i
2025-04-28 18:24:40 UTC	138	IN	HTTP/1.1 404 Not Found server: nginx date: Mon, 28 Apr 2025 18:24:40 GMT content-type: text/plain; charset=utf-8 content-length: 9
2025-04-28 18:24:40 UTC	9	IN	Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found
2025-04-28 18:24:41 UTC	572	OUT	GET /favicon.ico HTTP/1.1 host: becorsolaom.com sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 sec-fetch-site: same-origin sec-fetch-mode: no-cors sec-fetch-dest: image referer: https://becorsolaom.com/ accept-encoding: identity accept-language: en-US,en;q=0.9 priority: u=1, i
2025-04-28 18:24:41 UTC	227	IN	HTTP/1.1 204 No Content server: nginx date: Mon, 28 Apr 2025 18:24:41 GMT expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000 pragma: public cache-control: public, must-revalidate, proxy-revalidate

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2025-04-28 18:24:45 UTC	309	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=57BTGxa3mGnGvh7&MD=hxbKXg9z HTTP/1.1 host: slscr.update.microsoft.com accept: / user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 accept-encoding: identity
2025-04-28 18:24:45 UTC	541	IN	HTTP/1.1 200 OK cache-control: no-cache pragma: no-cache content-type: application/octet-stream expires: -1 last-modified: Mon, 01 Jan 0001 00:00:00 GMT etag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" ms-correlationid: 7b7a9674-fbf9-4dc0-80a9-ba0246963174 ms-requestid: 07a8b281-3f5d-4b39-89fb-fa631522ea34 ms-cv: rtZ1bOqTO0KQYOEl.0 x-microsoft-slsclientcache: 2880 content-disposition: attachment; filename=environment.cab x-content-type-options: nosniff date: Mon, 28 Apr 2025 18:24:44 GMT content-length: 24490
2025-04-28 18:24:45 UTC	1460	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2025-04-28 18:24:45 UTC	1460	IN	Data Raw: c7 c3 8f 06 b6 24 05 3c f9 2c cb e0 99 86 1a f8 03 ca b3 04 d8 16 f0 f9 32 7f 28 14 e1 08 d8 03 b6 5f ca 00 2c ca e8 4f 1f 06 4e 31 f0 2f 3c 0e 0b 50 12 26 c4 00 85 7e 42 c0 00 c8 0f fa 0d c7 c3 a0 90 23 e5 21 63 33 1e a7 e6 2a f9 c3 ee 4b 69 ce 94 9b 68 c7 7b df ba c7 eb c3 55 b3 50 05 c8 b4 a7 ea a2 5e 5e cd 3a a2 aa 75 43 4b 97 f4 bd 25 ec 55 81 8f 48 6a d4 2b fb 61 52 86 d0 3b 01 14 b0 69 f4 31 7a b6 35 59 f1 51 9b 07 06 22 e9 3b 54 1f 1c 09 53 6c 08 99 9d 74 59 32 ad 33 42 5a f5 2c 05 bf b7 e9 cf 8f 5d 2c 89 c9 8a 5f 6c 65 4c 0c 6d 6a 3f 83 6c b8 bf a3 10 39 92 ad fd bc d8 94 f7 ca 6b ef 90 4b eb 87 76 34 1d 50 f6 0b 7d 4a 62 19 4b 92 ae d4 3f 79 3c 37 e1 2d 6c bc f7 fc 95 94 bd 9c f5 56 86 da 39 b9 b3 67 4c 1a 17 d4 27 59 97 fa bb 03 e7 1b 32 9c 5f Data Ascii: $<,2(_,ON1/<P&~B#!c3*Kih{UP^^:uCK%UHj+aR;i1z5YQ";TSltY23BZ,],_leLmj?l9kKv4P}JbK?y<7-lV9gL'Y2_
2025-04-28 18:24:45 UTC	1460	IN	Data Raw: 99 5f f0 57 d3 49 7b b2 e4 e5 c0 9e f2 e2 b5 17 92 26 2b c1 a3 c2 60 60 5d 36 2c de 60 61 ea e8 98 df 55 7a a8 91 e4 a9 84 e0 3b 6e 95 89 91 fc a7 0f 95 af 35 36 d1 a7 99 9e 88 5e 1c 90 6f 76 55 35 c9 a6 7b 9c 57 31 1c 7d 98 8c a5 d0 5c 66 01 23 08 79 a0 ac fd 28 e3 66 c4 5d bc 06 ed c2 ac 2e 85 85 1d 2c f9 63 f9 ae 62 0a e0 dc fd 65 e4 07 da 27 83 27 db 54 2f 30 4f ab 57 35 d0 e3 25 bc 3a 8a 0f 18 ab 06 65 1d c3 c6 d7 dc 20 e5 92 42 df 59 3a dd 99 b4 1e 33 04 f5 9c 31 69 0f ec 13 9b b8 7c 93 51 3a 5b 90 33 78 d9 c2 f9 a0 e5 54 1d b7 41 12 7c ea 48 f9 8b 32 9d cb 22 59 19 02 65 dd 61 fc 1e b6 2d 6d 85 1b 49 c9 9e 9d a6 e3 15 82 bd e8 4e 07 0a 96 41 09 6c 7a 91 fe 23 c6 ec 81 c3 34 b3 bc bd 6d 1b a2 f9 9d 9a 55 ad 27 0b b3 da 0d 82 7c 98 8d 2d 3b d6 c6 13 Data Ascii: _WI{&+``]6,`aUz;n56^ovU5{W1}\f#y(f].,cbe''T/0OW5%:e BY:31i\|Q:[3xTA\|H2"Yea-mINAlz#4mU'\|-;
2025-04-28 18:24:45 UTC	1460	IN	Data Raw: 2d 5f d0 00 d0 07 f4 72 f6 e6 e8 44 69 fd 25 5f 10 dc 3f 70 f7 40 41 25 f8 69 80 38 20 27 0e a0 36 fd 40 ab 6d 7e e0 7e 60 1f a0 bb cd 0f 54 fd d7 fc c0 df e9 fb c7 c8 07 c3 96 47 48 09 90 7f f5 08 49 7f e5 05 82 72 c3 a4 de 98 91 55 c3 ea 10 ce a3 13 c3 f7 12 97 f6 c4 ce d7 c2 d9 28 f3 83 ce ec 99 14 4b d4 be 03 9e 48 26 e8 06 e4 1c e3 a4 41 09 dd e2 d3 84 db 86 e8 d2 f6 fb 0d f2 bb 63 cb fd 6b 48 cc 83 a9 85 16 0a 62 17 34 a2 dc b2 5c 8e 5a 11 11 25 46 bc 99 aa 15 3b c9 46 0f 5f 5e b9 9a fd a8 03 36 50 d9 0b 10 d7 86 2a ed 8c d3 6e 1f ed e9 f0 96 84 f7 3b dc 1d 9e 09 6e c5 df da 17 74 23 13 af d2 ac 85 dd 4d 74 ea 15 fd 52 cf 64 7f b7 fa f3 19 03 d1 3c 1d f9 9e 49 c6 ae 97 08 66 b1 ba 94 91 c7 2a c7 ee c7 ef 55 45 e4 5e a7 ed 2e 5d 46 59 44 0d 4b 8d 93 Data Ascii: -_rDi%_?p@A%i8 '6@m~~`TGHIrU(KH&AckHb4\Z%F;F_^6Pn;nt#MtRd<IfUE^.]FYDK
2025-04-28 18:24:45 UTC	1460	IN	Data Raw: f4 d2 5b 0d c4 46 f4 08 0d 64 b7 dd 0e 23 c4 4a be c6 2c 08 e4 15 96 43 0e 90 12 6e 83 93 e4 22 73 bf 9c 43 a3 72 7e 18 32 1c 87 83 10 55 1d 3d 13 70 78 a0 df ea 3e bc 8f 9c f3 c9 cd b2 63 9f 56 68 27 2f ce f2 f7 d1 be 1e 37 ef db 07 4d 38 19 d3 72 07 4b 21 bd e4 5a 22 2f df 9c d9 42 cd 28 ce 46 7d 02 5e c0 3a 7d 59 8f ba 2b d9 8a 6a ee ee 00 2f 1d b9 28 fd 40 78 e3 bc e0 27 36 dd fd 43 d9 6a 3e 0d 73 ca 91 ee 0f 3d a6 1a b5 25 8c d1 15 8a d7 f8 93 2e 54 ac df 56 e1 7f ed 19 54 17 27 34 90 14 e3 70 8c 6c 7f ff 7e 4f 51 14 1e 4e 05 72 47 b2 4d 89 4e f9 67 77 f4 77 a9 eb f6 50 12 1e aa 0b b0 6d 8f 25 51 7d 17 52 f8 55 b8 68 f5 90 ab 07 5f 36 1f f1 e4 1e e5 fb f3 73 97 9a e6 1d ab bb ee b9 59 5a f2 3c e8 6d 9f be 51 7b 02 c0 7d d8 d6 01 4c 12 85 7b 05 e0 5e Data Ascii: [Fd#J,Cn"sCr~2U=px>cVh'/7M8rK!Z"/B(F}^:}Y+j/(@x'6Cj>s=%.TVT'4pl~OQNrGMNgwwPm%Q}RUh_6sYZ<mQ{}L{^
2025-04-28 18:24:45 UTC	1460	IN	Data Raw: 17 7a 50 e3 3d 37 50 78 c6 9b 00 9e b1 6c 93 1f 64 fc 47 28 e5 6f 7b 2c 3f 66 9c 1b c0 91 91 7f f1 eb 59 11 28 38 61 06 ff bf 92 d0 14 5f 4d 0f e8 d9 e9 00 5a 30 6e 48 2f 23 03 13 4d 57 f0 f8 e5 8d 51 9b 88 0d f9 1d 57 58 98 cf e8 0b 8c f6 eb 9c da ff e4 4a 13 15 29 0c 69 75 94 79 e3 95 50 e5 48 e0 90 99 54 fe c5 90 26 13 97 27 85 89 ed 99 b4 32 69 b3 23 07 e3 9e fb e7 e2 e9 27 ff d9 3c 6e 78 48 c3 3d 4c b0 78 83 47 97 43 99 4b fa 65 6a 2b a5 20 16 23 d3 dd e2 46 1d 6b 79 16 e2 7b e7 3e e7 71 eb 7f c8 e3 4a 49 a0 64 7e e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 ff ab f3 b8 5d a3 0e 92 5e 1d d9 33 07 9d b4 5a 5b 1f 36 94 07 fb 31 44 46 72 24 1d af 77 ba 94 e6 6b df 96 Data Ascii: zP=7PxldG(o{,?fY(8a_MZ0nH/#MWQWXJ)iuyPHT&'2i#'<nxH=LxGCKej+ #Fky{>qJId~qqqqqqqqqqqqqqq]^3Z[61DFr$wk
2025-04-28 18:24:45 UTC	1460	IN	Data Raw: 72 61 74 69 6f 6e 73 20 50 75 65 72 74 6f 20 52 69 63 6f 31 16 30 14 06 03 55 04 05 13 0d 32 33 30 38 32 39 2b 34 35 34 32 33 37 30 1f 06 03 55 1d 23 04 18 30 16 80 14 ad 94 76 8f 83 ad 0e 03 a3 e8 3b b0 d7 34 68 d4 79 3a 7d dc 30 60 06 03 55 1d 1f 04 59 30 57 30 55 a0 53 a0 51 86 4f 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 72 6c 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 70 64 61 74 65 25 32 30 53 69 67 6e 69 6e 67 25 32 30 43 41 25 32 30 32 2e 31 2e 63 72 6c 30 6d 06 08 2b 06 01 05 05 07 01 01 04 61 30 5f 30 5d 06 08 2b 06 01 05 05 07 30 02 86 51 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 65 72 74 73 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 Data Ascii: rations Puerto Rico10U230829+4542370U#0v;4hy:}0`UY0W0USQOhttp://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl0m+a0_0]+0Qhttp://www.microsoft.com/pkiops/certs/Microsoft%20U
2025-04-28 18:24:45 UTC	1460	IN	Data Raw: 6c d5 21 c9 b8 50 68 05 c3 e4 09 c9 bd 51 c9 5f 6d 75 4f 8d 35 30 c5 8c c1 83 b2 1f 93 b5 72 6f d2 44 90 1d ed 7f 13 a9 7d 53 24 9c aa 46 c0 8f c5 c5 be bf c8 55 14 fe 87 35 fe cd d5 7e 02 d2 87 68 00 c9 b8 d7 44 cb 71 db a4 8b b3 e0 0e a6 0b ce 12 7d f6 68 dc c0 91 31 f8 59 2c 2c f5 d5 d1 2e 08 9d 2b 30 6a 6e aa ad 9e 16 4e 27 d0 ba 3b 1a 81 30 43 38 92 87 e1 6c 6f 43 3d 2d 4e 1f 0d 10 c1 f8 fa bc 84 c8 93 c3 9e 47 fc b6 fa d1 2f b6 af 39 3e 9c 3f 1c f1 4d a4 16 d3 0a e2 e7 4e f5 37 88 03 46 8e 1e cc 77 c1 47 d3 44 b7 e4 35 23 db eb 20 cb 2a f5 57 ae 2e 00 3b 6b e6 a3 6e 05 99 70 bb 76 3b d8 3c b4 76 f6 28 15 3a 25 d4 26 a4 08 9f d9 7e 7b 44 8a b7 15 8a c6 c5 78 2a 9d 32 c4 83 7b b9 6e 42 14 99 5d 49 7f 45 99 57 a7 33 77 44 1a ff 47 a3 71 b7 b0 b1 56 8a Data Ascii: l!PhQ_muO50roD}S$FU5~hDq}h1Y,,.+0jnN';0C8loC=-NG/9>?MN7FwGD5# W.;knpv;<v(:%&~{Dx2{nB]IEW3wDGqV
2025-04-28 18:24:45 UTC	1460	IN	Data Raw: 42 06 0a 2b 06 01 04 01 82 37 02 01 0c 31 34 30 32 a0 14 80 12 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 a1 1a 80 18 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 04 82 01 00 3d cd 0e 0a 7b 43 82 69 14 76 9b c2 1b 25 6c 3f 01 d0 b8 bb 6f e9 4d 62 55 f3 7a 5b c4 05 04 2e 09 48 41 fd e9 13 24 1e f0 71 f0 79 9e 8e a7 ea d7 72 49 9f 71 e8 41 4c 0a 8e 69 71 3c 8f e9 56 c5 9d a0 e6 3c df 48 88 1c cf 7f eb a0 34 f3 ff 37 ca 6d 9f c7 86 eb 12 35 0a 45 a5 81 a8 f8 53 6d c6 11 4e ef 37 77 2a 73 bf 08 f9 ee ba 8d b8 48 1a 93 32 44 3a cd 7c 41 2d e3 20 7e 34 a2 7c 2b 93 92 2f 0a 5f 17 c8 65 98 79 74 bb e7 1c 1a e2 6c a4 15 db cf ae 5b 18 f9 9a 82 ab 98 f5 13 93 f3 0f 89 71 a4 2f c0 7e Data Ascii: B+71402Microsofthttp://www.microsoft.com0H={Civ%l?oMbUz[.HA$qyrIqALiq<V<H47m5ESmN7wsH2D:\|A- ~4\|+/_eytl[q/~
2025-04-28 18:24:45 UTC	1460	IN	Data Raw: a3 82 01 1b 30 82 01 17 30 1d 06 03 55 1d 0e 04 16 04 14 ec 97 76 68 29 fe 13 4f cd 74 c6 25 18 f2 00 7c da 7d d7 a7 30 1f 06 03 55 1d 23 04 18 30 16 80 14 d5 63 3a 5c 8a 31 90 f3 43 7b 7c 46 1b c5 33 68 5a 85 6d 55 30 56 06 03 55 1d 1f 04 4f 30 4d 30 4b a0 49 a0 47 86 45 68 74 74 70 3a 2f 2f 63 72 6c 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 72 6c 2f 70 72 6f 64 75 63 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 6c 30 5a 06 08 2b 06 01 05 05 07 01 01 04 4e 30 4c 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 65 72 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 74 30 0c 06 Data Ascii: 00Uvh)Ot%\|}0U#0c:\1C{\|F3hZmU0VUO0M0KIGEhttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z+N0L0J+0>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2025-04-28 18:25:23 UTC	309	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=57BTGxa3mGnGvh7&MD=hxbKXg9z HTTP/1.1 host: slscr.update.microsoft.com accept: / user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 accept-encoding: identity
2025-04-28 18:25:23 UTC	541	IN	HTTP/1.1 200 OK cache-control: no-cache pragma: no-cache content-type: application/octet-stream expires: -1 last-modified: Mon, 01 Jan 0001 00:00:00 GMT etag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" ms-correlationid: 618194cf-ceb7-48a7-a853-1cb290d166b8 ms-requestid: 0be03b4c-03dc-4707-924c-6b7fb978345b ms-cv: LSDnzrUDaEWmxchv.0 x-microsoft-slsclientcache: 1440 content-disposition: attachment; filename=environment.cab x-content-type-options: nosniff date: Mon, 28 Apr 2025 18:25:22 GMT content-length: 30005
2025-04-28 18:25:23 UTC	1460	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2025-04-28 18:25:23 UTC	1460	IN	Data Raw: 25 dc 93 6a 9f d2 e0 c1 ea a0 79 31 c4 ab 34 9c e1 43 a8 b3 7e 55 3a 43 6e 5b 8c bc 1c ac b5 c5 db f6 d5 6b 9a 98 b7 61 91 ec 20 ed 8b 6b 6b 17 65 25 d4 6a aa b6 ca 84 bd 36 98 48 0e 5e cd 7c b0 80 4f 8a 29 1a bd 79 0a 95 15 94 2c 8d 46 d3 90 66 2a a1 20 71 50 9b 63 14 ba 66 53 25 93 57 c9 de 70 e3 0a f9 95 e5 f6 30 46 8b 99 e7 52 08 31 34 2a fb 7b 19 1f 7d d2 b0 1d 12 db 90 d7 13 2b 94 d3 2c 24 3c da 5c c7 eb 72 6a b9 b9 58 16 5c 90 d7 e5 cd 92 95 32 0d 6b cf 04 8d 4e 78 08 6b 05 10 2b 3f 35 f1 9b 05 cf 25 b3 f8 b8 80 45 47 a6 3f 98 fb 9d 6d bb 59 60 bf 35 2a 6a 71 da 05 32 46 9c 40 06 81 a2 d0 24 13 09 4e 44 ad c8 6d e0 34 6a 19 a9 18 60 e4 00 e9 b7 1d ae 08 07 c3 31 50 c7 68 68 e8 50 28 40 75 d8 01 17 46 0a 23 66 bd 70 60 ba 6d fe d2 9a c3 39 9c fb a0 Data Ascii: %jy14C~U:Cn[ka kke%j6H^\|O)y,Ff* qPcfS%Wp0FR14{}+,$<\rjX\2kNxk+?5%EG?mY`5jq2F@$NDm4j`1PhhP(@uF#fp`m9
2025-04-28 18:25:23 UTC	1460	IN	Data Raw: 88 13 d2 ca b4 06 b4 39 d4 f9 dc 75 86 ec f8 71 28 61 7c 4c c7 63 c8 ea 15 e7 75 7d 6d 29 70 2a 71 c0 e4 ec e9 97 37 59 2c ef da 63 ae b1 f3 e5 0b 3b cf df 39 d7 39 fa 82 03 6e ce 5d df 9a 7e b1 21 8c f5 e5 b9 a1 86 fb 42 cd 8f 80 65 85 b7 9b da 6d 66 ca ea e3 34 46 3b 0d 3a b7 43 5e 3d 7a 57 67 f5 fc 5c 06 83 b4 c2 d8 63 75 21 29 ed dd c1 86 8d 5d 43 f3 49 fd 3d 76 02 f5 6a 5c 57 4b 0c 0f 16 4c dc ae 2c 6b d6 f7 77 f2 a8 5d 45 e3 67 7b 15 83 04 9a 73 32 62 e8 67 d8 7e c1 4c 27 14 66 da 01 f8 70 cc af 50 49 02 86 a1 cc 11 74 0c 24 7f 15 ad 28 be 9d 40 0c 81 9d a0 c6 02 69 80 3c 40 a6 20 29 90 04 80 7d 78 26 1e ec 70 98 20 80 f0 1b 08 60 00 70 d4 d7 e1 d0 c7 a1 d0 95 43 18 82 b8 25 55 45 8c a6 3c b1 98 db 86 78 7d 26 94 17 d0 3b 82 42 0d 40 0d 50 49 53 4a Data Ascii: 9uq(a\|Lcu}m)p*q7Y,c;99n]~!Bemf4F;:C^=zWg\cu!)]CI=vj\WKL,kw]Eg{s2bg~L'fpPIt$(@i<@ )}x&p `pC%UE<x}&;B@PISJ
2025-04-28 18:25:23 UTC	1460	IN	Data Raw: 9e 4c 48 88 5f 1b 99 a2 79 07 02 1f 96 7e 0e 91 7d ff 94 85 f8 7a 67 50 22 aa 5f 9d b1 ea a1 e7 40 3d e0 af d4 09 80 e0 46 08 01 02 dc 7c 87 51 31 df 61 b4 fc b5 f8 5f f9 9c 7e 37 d4 2e 33 2b bb ab b5 2d 61 e9 d4 86 25 79 97 ff 9e 60 01 ae e6 85 4f 0d 70 27 cb 1c ca cd c6 bb 4c ee e3 f1 e7 bd 04 1a c4 ed 5f ae e6 74 15 34 ce df 79 d8 bc c2 5b 3a 92 70 aa 60 87 34 ac 37 4f 07 1b c3 55 5a 75 15 93 ac 8f 49 e2 e4 eb 89 76 36 16 f0 83 b7 d5 bb 9f 67 2f 58 2c 57 77 4a 51 b7 7d ea c5 74 6c 12 68 7c 96 77 f7 76 81 a8 ad 31 99 b2 9b a5 fe 82 2e a8 87 5d 00 c3 8c c5 2b de 55 90 4a db 4b 20 93 f0 89 59 6d 27 da 83 c9 06 97 5b cf e2 8c 3a da b1 f1 9f 15 df ae f8 48 9f 72 16 a2 76 86 7d ce 3a 98 57 9f df 1b d0 21 92 e5 7e 21 70 a6 89 08 f9 40 7b 4f 81 e4 ad 37 f1 88 Data Ascii: LH_y~}zgP"_@=F\|Q1a_~7.3+-a%y`Op'L_t4y[:p`47OUZuIv6g/X,WwJQ}tlh\|wv1.]+UJK Ym'[:Hrv}:W!~!p@{O7
2025-04-28 18:25:23 UTC	1460	IN	Data Raw: ec 5b ba a1 ad f4 7e b4 36 22 6b 2a 3a ea b1 10 bb 5a d2 82 b3 0d ce 73 7e 0e e7 48 44 3b 1f 73 dd 54 69 30 7d cb f8 b3 28 bf 32 cd a8 91 6d 34 ad bb 0e d6 22 89 e7 eb 96 b3 8a bc 59 04 0a 5e bc 0b 94 99 3b ef f8 9c bb b7 31 08 30 50 61 9f 34 7d fc aa 6a 32 22 64 fa 76 01 58 be a6 de 25 8f 4c df ca 78 6c 2b 26 9a 9a 4a 74 8f a6 d3 ed aa 44 e2 79 8f 57 ad 97 78 47 09 43 fb f6 b2 69 ae fa ed 0e a6 c8 bc 2d 77 e5 1a be 7a c9 bf 7a 38 df 8f 7f 89 5f 71 93 cd f1 3e a1 da 7c 03 1a 34 f3 b5 5b 8e 92 80 7b dc 29 5e 24 de 2a fe 87 0a 59 f2 e5 dc f9 04 df 73 8a c3 c5 46 cd eb bd 03 6e a2 52 ca 4d 3c 42 8a 91 90 5a 49 6b 4e fc c5 eb 6a e7 27 5f d7 d9 92 eb 99 80 dd 9e 5b 65 18 f5 33 5f 86 4c f2 90 bb f6 e7 d2 ac 36 6f 13 62 f5 9b 39 9d 78 c6 6f 1e a6 9f 96 13 48 6b Data Ascii: [~6"k:Zs~HD;sTi0}(2m4"Y^;10Pa4}j2"dvX%Lxl+&JtDyWxGCi-wzz8_q>\|4[{)^$YsFnRM<BZIkNj'_[e3_L6ob9xoHk
2025-04-28 18:25:23 UTC	1460	IN	Data Raw: e0 22 b7 3c 63 7a e6 a3 86 23 e7 30 2c a5 42 31 a2 ae 1d 00 01 77 ff 02 a6 f0 eb 0b 87 ba f9 f4 b0 9c 8b e6 cf 6e 16 c7 b8 4c f1 8c b4 47 9e 54 c6 be 45 47 91 4e 78 c0 25 c3 da 17 f4 70 5a ff 27 b0 83 21 21 a0 e4 ae fa e7 11 5b d1 a2 1b 58 46 ba 4f bb ee 07 59 6e f4 ab 0a 81 03 c1 db 6d e1 39 50 02 d9 13 3a ab 49 21 bc e7 4b f7 77 6a 95 6b 49 fb ce 2e 4c aa 8c 55 4e a9 ed f2 4b ba 33 65 99 89 da 5f 69 11 cd d0 da 26 9d ba bf 75 33 7c 68 ce 52 23 f7 6e bc 71 bd c0 f4 4c 0b 5d 99 f0 e8 ca 66 97 be 7a a9 35 72 a3 de 49 98 95 65 3a c9 e6 ee 0c cd 45 69 a7 49 e7 1e fb 4f 4f 15 f7 a3 06 9f 47 bd ab 57 ad de 78 c8 98 dc 16 dc f3 dc dc 55 83 32 68 7c fe e1 8e ea 62 90 73 ac a2 96 77 af 48 45 bf 78 17 b3 09 a7 a0 ca 83 66 1e 5a d1 e5 90 4f 7e a6 0b 01 21 3a 95 a5 Data Ascii: "<cz#0,B1wnLGTEGNx%pZ'!![XFOYnm9P:I!KwjkI.LUNK3e_i&u3\|hR#nqL]fz5rIe:EiIOOGWxU2h\|bswHExfZO~!:
2025-04-28 18:25:23 UTC	1460	IN	Data Raw: 32 1b 0a 18 02 7a 78 07 ff b7 e4 2c d8 df 5c 0f 2a b6 bb 00 9c 87 d0 82 ba 63 31 84 2a c7 46 98 eb 69 7b ca ce 9c e6 4a 57 82 55 9d 16 93 e4 b5 57 d0 fa 9c 13 8a fb e0 26 aa cb 42 66 b1 8c b9 47 81 8f 78 e3 fb 48 3f d3 f1 e2 b2 3b da 37 b9 e7 72 09 2f 28 74 c5 3e 08 59 00 a5 23 c9 e2 00 24 d9 ad 9f 24 21 fe a8 3a df 1f 25 21 0e a8 2a 9b 7f 22 09 51 ff 59 12 22 01 43 82 45 51 0d 42 bf 2f 09 89 de 9f 4c c9 db 61 c0 ef 3e d3 70 fe f1 53 0b 5c 79 ac ed 1b 14 3c 55 e6 4d a6 39 95 45 ed 70 7c 08 dc 92 bb c1 42 6b e0 27 49 08 37 a7 00 02 f1 4d 12 f2 3a 2b a0 03 08 78 f1 a7 6c c7 af 6c 11 f6 71 b6 48 c2 c1 c2 15 65 9e c7 e2 24 04 13 c0 70 d4 8d da 51 c3 da c6 c2 de fc 1b fb 24 28 0d 00 1c 00 9f 0c c0 21 2d c4 2b f0 af 6b 41 16 01 24 3a 0d 80 44 c3 38 a6 05 59 7f Data Ascii: 2zx,\c1Fi{JWUW&BfGxH?;7r/(t>Y#$$!:%!*"QY"CEQB/La>pS\y<UM9Ep\|Bk'I7M:+xllqHe$pQ$(!-+kA$:D8Y
2025-04-28 18:25:23 UTC	1460	IN	Data Raw: 7c 24 f8 a0 ce fd 7a 40 64 78 d4 ba d0 e2 f2 bf a4 fc f8 e2 50 c0 60 d0 a5 93 cd 3c de 94 69 0f 58 bd 36 18 c4 18 88 b1 82 8a 48 29 e9 2a 82 cf 65 09 86 26 8b dc 0b 7d bc be 1c f4 58 aa f5 29 c8 ea 5a 78 49 52 be 34 5b fd 1e 8f 4e 87 e0 ce 85 57 93 e2 f3 cf 81 d3 11 8f a5 b2 a4 79 d3 68 e4 07 e8 4e 36 bd 4c 8d 0d 77 9b 0b de f5 6b e4 6f e1 7f cd 83 97 50 96 71 e7 35 a7 8f 91 df 93 06 62 9c c9 b1 75 aa 1e 01 c3 a0 d1 c7 1f 72 06 82 e0 58 00 02 d7 0a cd a4 eb a5 3e 5d c7 86 55 ab e9 22 f1 63 09 2d 9d 13 3e 49 38 57 5c d8 83 67 c1 75 c5 48 f3 65 71 9a a2 b0 a6 47 e8 32 13 f5 41 d5 cc 6d 22 a3 c4 bb 85 55 d2 db 8a a2 79 30 ce 1e a7 f3 90 19 ec 12 95 c4 54 46 a6 8f 96 54 04 f3 6d 0c 27 c7 22 b3 1e f0 47 da b5 bb ec 28 a7 bb 79 3e 7f 40 cc 97 48 c3 94 f8 d8 df Data Ascii: \|$z@dxP`<iX6H)*e&}X)ZxIR4[NWyhN6LwkoPq5burX>]U"c->I8W\guHeqG2Am"Uy0TFTm'"G(y>@H
2025-04-28 18:25:23 UTC	1460	IN	Data Raw: 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 a9 9d 26 b6 7a 21 ff 73 7a 7d 44 18 6d a3 7f b8 a4 78 23 38 6f 6b cd 97 ef 3f 75 99 b5 f5 2a e7 7c f9 a2 de ed d8 f1 6e 7b d7 b0 43 9c ac ff 11 e2 94 7d 61 09 b5 51 4e 0f 1b 03 13 b4 e1 92 7e 9e 6b d5 a1 e0 c3 e3 f1 92 12 81 23 1d 9e 5b 8c 83 b9 a6 f2 ce fc 34 44 06 ee 97 6a 1a ad 7a 2a 89 47 bd 67 a2 d1 1b 21 b0 95 e8 29 23 38 98 10 56 c4 12 82 e9 48 03 14 04 7f bf 70 42 b6 d9 b6 04 1b 03 9c 67 15 67 02 d2 9d 6a ae 97 5b 7d 39 7e 4d a2 c1 ac 9f 7c 54 6e 51 8b bf 3d a5 80 c1 91 a9 64 bb 20 52 b5 85 97 b4 95 50 0a 41 6e 51 f1 ca cb 97 e4 bf 2a 74 93 cf a7 ba 48 88 0c 5f 19 af 70 7d 15 f1 9f 24 d6 9c 85 c7 06 de 82 3c 2b c3 8b fc 4e 4e e9 0e fa 79 68 26 98 fa e0 d5 Data Ascii: "0H0&z!sz}Dmx#8ok?u\|n{C}aQN~k#[4DjzGg!)#8VHpBggj[}9~M\|TnQ=d RPAnQtH_p}$<+NNyh&
2025-04-28 18:25:23 UTC	1460	IN	Data Raw: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 55 70 64 61 74 65 20 53 69 67 6e 69 6e 67 20 43 41 20 32 2e 33 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ac 39 80 cb 34 50 ca 26 3f 5d 76 26 ca d3 8c c1 1d 5c eb 30 97 c6 66 86 26 a6 d5 5d 5f 4f cd 80 4c 0f 67 ec 25 0c bb 39 11 3b 6e 86 fd c7 21 27 60 fc 80 7c 01 89 ad e8 6e cd bd d0 47 5f 58 6d 00 3b 46 57 99 7d 16 b3 76 12 8b ca 9d 86 6c 1d 70 9a 69 d4 45 fe ce 72 ea ca ca 94 60 9d 7c 73 Data Ascii: 10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Update Signing CA 2.30"0*H094P&?]v&\0f&]_OLg%9;n!'`\|nG_Xm;FW}vlpiEr`\|s

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4284, Parent PID: 6128

Function Logs

General

Target ID:	1
Start time:	14:24:28
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5932, Parent PID: 4284

Function Logs

General

Target ID:	2
Start time:	14:24:32
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2216,i,16619801991616152303,16160226599429284375,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2240 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6936, Parent PID: 6128

Function Logs

General

Target ID:	4
Start time:	14:24:38
Start date:	28/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://becorsolaom.com"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://becorsolaom.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 55

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4284, Parent PID: 6128

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Process Activities

Windows Analysis Report
http://becorsolaom.com