Edit tour

Windows Analysis Report
http://emcid-allowlist.everymundo.workers.dev

Overview

General Information

Sample URL:	http://emcid-allowlist.everymundo.workers.dev
Analysis ID:	1327072
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3836 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2004,i,2426997089585987495,12326077457978431110,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3032 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://emcid-allowlist.everymundo.workers.dev MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2023-10-05-07; NID=511=nNadqW9uTcY0OP6I3afnr71o6EzaYLsdpW4UEYN3vYq_rbRrNFxM1jozPGuhjORBZKKMz2tdDpVe7dNuTWp4CyK-zt5Is6wVElveWAfKQgwNJiKKtXHCCCmrlgzZTl5CiKjTeA2iQqf6zlRK2h8wg1hVpIsWsaKqaWJyHMPF3JA

Source: unknown	HTTPS traffic detected: 96.7.232.109:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 96.7.232.109:443 -> 192.168.2.7:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.7:49722 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_3836_1945574933

Jump to behavior

Source: classification engine

Classification label: mal56.win@17/2@12/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2004,i,2426997089585987495,12326077457978431110,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://emcid-allowlist.everymundo.workers.dev
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2004,i,2426997089585987495,12326077457978431110,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://emcid-allowlist.everymundo.workers.dev	100%	Avira URL Cloud	phishing
http://emcid-allowlist.everymundo.workers.dev	1%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
emcid-allowlist.everymundo.workers.dev	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://emcid-allowlist.everymundo.workers.dev/favicon.ico	100%	Avira URL Cloud	phishing
https://emcid-allowlist.everymundo.workers.dev/	1%	Virustotal		Browse

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false		high
emcid-allowlist.everymundo.workers.dev	104.21.26.86	true	false	1%, Virustotal, Browse	unknown
accounts.google.com	142.250.68.77	true	false		high
www.google.com	142.250.72.164	true	false		high
clients.l.google.com	142.250.68.78	true	false		high
clients2.google.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://a.nel.cloudflare.com/report/v3?s=Lu%2FuvUZQmpQec4KeXSXBcKx9MtEXuDDKiAEEZ2T%2BuDeLz6jwnIHHTKvlhPaU5CXg5ENAe0rCYm13vA3XfG8aV9F39IzTiM9sjRnLNFSZFVOy2nlApFzZfDC80DYa7eK9zJmuIOwAFytTzD7M%2FNobpLIQqCxrEKWSIA%3D%3D	false		high
https://emcid-allowlist.everymundo.workers.dev/	false	1%, Virustotal, Browse	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://emcid-allowlist.everymundo.workers.dev/	false	1%, Virustotal, Browse	unknown
https://emcid-allowlist.everymundo.workers.dev/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v3?s=sI%2FeHMR4ldJxTktyI8RdD0Y4sYj0t3qisUoGf2e4pv3xMdSD3PD4hdMmojoScvrpo91UE%2F6vGWspTQMY%2FUTBZto%2FJzqnk0s5VHFPiLkEFvUmLvZqWGqUV00H2fBMr0oKHsT0RUUFPnHfIa21Z0rBuvykpTDx0EueaQ%3D%3D	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.72.164	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.67.135.202	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.68.77	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.68.78	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.22
192.168.2.7

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1327072
Start date and time:	2023-10-17 09:11:22 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://emcid-allowlist.everymundo.workers.dev
Analysis system description:	Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@17/2@12/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.12.131, 34.104.35.123, 8.252.71.126, 192.229.211.108, 142.250.189.3
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	17
Entropy (8bit):	3.4548223999466066
Encrypted:	false
SSDEEP:	3:RWWMLG2n:jMLG2
MD5:	6184A8E05E7B9AA94A32572B55986FC1
SHA1:	9194890B951AD29594825B24E9258111B05AA2AE
SHA-256:	E4FC0173ABB8E747943A97A8B98368A2225F85AC861EACE9B54316DB7EAE8F08
SHA-512:	0BCA6197B411D45840E47B3D355BC1BE0D99796FCCC58EA6C48B6431CAC1000D8066B064B865640556E82EC383DD15C11E96BD4787C7E88D4C58B3AE2F0277FE
Malicious:	false
Reputation:	low
URL:	https://emcid-allowlist.everymundo.workers.dev/
Preview:	Missing Paramters

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	17
Entropy (8bit):	3.4548223999466066
Encrypted:	false
SSDEEP:	3:RWWMLG2n:jMLG2
MD5:	6184A8E05E7B9AA94A32572B55986FC1
SHA1:	9194890B951AD29594825B24E9258111B05AA2AE
SHA-256:	E4FC0173ABB8E747943A97A8B98368A2225F85AC861EACE9B54316DB7EAE8F08
SHA-512:	0BCA6197B411D45840E47B3D355BC1BE0D99796FCCC58EA6C48B6431CAC1000D8066B064B865640556E82EC383DD15C11E96BD4787C7E88D4C58B3AE2F0277FE
Malicious:	false
Reputation:	low
URL:	https://emcid-allowlist.everymundo.workers.dev/favicon.ico
Preview:	Missing Paramters

Total Packets: 181
• 443 (HTTPS)
• 123 undefined
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 17, 2023 09:12:09.814461946 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 17, 2023 09:12:10.126817942 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 17, 2023 09:12:10.736052036 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 17, 2023 09:12:11.939244986 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 17, 2023 09:12:13.517203093 CEST	49675	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:13.517244101 CEST	49674	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:13.657836914 CEST	49672	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:14.345442057 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 17, 2023 09:12:14.974591017 CEST	443	49701	104.98.116.138	192.168.2.7
Oct 17, 2023 09:12:14.974647999 CEST	443	49701	104.98.116.138	192.168.2.7
Oct 17, 2023 09:12:14.974661112 CEST	443	49701	104.98.116.138	192.168.2.7
Oct 17, 2023 09:12:14.974723101 CEST	49701	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:14.974770069 CEST	49701	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:19.189112902 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 17, 2023 09:12:19.307391882 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 17, 2023 09:12:19.785835028 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 17, 2023 09:12:20.220921040 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.220951080 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:20.221023083 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.221452951 CEST	49704	443	192.168.2.7	142.250.68.77
Oct 17, 2023 09:12:20.221502066 CEST	443	49704	142.250.68.77	192.168.2.7
Oct 17, 2023 09:12:20.221580029 CEST	49704	443	192.168.2.7	142.250.68.77
Oct 17, 2023 09:12:20.221906900 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.221925020 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:20.222112894 CEST	49704	443	192.168.2.7	142.250.68.77
Oct 17, 2023 09:12:20.222127914 CEST	443	49704	142.250.68.77	192.168.2.7
Oct 17, 2023 09:12:20.603337049 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:20.603647947 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.603662968 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:20.604352951 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:20.604429007 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.605422020 CEST	443	49704	142.250.68.77	192.168.2.7
Oct 17, 2023 09:12:20.605577946 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:20.605634928 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.605735064 CEST	49704	443	192.168.2.7	142.250.68.77
Oct 17, 2023 09:12:20.605755091 CEST	443	49704	142.250.68.77	192.168.2.7
Oct 17, 2023 09:12:20.607110023 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.607177019 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:20.607244015 CEST	443	49704	142.250.68.77	192.168.2.7
Oct 17, 2023 09:12:20.607311964 CEST	49704	443	192.168.2.7	142.250.68.77
Oct 17, 2023 09:12:20.607992887 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.608000040 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:20.608531952 CEST	49704	443	192.168.2.7	142.250.68.77
Oct 17, 2023 09:12:20.608608961 CEST	443	49704	142.250.68.77	192.168.2.7
Oct 17, 2023 09:12:20.608689070 CEST	49704	443	192.168.2.7	142.250.68.77
Oct 17, 2023 09:12:20.608696938 CEST	443	49704	142.250.68.77	192.168.2.7
Oct 17, 2023 09:12:20.688950062 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 17, 2023 09:12:20.688971996 CEST	49704	443	192.168.2.7	142.250.68.77
Oct 17, 2023 09:12:20.707869053 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.974749088 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:20.975121975 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:20.975200891 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.975636005 CEST	49703	443	192.168.2.7	142.250.68.78
Oct 17, 2023 09:12:20.975653887 CEST	443	49703	142.250.68.78	192.168.2.7
Oct 17, 2023 09:12:21.009324074 CEST	443	49704	142.250.68.77	192.168.2.7
Oct 17, 2023 09:12:21.009540081 CEST	443	49704	142.250.68.77	192.168.2.7
Oct 17, 2023 09:12:21.009603977 CEST	49704	443	192.168.2.7	142.250.68.77
Oct 17, 2023 09:12:21.016232967 CEST	49704	443	192.168.2.7	142.250.68.77
Oct 17, 2023 09:12:21.016257048 CEST	443	49704	142.250.68.77	192.168.2.7
Oct 17, 2023 09:12:21.587769985 CEST	49707	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:21.587889910 CEST	443	49707	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:21.587979078 CEST	49707	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:21.590395927 CEST	49707	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:21.590455055 CEST	443	49707	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:21.932504892 CEST	443	49707	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:21.932837963 CEST	49707	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:21.932873011 CEST	443	49707	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:21.934530973 CEST	443	49707	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:21.934604883 CEST	49707	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:21.935787916 CEST	49707	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:21.935879946 CEST	443	49707	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:21.936144114 CEST	49707	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:21.936153889 CEST	443	49707	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.003251076 CEST	49707	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:22.184967995 CEST	49708	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:12:22.185009956 CEST	443	49708	142.250.72.164	192.168.2.7
Oct 17, 2023 09:12:22.185086966 CEST	49708	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:12:22.185364962 CEST	49708	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:12:22.185379028 CEST	443	49708	142.250.72.164	192.168.2.7
Oct 17, 2023 09:12:22.285310984 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 17, 2023 09:12:22.296283960 CEST	443	49707	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.296451092 CEST	443	49707	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.296542883 CEST	49707	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:22.299319983 CEST	49707	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:22.299371958 CEST	443	49707	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.466275930 CEST	49709	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:22.466327906 CEST	443	49709	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.466393948 CEST	49709	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:22.468902111 CEST	49709	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:22.468921900 CEST	443	49709	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.505440950 CEST	49710	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:22.505491972 CEST	443	49710	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:22.505558014 CEST	49710	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:22.505778074 CEST	49710	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:22.505789995 CEST	443	49710	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:22.548773050 CEST	443	49708	142.250.72.164	192.168.2.7
Oct 17, 2023 09:12:22.549005032 CEST	49708	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:12:22.549019098 CEST	443	49708	142.250.72.164	192.168.2.7
Oct 17, 2023 09:12:22.550008059 CEST	443	49708	142.250.72.164	192.168.2.7
Oct 17, 2023 09:12:22.550077915 CEST	49708	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:12:22.551187038 CEST	49708	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:12:22.551248074 CEST	443	49708	142.250.72.164	192.168.2.7
Oct 17, 2023 09:12:22.674334049 CEST	49708	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:12:22.674352884 CEST	443	49708	142.250.72.164	192.168.2.7
Oct 17, 2023 09:12:22.785588026 CEST	49708	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:12:22.813910007 CEST	443	49709	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.815622091 CEST	49709	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:22.815651894 CEST	443	49709	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.816246033 CEST	443	49709	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.818320990 CEST	49709	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:22.818413973 CEST	443	49709	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.818759918 CEST	49709	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:22.862454891 CEST	443	49709	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:22.864265919 CEST	443	49710	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:22.867228031 CEST	49710	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:22.867254972 CEST	443	49710	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:22.868825912 CEST	443	49710	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:22.868896961 CEST	49710	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:22.904118061 CEST	49710	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:22.904561996 CEST	443	49710	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:22.912887096 CEST	49710	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:22.912909985 CEST	443	49710	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:22.976176023 CEST	49710	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:23.182395935 CEST	443	49709	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:23.182599068 CEST	443	49709	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:23.182766914 CEST	49709	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:23.249612093 CEST	443	49710	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:23.249696970 CEST	443	49710	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:23.249764919 CEST	49710	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:23.261986017 CEST	49710	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:23.262008905 CEST	443	49710	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:23.264580965 CEST	49714	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:23.264602900 CEST	443	49714	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:23.264673948 CEST	49714	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:23.265085936 CEST	49714	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:23.265100002 CEST	443	49714	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:23.282819033 CEST	49675	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:23.282948017 CEST	49674	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:23.300492048 CEST	49709	443	192.168.2.7	172.67.135.202
Oct 17, 2023 09:12:23.300529003 CEST	443	49709	172.67.135.202	192.168.2.7
Oct 17, 2023 09:12:23.390769958 CEST	49672	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:23.625410080 CEST	443	49714	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:23.625716925 CEST	49714	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:23.625740051 CEST	443	49714	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:23.626233101 CEST	443	49714	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:23.626687050 CEST	49714	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:23.626768112 CEST	443	49714	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:23.626864910 CEST	49714	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:23.670469046 CEST	443	49714	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:24.016946077 CEST	443	49714	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:24.017096996 CEST	443	49714	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:24.017164946 CEST	49714	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:24.017438889 CEST	49714	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:12:24.017467976 CEST	443	49714	35.190.80.1	192.168.2.7
Oct 17, 2023 09:12:25.275269985 CEST	49715	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:25.275310040 CEST	443	49715	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:25.275396109 CEST	49715	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:25.278687954 CEST	49715	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:25.278704882 CEST	443	49715	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:25.376684904 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 17, 2023 09:12:25.622811079 CEST	443	49715	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:25.622972012 CEST	49715	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:25.628112078 CEST	49715	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:25.628119946 CEST	443	49715	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:25.628762007 CEST	443	49715	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:25.674266100 CEST	49715	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:25.757677078 CEST	49715	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:25.798453093 CEST	443	49715	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:25.936541080 CEST	443	49715	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:25.936933994 CEST	49715	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:25.936960936 CEST	443	49715	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:25.937028885 CEST	49715	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:25.937395096 CEST	443	49715	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:25.937475920 CEST	443	49715	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:25.937542915 CEST	49715	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:26.009344101 CEST	49716	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:26.009421110 CEST	443	49716	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:26.009527922 CEST	49716	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:26.010593891 CEST	49716	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:26.010627031 CEST	443	49716	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:26.346502066 CEST	443	49716	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:26.346816063 CEST	49716	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:26.348803997 CEST	49716	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:26.348813057 CEST	443	49716	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:26.349206924 CEST	443	49716	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:26.351222992 CEST	49716	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:26.394445896 CEST	443	49716	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:26.667320967 CEST	443	49716	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:26.681133986 CEST	443	49716	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:26.681262016 CEST	49716	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:26.681586981 CEST	49716	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:26.681612015 CEST	443	49716	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:26.681658030 CEST	49716	443	192.168.2.7	96.7.232.109
Oct 17, 2023 09:12:26.681667089 CEST	443	49716	96.7.232.109	192.168.2.7
Oct 17, 2023 09:12:28.798711061 CEST	49671	443	192.168.2.7	204.79.197.203
Oct 17, 2023 09:12:31.379857063 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 17, 2023 09:12:32.566293955 CEST	443	49708	142.250.72.164	192.168.2.7
Oct 17, 2023 09:12:32.566446066 CEST	443	49708	142.250.72.164	192.168.2.7
Oct 17, 2023 09:12:32.566562891 CEST	49708	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:12:33.026653051 CEST	49708	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:12:33.026684046 CEST	443	49708	142.250.72.164	192.168.2.7
Oct 17, 2023 09:12:34.112842083 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:34.112874031 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:34.113048077 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:34.116787910 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:34.116801977 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:34.173203945 CEST	49701	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:34.174567938 CEST	49701	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:34.176280975 CEST	49701	443	192.168.2.7	104.98.116.138
Oct 17, 2023 09:12:34.334640980 CEST	443	49701	104.98.116.138	192.168.2.7
Oct 17, 2023 09:12:34.335922956 CEST	443	49701	104.98.116.138	192.168.2.7
Oct 17, 2023 09:12:34.335964918 CEST	443	49701	104.98.116.138	192.168.2.7
Oct 17, 2023 09:12:34.337551117 CEST	443	49701	104.98.116.138	192.168.2.7
Oct 17, 2023 09:12:34.732556105 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:34.732795000 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:34.740782976 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:34.740814924 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:34.741278887 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:34.799223900 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:35.631320953 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:35.678459883 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.028199911 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.028234959 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.028244972 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.028292894 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.028322935 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.028336048 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.028343916 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:36.028371096 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.028403044 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:36.028441906 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:36.029203892 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.029268026 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:36.029277086 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.029293060 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.029350996 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:36.475158930 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:36.475158930 CEST	49717	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:12:36.475183010 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:36.475194931 CEST	443	49717	20.114.59.183	192.168.2.7
Oct 17, 2023 09:12:43.282599926 CEST	49677	443	192.168.2.7	20.50.201.200
Oct 17, 2023 09:13:04.080621958 CEST	49699	80	192.168.2.7	104.101.135.98
Oct 17, 2023 09:13:04.080694914 CEST	49700	443	192.168.2.7	173.222.225.94
Oct 17, 2023 09:13:04.242192984 CEST	80	49699	104.101.135.98	192.168.2.7
Oct 17, 2023 09:13:04.242368937 CEST	49699	80	192.168.2.7	104.101.135.98
Oct 17, 2023 09:13:04.273900032 CEST	443	49700	173.222.225.94	192.168.2.7
Oct 17, 2023 09:13:04.273931980 CEST	443	49700	173.222.225.94	192.168.2.7
Oct 17, 2023 09:13:04.274049044 CEST	49700	443	192.168.2.7	173.222.225.94
Oct 17, 2023 09:13:04.274082899 CEST	49700	443	192.168.2.7	173.222.225.94
Oct 17, 2023 09:13:13.264365911 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:13.264425039 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:13.264514923 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:13.267122984 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:13.267159939 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:13.875184059 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:13.875315905 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:13.879506111 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:13.879534960 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:13.879954100 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:13.910437107 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:13.954495907 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.456967115 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.457005024 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.457015038 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.457027912 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.457101107 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:14.457139015 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.457156897 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:14.457182884 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:14.457295895 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.457338095 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.457353115 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:14.457362890 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.457396030 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:14.457429886 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.457468987 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:14.466934919 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:14.466970921 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:14.467020035 CEST	49722	443	192.168.2.7	20.114.59.183
Oct 17, 2023 09:13:14.467031956 CEST	443	49722	20.114.59.183	192.168.2.7
Oct 17, 2023 09:13:22.244448900 CEST	49724	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:13:22.244541883 CEST	443	49724	142.250.72.164	192.168.2.7
Oct 17, 2023 09:13:22.244648933 CEST	49724	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:13:22.245201111 CEST	49724	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:13:22.245224953 CEST	443	49724	142.250.72.164	192.168.2.7
Oct 17, 2023 09:13:22.300790071 CEST	49725	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:22.300890923 CEST	443	49725	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:22.300985098 CEST	49725	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:22.302047968 CEST	49725	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:22.302082062 CEST	443	49725	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:22.605060101 CEST	443	49724	142.250.72.164	192.168.2.7
Oct 17, 2023 09:13:22.607085943 CEST	49724	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:13:22.607116938 CEST	443	49724	142.250.72.164	192.168.2.7
Oct 17, 2023 09:13:22.607741117 CEST	443	49724	142.250.72.164	192.168.2.7
Oct 17, 2023 09:13:22.621445894 CEST	49724	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:13:22.621707916 CEST	443	49724	142.250.72.164	192.168.2.7
Oct 17, 2023 09:13:22.655205965 CEST	443	49725	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:22.669897079 CEST	49725	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:22.669933081 CEST	443	49725	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:22.671405077 CEST	443	49725	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:22.673616886 CEST	49724	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:13:22.682476044 CEST	49725	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:22.682578087 CEST	443	49725	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:22.682706118 CEST	49725	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:22.730479956 CEST	443	49725	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.048423052 CEST	443	49725	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.048625946 CEST	443	49725	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.048707962 CEST	49725	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:23.055613041 CEST	49725	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:23.055648088 CEST	443	49725	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.058594942 CEST	49726	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:23.058669090 CEST	443	49726	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.058753014 CEST	49726	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:23.059395075 CEST	49726	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:23.059447050 CEST	443	49726	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.423506021 CEST	443	49726	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.436638117 CEST	49726	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:23.436676025 CEST	443	49726	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.437206984 CEST	443	49726	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.437644958 CEST	49726	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:23.437738895 CEST	443	49726	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.437810898 CEST	49726	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:23.482460022 CEST	443	49726	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.814245939 CEST	443	49726	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.814410925 CEST	443	49726	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:23.814477921 CEST	49726	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:23.847565889 CEST	49726	443	192.168.2.7	35.190.80.1
Oct 17, 2023 09:13:23.847613096 CEST	443	49726	35.190.80.1	192.168.2.7
Oct 17, 2023 09:13:32.605571032 CEST	443	49724	142.250.72.164	192.168.2.7
Oct 17, 2023 09:13:32.605658054 CEST	443	49724	142.250.72.164	192.168.2.7
Oct 17, 2023 09:13:32.605730057 CEST	49724	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:13:34.364273071 CEST	49724	443	192.168.2.7	142.250.72.164
Oct 17, 2023 09:13:34.364303112 CEST	443	49724	142.250.72.164	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 17, 2023 09:12:20.057106018 CEST	53319	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:20.057404041 CEST	58683	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:20.057883024 CEST	53725	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:20.058123112 CEST	62996	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:20.198360920 CEST	53	53576	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:20.219393015 CEST	53	53319	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:20.219702005 CEST	53	58683	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:20.220550060 CEST	53	62996	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:20.220673084 CEST	53	53725	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:21.205626011 CEST	53	49997	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:21.366641998 CEST	58569	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:21.367327929 CEST	52632	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:21.419971943 CEST	57500	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:21.420505047 CEST	61304	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:21.530390978 CEST	53	52632	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:21.531328917 CEST	53	58569	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:21.584129095 CEST	53	57500	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:21.585450888 CEST	53	61304	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:21.987354994 CEST	57784	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:21.987505913 CEST	61028	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:22.149279118 CEST	53	61028	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:22.149326086 CEST	53	57784	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:22.341578007 CEST	63733	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:22.342469931 CEST	50585	53	192.168.2.7	1.1.1.1
Oct 17, 2023 09:12:22.503927946 CEST	53	63733	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:22.504328012 CEST	53	50585	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:25.238074064 CEST	123	123	192.168.2.7	40.119.6.228
Oct 17, 2023 09:12:25.435873985 CEST	123	123	40.119.6.228	192.168.2.7
Oct 17, 2023 09:12:38.291532993 CEST	53	55737	1.1.1.1	192.168.2.7
Oct 17, 2023 09:12:57.338812113 CEST	53	52579	1.1.1.1	192.168.2.7
Oct 17, 2023 09:13:18.852926970 CEST	138	138	192.168.2.7	192.168.2.255
Oct 17, 2023 09:13:19.667315960 CEST	53	53958	1.1.1.1	192.168.2.7
Oct 17, 2023 09:13:20.180948019 CEST	53	59921	1.1.1.1	192.168.2.7

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 17, 2023 09:12:21.531440020 CEST	192.168.2.7	1.1.1.1	c21f	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 17, 2023 09:12:20.057106018 CEST	192.168.2.7	1.1.1.1	0x4997	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:20.057404041 CEST	192.168.2.7	1.1.1.1	0x968d	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Oct 17, 2023 09:12:20.057883024 CEST	192.168.2.7	1.1.1.1	0x386a	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:20.058123112 CEST	192.168.2.7	1.1.1.1	0x700c	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Oct 17, 2023 09:12:21.366641998 CEST	192.168.2.7	1.1.1.1	0x5e9a	Standard query (0)	emcid-allowlist.everymundo.workers.dev	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:21.367327929 CEST	192.168.2.7	1.1.1.1	0x18a3	Standard query (0)	emcid-allowlist.everymundo.workers.dev	65	IN (0x0001)	false
Oct 17, 2023 09:12:21.419971943 CEST	192.168.2.7	1.1.1.1	0xd93d	Standard query (0)	emcid-allowlist.everymundo.workers.dev	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:21.420505047 CEST	192.168.2.7	1.1.1.1	0x9415	Standard query (0)	emcid-allowlist.everymundo.workers.dev	65	IN (0x0001)	false
Oct 17, 2023 09:12:21.987354994 CEST	192.168.2.7	1.1.1.1	0x5451	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:21.987505913 CEST	192.168.2.7	1.1.1.1	0xe935	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 17, 2023 09:12:22.341578007 CEST	192.168.2.7	1.1.1.1	0x16f9	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:22.342469931 CEST	192.168.2.7	1.1.1.1	0xbe8b	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 17, 2023 09:12:20.219393015 CEST	1.1.1.1	192.168.2.7	0x4997	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 17, 2023 09:12:20.219393015 CEST	1.1.1.1	192.168.2.7	0x4997	No error (0)	clients.l.google.com		142.250.68.78	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:20.219702005 CEST	1.1.1.1	192.168.2.7	0x968d	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 17, 2023 09:12:20.220673084 CEST	1.1.1.1	192.168.2.7	0x386a	No error (0)	accounts.google.com		142.250.68.77	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:21.530390978 CEST	1.1.1.1	192.168.2.7	0x18a3	No error (0)	emcid-allowlist.everymundo.workers.dev			65	IN (0x0001)	false
Oct 17, 2023 09:12:21.531328917 CEST	1.1.1.1	192.168.2.7	0x5e9a	No error (0)	emcid-allowlist.everymundo.workers.dev		104.21.26.86	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:21.531328917 CEST	1.1.1.1	192.168.2.7	0x5e9a	No error (0)	emcid-allowlist.everymundo.workers.dev		172.67.135.202	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:21.584129095 CEST	1.1.1.1	192.168.2.7	0xd93d	No error (0)	emcid-allowlist.everymundo.workers.dev		172.67.135.202	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:21.584129095 CEST	1.1.1.1	192.168.2.7	0xd93d	No error (0)	emcid-allowlist.everymundo.workers.dev		104.21.26.86	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:21.585450888 CEST	1.1.1.1	192.168.2.7	0x9415	No error (0)	emcid-allowlist.everymundo.workers.dev			65	IN (0x0001)	false
Oct 17, 2023 09:12:22.149279118 CEST	1.1.1.1	192.168.2.7	0xe935	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 17, 2023 09:12:22.149326086 CEST	1.1.1.1	192.168.2.7	0x5451	No error (0)	www.google.com		142.250.72.164	A (IP address)	IN (0x0001)	false
Oct 17, 2023 09:12:22.503927946 CEST	1.1.1.1	192.168.2.7	0x16f9	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

emcid-allowlist.everymundo.workers.dev

https:

a.nel.cloudflare.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49703	142.250.68.78	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:20 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.134 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49704	142.250.68.77	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:20 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2023-10-05-07; NID=511=nNadqW9uTcY0OP6I3afnr71o6EzaYLsdpW4UEYN3vYq_rbRrNFxM1jozPGuhjORBZKKMz2tdDpVe7dNuTWp4CyK-zt5Is6wVElveWAfKQgwNJiKKtXHCCCmrlgzZTl5CiKjTeA2iQqf6zlRK2h8wg1hVpIsWsaKqaWJyHMPF3JA
2023-10-17 07:12:20 UTC	1	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.7	49714	35.190.80.1	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:23 UTC	7	OUT	POST /report/v3?s=Lu%2FuvUZQmpQec4KeXSXBcKx9MtEXuDDKiAEEZ2T%2BuDeLz6jwnIHHTKvlhPaU5CXg5ENAe0rCYm13vA3XfG8aV9F39IzTiM9sjRnLNFSZFVOy2nlApFzZfDC80DYa7eK9zJmuIOwAFytTzD7M%2FNobpLIQqCxrEKWSIA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 410 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-10-17 07:12:23 UTC	8	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 34 34 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 37 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 33 35 2e 32 30 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 65 6d 63 69 64 2d 61 6c 6c 6f 77 6c 69 73 Data Ascii: [{"age":44,"body":{"elapsed_time":877,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"172.67.135.202","status_code":400,"type":"http.error"},"type":"network-error","url":"https://emcid-allowlis

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	35.190.80.1	443	192.168.2.7	49714	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:24 UTC	8	IN	HTTP/1.1 200 OK content-length: 0 date: Tue, 17 Oct 2023 07:12:23 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.7	49715	96.7.232.109	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:25 UTC	8	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-10-17 07:12:25 UTC	9	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2578) X-CID: 11 Cache-Control: public, max-age=21995 Date: Tue, 17 Oct 2023 07:12:25 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.7	49716	96.7.232.109	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:26 UTC	9	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-10-17 07:12:26 UTC	9	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0Fz4RYwAAAACZW8dCTzveR7lI76J6Z2l5U0pDRURHRTA1MTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=21960 Date: Tue, 17 Oct 2023 07:12:26 GMT Content-Length: 55 Connection: close X-CID: 2
2023-10-17 07:12:26 UTC	10	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.7	49717	20.114.59.183	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:35 UTC	10	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BYEa5c+mMw6MumD&MD=wEMXF+S3 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-10-17 07:12:36 UTC	10	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 700bbc19-e2f5-4a40-8c05-ed3ddad6dd7b MS-RequestId: c2713a89-a06d-4d3d-b56c-9afc661ce4c6 MS-CV: 732asHj/fEyW8WZE.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 17 Oct 2023 07:12:35 GMT Connection: close Content-Length: 24490
2023-10-17 07:12:36 UTC	11	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-10-17 07:12:36 UTC	26	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.7	49722	20.114.59.183	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:13:13 UTC	35	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BYEa5c+mMw6MumD&MD=wEMXF+S3 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-10-17 07:13:14 UTC	35	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: d97b3210-c250-4002-a1bd-07653a27bd1a MS-RequestId: b169b2e8-2d31-49d5-8b66-1bb5ecfee5cf MS-CV: vJ203Mwngku1fxfb.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 17 Oct 2023 07:13:13 GMT Connection: close Content-Length: 25457
2023-10-17 07:13:14 UTC	35	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-10-17 07:13:14 UTC	51	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.7	49725	35.190.80.1	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:13:22 UTC	60	OUT	OPTIONS /report/v3?s=sI%2FeHMR4ldJxTktyI8RdD0Y4sYj0t3qisUoGf2e4pv3xMdSD3PD4hdMmojoScvrpo91UE%2F6vGWspTQMY%2FUTBZto%2FJzqnk0s5VHFPiLkEFvUmLvZqWGqUV00H2fBMr0oKHsT0RUUFPnHfIa21Z0rBuvykpTDx0EueaQ%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://emcid-allowlist.everymundo.workers.dev Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	35.190.80.1	443	192.168.2.7	49725	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:13:23 UTC	61	IN	HTTP/1.1 200 OK content-length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 17 Oct 2023 07:13:22 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.7	49726	35.190.80.1	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:13:23 UTC	61	OUT	POST /report/v3?s=sI%2FeHMR4ldJxTktyI8RdD0Y4sYj0t3qisUoGf2e4pv3xMdSD3PD4hdMmojoScvrpo91UE%2F6vGWspTQMY%2FUTBZto%2FJzqnk0s5VHFPiLkEFvUmLvZqWGqUV00H2fBMr0oKHsT0RUUFPnHfIa21Z0rBuvykpTDx0EueaQ%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 471 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-10-17 07:13:23 UTC	62	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 39 30 33 38 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 37 39 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 65 6d 63 69 64 2d 61 6c 6c 6f 77 6c 69 73 74 2e 65 76 65 72 79 6d 75 6e 64 6f 2e 77 6f 72 6b 65 72 73 2e 64 65 76 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 33 35 2e 32 30 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 Data Ascii: [{"age":59038,"body":{"elapsed_time":796,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://emcid-allowlist.everymundo.workers.dev/","sampling_fraction":1.0,"server_ip":"172.67.135.202","status_code":400,"type":"http.error"},"t

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	35.190.80.1	443	192.168.2.7	49726	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:13:23 UTC	62	IN	HTTP/1.1 200 OK content-length: 0 date: Tue, 17 Oct 2023 07:13:23 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	142.250.68.78	443	192.168.2.7	49703	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:20 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-xNCnEbxb1I2ePdDeM7iE7Q' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 17 Oct 2023 07:12:20 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6133 X-Daystart: 740 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-10-17 07:12:20 UTC	2	IN	Data Raw: 32 63 37 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 33 33 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 37 34 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 73 Data Ascii: 2c7<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6133" elapsed_seconds="740"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname="" s
2023-10-17 07:12:20 UTC	2	IN	Data Raw: 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-10-17 07:12:20 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	142.250.68.77	443	192.168.2.7	49704	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:21 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 17 Oct 2023 07:12:20 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: script-src 'report-sample' 'nonce-AbdizuEJGW_w5K8mdg57GQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-10-17 07:12:21 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-10-17 07:12:21 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.7	49707	172.67.135.202	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:21 UTC	4	OUT	GET / HTTP/1.1 Host: emcid-allowlist.everymundo.workers.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	172.67.135.202	443	192.168.2.7	49707	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:22 UTC	5	IN	HTTP/1.1 400 Bad Request Date: Tue, 17 Oct 2023 07:12:22 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 17 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lu%2FuvUZQmpQec4KeXSXBcKx9MtEXuDDKiAEEZ2T%2BuDeLz6jwnIHHTKvlhPaU5CXg5ENAe0rCYm13vA3XfG8aV9F39IzTiM9sjRnLNFSZFVOy2nlApFzZfDC80DYa7eK9zJmuIOwAFytTzD7M%2FNobpLIQqCxrEKWSIA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8176bb9ab84108a7-LAX alt-svc: h3=":443"; ma=86400
2023-10-17 07:12:22 UTC	5	IN	Data Raw: 4d 69 73 73 69 6e 67 20 50 61 72 61 6d 74 65 72 73 Data Ascii: Missing Paramters

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.7	49709	172.67.135.202	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:22 UTC	5	OUT	GET /favicon.ico HTTP/1.1 Host: emcid-allowlist.everymundo.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://emcid-allowlist.everymundo.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.7	49710	35.190.80.1	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:22 UTC	6	OUT	OPTIONS /report/v3?s=Lu%2FuvUZQmpQec4KeXSXBcKx9MtEXuDDKiAEEZ2T%2BuDeLz6jwnIHHTKvlhPaU5CXg5ENAe0rCYm13vA3XfG8aV9F39IzTiM9sjRnLNFSZFVOy2nlApFzZfDC80DYa7eK9zJmuIOwAFytTzD7M%2FNobpLIQqCxrEKWSIA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://emcid-allowlist.everymundo.workers.dev Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	172.67.135.202	443	192.168.2.7	49709	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:23 UTC	6	IN	HTTP/1.1 400 Bad Request Date: Tue, 17 Oct 2023 07:12:23 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 17 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sI%2FeHMR4ldJxTktyI8RdD0Y4sYj0t3qisUoGf2e4pv3xMdSD3PD4hdMmojoScvrpo91UE%2F6vGWspTQMY%2FUTBZto%2FJzqnk0s5VHFPiLkEFvUmLvZqWGqUV00H2fBMr0oKHsT0RUUFPnHfIa21Z0rBuvykpTDx0EueaQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8176bba04a3352bf-LAX alt-svc: h3=":443"; ma=86400
2023-10-17 07:12:23 UTC	7	IN	Data Raw: 4d 69 73 73 69 6e 67 20 50 61 72 61 6d 74 65 72 73 Data Ascii: Missing Paramters

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	35.190.80.1	443	192.168.2.7	49710	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-17 07:12:23 UTC	7	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 17 Oct 2023 07:12:23 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	09:12:13
Start date:	17/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	09:12:15
Start date:	17/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2004,i,2426997089585987495,12326077457978431110,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	09:12:20
Start date:	17/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://emcid-allowlist.everymundo.workers.dev
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: emcid-allowlist.everymundo.workers.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: emcid-allowlist.everymundo.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://emcid-allowlist.everymundo.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BYEa5c+mMw6MumD&MD=wEMXF+S3 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BYEa5c+mMw6MumD&MD=wEMXF+S3 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.232.109
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://emcid-allowlist.everymundo.workers.dev

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3836, Parent PID: 6244

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Windows Analysis Report
http://emcid-allowlist.everymundo.workers.dev