Edit tour

Windows Analysis Report
https://tzegilo.com/stattag.js

Overview

General Information

Sample URL:	https://tzegilo.com/stattag.js
Analysis ID:	1332456
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Creates files inside the system directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 408 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2124,i,7918544021414885137,10403579994920642758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4368 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tzegilo.com/stattag.js MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 26 Oct 2023 07:10:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=doszA%2BALBIsHJtjJjy5tXbWsSn6hcwlGiwTf46kk33atFs2APRBi39dDscZtN9sTQ8M7NYynFwYasdpukcd8EsTJTaUXI2Z0vuz6Zjl5VYPblkf2VrvCXfA6lC37PQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 81c0e13bb8710934-IADalt-svc: h3=":443"; ma=86400

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2023-10-04-13; NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4

Source: unknown	HTTPS traffic detected: 23.62.164.112:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.164.112:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49729 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_408_2004392106

Jump to behavior

Source: classification engine

Classification label: clean1.win@16/8@14/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2124,i,7918544021414885137,10403579994920642758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tzegilo.com/stattag.js
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2124,i,7918544021414885137,10403579994920642758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://tzegilo.com/stattag.js	0%	Avira URL Cloud	safe
https://tzegilo.com/stattag.js	0%	Virustotal		Browse

Source	Detection	Scanner	Link
tzegilo.com	0%	Virustotal	Browse
fleraprt.com	0%	Virustotal	Browse
flerap.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://tzegilo.com/favicon.ico	0%	Avira URL Cloud	safe
https://tzegilo.com/stattag.js	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
flerap.com	139.45.195.254	true	false	0%, Virustotal, Browse	unknown
tzegilo.com	104.21.12.37	true	false	0%, Virustotal, Browse	unknown
a.nel.cloudflare.com	35.190.80.1	true	false		high
accounts.google.com	142.251.167.84	true	false		high
fleraprt.com	139.45.195.254	true	false	0%, Virustotal, Browse	unknown
www.google.com	172.253.63.147	true	false		high
clients.l.google.com	142.250.31.102	true	false		high
clients2.google.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://tzegilo.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v3?s=doszA%2BALBIsHJtjJjy5tXbWsSn6hcwlGiwTf46kk33atFs2APRBi39dDscZtN9sTQ8M7NYynFwYasdpukcd8EsTJTaUXI2Z0vuz6Zjl5VYPblkf2VrvCXfA6lC37PQ%3D%3D	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://tzegilo.com/stattag.js	false	0%, Virustotal, Browse	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://tzegilo.com/stattag.js	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.167.84	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.12.37	tzegilo.com	United States	13335	CLOUDFLARENETUS	false
142.250.31.102	clients.l.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
139.45.195.254	flerap.com	Netherlands	9002	RETN-ASEU	false
172.253.63.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1332456
Start date and time:	2023-10-26 09:09:35 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://tzegilo.com/stattag.js
Analysis system description:	Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/8@14/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.31.94, 34.104.35.123, 192.229.211.108, 69.164.0.0, 142.251.163.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 26 06:10:29 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.978070394080804
Encrypted:	false
SSDEEP:	48:8TdbTD/cH5idAKZdA19ehwiZUklqehHy+3:8Bfuoy
MD5:	D1F8EE2CB5808909E3E0C94877685F0C
SHA1:	42E8AEBF8A335274A3D1C0B7B2C184FD71CF47FD
SHA-256:	81540110CEAE5BB92BC85DDDE15FC2894CE50C647487545BEFEB687325970001
SHA-512:	85DAE0AA061723841D03CD13EF0A421D05CAECFBA3DAFA6F2D05B78A3FC3A9237136D77BE00900B66A702F959BC967824CD004C4F505672DD881F9323D2D85F4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......z.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZWL9....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZWL9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZWL9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZWL9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZWO9...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 26 06:10:29 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.990363622938159
Encrypted:	false
SSDEEP:	48:8mdbTD/cH5idAKZdA1weh/iZUkAQkqehYy+2:8Kfs9Qdy
MD5:	E6715FD6AF017860C6C716F2BF00CD71
SHA1:	F549D1655347101CC44B297BE1F01B0278B3C54D
SHA-256:	A176CA5810FEAE3ECEE385A96DC21ED67F0D9E8B3826BB2DB2321483D60439CC
SHA-512:	1D46AD2B3C58C25DF12A1CCFB72C773886E12D28603A7684B716A85D288348A5A608AAE0B5742B50563FBEB7CB3D15873C363ABA4C2547CFA93C163EF935B32D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......n.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZWL9....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZWL9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZWL9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZWL9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZWO9...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0030265511867436
Encrypted:	false
SSDEEP:	48:8xQdbTD/sH5idAKZdA14tseh7sFiZUkmgqeh7s2y+BX:8xMf0nky
MD5:	F9E4B68D964CC185E396AA01698DAC06
SHA1:	A8FE9A2A64F6881D45213E35AA973D7F92C868C2
SHA-256:	FBC3B141F028F0323859EBF17E9788182F9B06602F0006FC77863BDD07CEE8EC
SHA-512:	9588FB4D0AA1C11CA5A85DB1F89E908536ADF18E8F5BAD17CE0391DB88FDF03B7100CD7771A0BAD7CC58C457FF76563D845BA40C70D5A062B9B49CE4C5AA015C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZWL9....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZWL9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZWL9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZWL9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 26 06:10:29 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.990318325438237
Encrypted:	false
SSDEEP:	48:8YdbTD/cH5idAKZdA1vehDiZUkwqehcy+R:80fXuy
MD5:	5BC2953CE45BE4B3A2D31A7EF16007BD
SHA1:	BDB3306035674061D3495B78385DC1415037F7AB
SHA-256:	A1D20E1E7A21125E352754C8507A05757D827FEC7E9265C077362E187B97BC3B
SHA-512:	E28A13F7DAE0CB6C0D35E9AB228658F9B99E7833D505ACD5FF1005EF15F7B9B806A6C204DFB36C4D3DA5953DF7674AD431237CA8DFC5A932384F9B1DFE8FD1B4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......j.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZWL9....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZWL9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZWL9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZWL9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZWO9...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 26 06:10:29 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9800653350529402
Encrypted:	false
SSDEEP:	48:83dbTD/cH5idAKZdA1hehBiZUk1W1qehyy+C:8Vfn9Sy
MD5:	CC8E021F7E54D1C156CB2EA2EAB6DC25
SHA1:	C34FABA64329435C6DA5C09E9F5BC7A714874538
SHA-256:	51466DF5D4D2EF01FE8E7F71BB2B1AF61994ADE542C54153BD4D714104B031FE
SHA-512:	69A7CCC6B8AC77E9AA0671EC68B8B68FA87582EEC8CF85D9274F7E4561FFB92C4FEC2080D677CDCA651E27D3695B8743CF0A90D1692AE931EAFC5229794D89B8
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......u.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZWL9....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZWL9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZWL9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZWL9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZWO9...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 26 06:10:29 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.990773954759716
Encrypted:	false
SSDEEP:	48:8XodbTD/cH5idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbky+yT+:8UfvT/TbxWOvTbky7T
MD5:	21F30F46D63C26A3D650118657B50CB5
SHA1:	7B394F228BF50503A7BBC883EDA06E8AAD584A68
SHA-256:	D5AE3775CB07E74336CF8997A311AE11A607CBCC8BB302898EFBF25BE8E86795
SHA-512:	D9AC8EB3E389EE982FC7B162363208A056E996B1E25A8B4BD2887C950D16878E04D71B5C60C2BBC2376C968813F64AD839E6C2527B89626279C52AF0F691E621
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......`.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IZWL9....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VZWL9....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VZWL9....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VZWL9..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VZWO9...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18369)
Category:	downloaded
Size (bytes):	19019
Entropy (8bit):	5.448547902064018
Encrypted:	false
SSDEEP:	384:WD0oj9jB5FCCLbGPLG8wXcO0SXcxu7YB2glWqKbexTRl6mo+rv:Voq8UtwX30SXcvB/lHzRgMv
MD5:	89E89AEA544EA2785D49CC4CD9CF26F6
SHA1:	7D53437A89EB9861038EE27A8FF0E3BB70FA2A0B
SHA-256:	86DA38693FCEA056D36588A4146E85392F784C457511DE416FEC32034AAFA4F9
SHA-512:	4B8DD773D9F31126C5EDE9C02F2BA5BFFD5086CB28BD60838479AFB76929B73FC9242306DC83B8FF9AB89A272274041F8A2C58DF55C4399F420D70BDD0348E43
Malicious:	false
Reputation:	low
URL:	https://tzegilo.com/stattag.js
Preview:	!function(){window.__ds3dcv__.mmh=function(f,$){for(var x,_=f.length,e=$^_,d=0;_>=4;)x=(65535&(x=255&f.charCodeAt(d)\|(255&f.charCodeAt(++d))<<8\|(255&f.charCodeAt(++d))<<16\|(255&f.charCodeAt(++d))<<24))1540483477+(((x>>>16)1540483477&65535)<<16),x^=x>>>24,e=(65535&e)1540483477+(((e>>>16)1540483477&65535)<<16)^(x=(65535&x)1540483477+(((x>>>16)1540483477&65535)<<16)),_-=4,++d;switch(_){case 3:e^=(255&f.charCodeAt(d+2))<<16;case 2:e^=(255&f.charCodeAt(d+1))<<8;case 1:e^=255&f.charCodeAt(d),e=(65535&e)1540483477+(((e>>>16)1540483477&65535)<<16)}return e^=e>>>13,e=(65535&e)1540483477+(((e>>>16)1540483477&65535)<<16),(e^=e>>>15)>>>0};}();.(function(E){!function(){var n,e=E.u(),t=function(n,t=!E.E){if((n=n[E.x](new RegExp(E.uE,E.gE),E.j))in e)return e[n];var i=E.a+n+E.l,o=E.a+n+E.s,r=E.t;t&&r--;var a,d=window[E.ug][E.h],c=new RegExp(t?o:i)[E.gg](d);return c\|\|(a=E.Eg),c&&!c[r]&&(a=E.dg),c&&c[r]&&(a=decodeURIComponent(c[r][E.x](new RegExp(E.OT,E.gE),E.CE))),e[n]=a,a},i=function(){var n

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	556
Entropy (8bit):	4.739231050568172
Encrypted:	false
SSDEEP:	12:TjeRHVIdtklI5rBINGlTF5TF5TF5TF5TF5TFK:neRH68ETPTPTPTPTPTc
MD5:	3690EEFB1AC0BE0753FA77F7DC242FBE
SHA1:	E7E06EAB51A51AA86FA0EB221FD817854E73D2B3
SHA-256:	3AB8172B72D3D44B5B0FC1E31C65E6F0CC244B1C73A30D6B3CC45F1EDF20220D
SHA-512:	CE919DF98270F29A9C367D7EE9EF7952FB755947ED3E2271E9A9115D0EBE61F356C7AD453589E072E26363E518EE96996901CC46603959B2E4F7D549B62EDB46
Malicious:	false
Reputation:	low
URL:	https://tzegilo.com/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.19.10</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 26, 2023 09:10:19.270695925 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:19.270719051 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:19.333230972 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:28.746943951 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:28.746978045 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:28.747045994 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:28.747634888 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:28.747719049 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:28.747927904 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:28.748114109 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:28.748126030 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:28.748594999 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:28.748636007 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:28.800666094 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:28.800709009 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:28.800792933 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:28.801318884 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:28.801332951 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:28.894325018 CEST	49674	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:28.940922022 CEST	49675	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:28.940952063 CEST	49673	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:28.997401953 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:28.997826099 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:28.997838974 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:28.998446941 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:28.998532057 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:28.999535084 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:28.999732018 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:29.000526905 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:29.000675917 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:29.000688076 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:29.000708103 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:29.003683090 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:29.005222082 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:29.005228043 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:29.006385088 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:29.006443024 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:29.007425070 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:29.007481098 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:29.007728100 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:29.007735014 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:29.010358095 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.011013031 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.011024952 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.012054920 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.012346983 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.013202906 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.013273954 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.013279915 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.054447889 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.132750034 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.132787943 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.198046923 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:29.198055029 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:29.198131084 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:29.210747957 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:29.210864067 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:29.210887909 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:29.211039066 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:29.213329077 CEST	49715	443	192.168.2.5	142.250.31.102
Oct 26, 2023 09:10:29.213342905 CEST	443	49715	142.250.31.102	192.168.2.5
Oct 26, 2023 09:10:29.233515024 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:29.233603954 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:29.233609915 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:29.233664036 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:29.233702898 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:29.234196901 CEST	49714	443	192.168.2.5	142.251.167.84
Oct 26, 2023 09:10:29.234208107 CEST	443	49714	142.251.167.84	192.168.2.5
Oct 26, 2023 09:10:29.239681005 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.239804029 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.239902973 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.239934921 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.239949942 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.239991903 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.240026951 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.240103960 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.240178108 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.240226030 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.240226030 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.240238905 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.240305901 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.240377903 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.240397930 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.240403891 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.240551949 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.240566015 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.240576982 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.240669966 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.240675926 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.240858078 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.241035938 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.258342028 CEST	49716	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.258372068 CEST	443	49716	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.355849028 CEST	49719	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.355899096 CEST	443	49719	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.355971098 CEST	49719	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.356189966 CEST	49719	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.356203079 CEST	443	49719	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.362607956 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:29.362694979 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:29.362782955 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:29.363202095 CEST	49722	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:29.363285065 CEST	443	49722	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:29.363449097 CEST	49722	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:29.364450932 CEST	49722	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:29.364483118 CEST	443	49722	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:29.364635944 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:29.364675045 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:29.551172972 CEST	443	49719	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.551536083 CEST	49719	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.551577091 CEST	443	49719	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.551949978 CEST	443	49719	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.552359104 CEST	49719	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.552407980 CEST	49719	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.552433014 CEST	443	49719	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.600610018 CEST	49719	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.961827993 CEST	443	49719	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.961909056 CEST	443	49719	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:29.961971998 CEST	49719	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.965401888 CEST	49719	443	192.168.2.5	104.21.12.37
Oct 26, 2023 09:10:29.965439081 CEST	443	49719	104.21.12.37	192.168.2.5
Oct 26, 2023 09:10:30.058192968 CEST	49723	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.058243036 CEST	443	49723	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.058300972 CEST	49723	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.058711052 CEST	49723	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.058739901 CEST	443	49723	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.062489033 CEST	49724	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:10:30.062517881 CEST	443	49724	172.253.63.147	192.168.2.5
Oct 26, 2023 09:10:30.062565088 CEST	49724	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:10:30.063014030 CEST	49724	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:10:30.063033104 CEST	443	49724	172.253.63.147	192.168.2.5
Oct 26, 2023 09:10:30.120949030 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:30.121232033 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:30.121263981 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:30.122967958 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:30.123034954 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:30.124141932 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:30.124243021 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:30.134645939 CEST	443	49722	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:30.135205984 CEST	49722	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:30.135220051 CEST	443	49722	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:30.136507988 CEST	443	49722	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:30.136614084 CEST	49722	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:30.139189005 CEST	49722	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:30.139254093 CEST	443	49722	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:30.204432964 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:30.204453945 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:30.235548973 CEST	49722	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:30.235604048 CEST	443	49722	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:30.251070976 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:30.277550936 CEST	443	49723	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.280867100 CEST	443	49724	172.253.63.147	192.168.2.5
Oct 26, 2023 09:10:30.291683912 CEST	49724	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:10:30.291718006 CEST	443	49724	172.253.63.147	192.168.2.5
Oct 26, 2023 09:10:30.291982889 CEST	49723	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.292001963 CEST	443	49723	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.292823076 CEST	443	49724	172.253.63.147	192.168.2.5
Oct 26, 2023 09:10:30.292895079 CEST	49724	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:10:30.294858932 CEST	443	49723	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.294946909 CEST	49723	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.332142115 CEST	49724	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:10:30.332184076 CEST	443	49705	23.1.237.91	192.168.2.5
Oct 26, 2023 09:10:30.332268953 CEST	49705	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:30.332283974 CEST	443	49724	172.253.63.147	192.168.2.5
Oct 26, 2023 09:10:30.332477093 CEST	49723	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.332803011 CEST	443	49723	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.332982063 CEST	49723	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.332998991 CEST	443	49723	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.438556910 CEST	49722	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:30.438707113 CEST	49724	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:10:30.438707113 CEST	49723	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.438776016 CEST	443	49724	172.253.63.147	192.168.2.5
Oct 26, 2023 09:10:30.498298883 CEST	443	49723	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.498833895 CEST	443	49723	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.499034882 CEST	49723	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.504488945 CEST	49723	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.504533052 CEST	443	49723	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.507947922 CEST	49725	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.507992983 CEST	443	49725	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.508060932 CEST	49725	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.508780003 CEST	49725	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.508800030 CEST	443	49725	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.626137018 CEST	49724	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:10:30.713710070 CEST	443	49725	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.713989019 CEST	49725	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.714020014 CEST	443	49725	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.714412928 CEST	443	49725	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.714802027 CEST	49725	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.714864969 CEST	443	49725	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.715054989 CEST	49725	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.762445927 CEST	443	49725	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.943219900 CEST	443	49725	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.943341970 CEST	443	49725	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:30.943547010 CEST	49725	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.943710089 CEST	49725	443	192.168.2.5	35.190.80.1
Oct 26, 2023 09:10:30.943732977 CEST	443	49725	35.190.80.1	192.168.2.5
Oct 26, 2023 09:10:33.569308043 CEST	49727	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:33.569339991 CEST	443	49727	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:33.569412947 CEST	49727	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:33.572463989 CEST	49727	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:33.572474957 CEST	443	49727	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:33.784007072 CEST	443	49727	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:33.784152985 CEST	49727	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:33.789077044 CEST	49727	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:33.789086103 CEST	443	49727	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:33.789371967 CEST	443	49727	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:33.829755068 CEST	49727	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:33.874891043 CEST	49727	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:33.922445059 CEST	443	49727	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:33.970953941 CEST	443	49727	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:33.971111059 CEST	443	49727	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:33.971183062 CEST	49727	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:33.971287012 CEST	49727	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:33.971302986 CEST	443	49727	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:33.971343040 CEST	49727	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:33.971348047 CEST	443	49727	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:34.072268963 CEST	49728	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:34.072314024 CEST	443	49728	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:34.072419882 CEST	49728	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:34.072774887 CEST	49728	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:34.072798014 CEST	443	49728	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:34.270000935 CEST	443	49728	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:34.270201921 CEST	49728	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:34.271855116 CEST	49728	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:34.271882057 CEST	443	49728	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:34.272238016 CEST	443	49728	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:34.273488045 CEST	49728	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:34.314465046 CEST	443	49728	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:34.455168962 CEST	443	49728	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:34.455265999 CEST	443	49728	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:34.455374956 CEST	49728	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:34.456998110 CEST	49728	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:34.457045078 CEST	443	49728	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:34.457077026 CEST	49728	443	192.168.2.5	23.62.164.112
Oct 26, 2023 09:10:34.457092047 CEST	443	49728	23.62.164.112	192.168.2.5
Oct 26, 2023 09:10:40.274641991 CEST	443	49724	172.253.63.147	192.168.2.5
Oct 26, 2023 09:10:40.274770021 CEST	443	49724	172.253.63.147	192.168.2.5
Oct 26, 2023 09:10:40.274857998 CEST	49724	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:10:45.772629976 CEST	443	49722	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:45.772764921 CEST	443	49722	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:45.772882938 CEST	49722	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:47.690537930 CEST	49722	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:10:47.690589905 CEST	49724	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:10:47.690610886 CEST	443	49722	139.45.195.254	192.168.2.5
Oct 26, 2023 09:10:47.690623999 CEST	443	49724	172.253.63.147	192.168.2.5
Oct 26, 2023 09:10:48.346687078 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:48.346750975 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:48.346843004 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:48.349431038 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:48.349466085 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:48.747345924 CEST	49705	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:48.747423887 CEST	49705	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:48.747868061 CEST	49731	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:48.747921944 CEST	443	49731	23.1.237.91	192.168.2.5
Oct 26, 2023 09:10:48.748008966 CEST	49731	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:48.748374939 CEST	49731	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:48.748392105 CEST	443	49731	23.1.237.91	192.168.2.5
Oct 26, 2023 09:10:48.857662916 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:48.857870102 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:48.860857010 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:48.860891104 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:48.861278057 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:48.904723883 CEST	443	49705	23.1.237.91	192.168.2.5
Oct 26, 2023 09:10:48.904767036 CEST	443	49705	23.1.237.91	192.168.2.5
Oct 26, 2023 09:10:49.019783974 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:49.074302912 CEST	443	49731	23.1.237.91	192.168.2.5
Oct 26, 2023 09:10:49.074425936 CEST	49731	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:57.827958107 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:57.870451927 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:57.888322115 CEST	49731	443	192.168.2.5	23.1.237.91
Oct 26, 2023 09:10:58.161243916 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161309004 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161329031 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161345959 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161384106 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161401987 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161557913 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:58.161559105 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:58.161602974 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161624908 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161639929 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161652088 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161664963 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:58.161695957 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:10:58.161740065 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:10:58.161787033 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:11:05.409440041 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:11:05.409440041 CEST	49729	443	192.168.2.5	20.114.59.183
Oct 26, 2023 09:11:05.409472942 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:11:05.409503937 CEST	443	49729	20.114.59.183	192.168.2.5
Oct 26, 2023 09:11:10.924370050 CEST	49710	80	192.168.2.5	8.252.64.254
Oct 26, 2023 09:11:11.025795937 CEST	80	49710	8.252.64.254	192.168.2.5
Oct 26, 2023 09:11:11.025883913 CEST	49710	80	192.168.2.5	8.252.64.254
Oct 26, 2023 09:11:11.303384066 CEST	49709	443	192.168.2.5	13.107.21.200
Oct 26, 2023 09:11:11.303705931 CEST	49711	80	192.168.2.5	8.252.64.254
Oct 26, 2023 09:11:15.204932928 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:11:15.204956055 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:11:29.739373922 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:11:29.739484072 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:11:29.739571095 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:11:30.111517906 CEST	49721	443	192.168.2.5	139.45.195.254
Oct 26, 2023 09:11:30.111567974 CEST	443	49721	139.45.195.254	192.168.2.5
Oct 26, 2023 09:11:30.111994982 CEST	49733	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:11:30.112046957 CEST	443	49733	172.253.63.147	192.168.2.5
Oct 26, 2023 09:11:30.112107038 CEST	49733	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:11:30.112396002 CEST	49733	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:11:30.112411022 CEST	443	49733	172.253.63.147	192.168.2.5
Oct 26, 2023 09:11:30.332915068 CEST	443	49733	172.253.63.147	192.168.2.5
Oct 26, 2023 09:11:30.333323956 CEST	49733	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:11:30.333337069 CEST	443	49733	172.253.63.147	192.168.2.5
Oct 26, 2023 09:11:30.333906889 CEST	443	49733	172.253.63.147	192.168.2.5
Oct 26, 2023 09:11:30.334254980 CEST	49733	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:11:30.334323883 CEST	443	49733	172.253.63.147	192.168.2.5
Oct 26, 2023 09:11:30.517458916 CEST	49733	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:11:40.322987080 CEST	443	49733	172.253.63.147	192.168.2.5
Oct 26, 2023 09:11:40.323168993 CEST	443	49733	172.253.63.147	192.168.2.5
Oct 26, 2023 09:11:40.323358059 CEST	49733	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:11:48.100548029 CEST	49733	443	192.168.2.5	172.253.63.147
Oct 26, 2023 09:11:48.100627899 CEST	443	49733	172.253.63.147	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 26, 2023 09:10:28.648659945 CEST	65502	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:28.648708105 CEST	59978	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:28.649246931 CEST	60987	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:28.649508953 CEST	52190	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:28.705061913 CEST	54603	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:28.705184937 CEST	65192	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:28.726226091 CEST	53	55014	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:28.743026972 CEST	53	59978	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:28.743072033 CEST	53	60987	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:28.743160009 CEST	53	65502	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:28.743196964 CEST	53	52190	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:28.799369097 CEST	53	65192	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:28.799483061 CEST	53	54603	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:29.264204025 CEST	61546	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:29.264781952 CEST	64616	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:29.265156031 CEST	62768	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:29.265418053 CEST	65115	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:29.358422041 CEST	53	61546	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:29.359080076 CEST	53	62768	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:29.359116077 CEST	53	64616	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:29.359579086 CEST	53	65115	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:29.380989075 CEST	53	62892	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:29.963320017 CEST	56838	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:29.963474989 CEST	63050	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:29.967489958 CEST	62224	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:29.967716932 CEST	54343	53	192.168.2.5	1.1.1.1
Oct 26, 2023 09:10:30.056890965 CEST	53	56838	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:30.057406902 CEST	53	63050	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:30.060934067 CEST	53	62224	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:30.061326981 CEST	53	54343	1.1.1.1	192.168.2.5
Oct 26, 2023 09:10:59.878565073 CEST	53	55757	1.1.1.1	192.168.2.5
Oct 26, 2023 09:11:30.487996101 CEST	53	63167	1.1.1.1	192.168.2.5
Oct 26, 2023 09:11:35.092653990 CEST	53	62365	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 26, 2023 09:10:28.648659945 CEST	192.168.2.5	1.1.1.1	0xa517	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.648708105 CEST	192.168.2.5	1.1.1.1	0x342b	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Oct 26, 2023 09:10:28.649246931 CEST	192.168.2.5	1.1.1.1	0x1445	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.649508953 CEST	192.168.2.5	1.1.1.1	0xd8f	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Oct 26, 2023 09:10:28.705061913 CEST	192.168.2.5	1.1.1.1	0x5c17	Standard query (0)	tzegilo.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.705184937 CEST	192.168.2.5	1.1.1.1	0xd7d8	Standard query (0)	tzegilo.com	65	IN (0x0001)	false
Oct 26, 2023 09:10:29.264204025 CEST	192.168.2.5	1.1.1.1	0xe884	Standard query (0)	flerap.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:29.264781952 CEST	192.168.2.5	1.1.1.1	0x649a	Standard query (0)	flerap.com	65	IN (0x0001)	false
Oct 26, 2023 09:10:29.265156031 CEST	192.168.2.5	1.1.1.1	0x8e4a	Standard query (0)	fleraprt.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:29.265418053 CEST	192.168.2.5	1.1.1.1	0x9316	Standard query (0)	fleraprt.com	65	IN (0x0001)	false
Oct 26, 2023 09:10:29.963320017 CEST	192.168.2.5	1.1.1.1	0x3184	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:29.963474989 CEST	192.168.2.5	1.1.1.1	0xc351	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Oct 26, 2023 09:10:29.967489958 CEST	192.168.2.5	1.1.1.1	0xf2bd	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:29.967716932 CEST	192.168.2.5	1.1.1.1	0x78b7	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 26, 2023 09:10:28.743026972 CEST	1.1.1.1	192.168.2.5	0x342b	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 26, 2023 09:10:28.743072033 CEST	1.1.1.1	192.168.2.5	0x1445	No error (0)	accounts.google.com		142.251.167.84	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.743160009 CEST	1.1.1.1	192.168.2.5	0xa517	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 26, 2023 09:10:28.743160009 CEST	1.1.1.1	192.168.2.5	0xa517	No error (0)	clients.l.google.com		142.250.31.102	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.743160009 CEST	1.1.1.1	192.168.2.5	0xa517	No error (0)	clients.l.google.com		142.250.31.101	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.743160009 CEST	1.1.1.1	192.168.2.5	0xa517	No error (0)	clients.l.google.com		142.250.31.100	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.743160009 CEST	1.1.1.1	192.168.2.5	0xa517	No error (0)	clients.l.google.com		142.250.31.138	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.743160009 CEST	1.1.1.1	192.168.2.5	0xa517	No error (0)	clients.l.google.com		142.250.31.113	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.743160009 CEST	1.1.1.1	192.168.2.5	0xa517	No error (0)	clients.l.google.com		142.250.31.139	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.799369097 CEST	1.1.1.1	192.168.2.5	0xd7d8	No error (0)	tzegilo.com			65	IN (0x0001)	false
Oct 26, 2023 09:10:28.799483061 CEST	1.1.1.1	192.168.2.5	0x5c17	No error (0)	tzegilo.com		104.21.12.37	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:28.799483061 CEST	1.1.1.1	192.168.2.5	0x5c17	No error (0)	tzegilo.com		172.67.193.164	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:29.358422041 CEST	1.1.1.1	192.168.2.5	0xe884	No error (0)	flerap.com		139.45.195.254	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:29.359080076 CEST	1.1.1.1	192.168.2.5	0x8e4a	No error (0)	fleraprt.com		139.45.195.254	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:30.056890965 CEST	1.1.1.1	192.168.2.5	0x3184	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:30.060934067 CEST	1.1.1.1	192.168.2.5	0xf2bd	No error (0)	www.google.com		172.253.63.147	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:30.060934067 CEST	1.1.1.1	192.168.2.5	0xf2bd	No error (0)	www.google.com		172.253.63.104	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:30.060934067 CEST	1.1.1.1	192.168.2.5	0xf2bd	No error (0)	www.google.com		172.253.63.103	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:30.060934067 CEST	1.1.1.1	192.168.2.5	0xf2bd	No error (0)	www.google.com		172.253.63.106	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:30.060934067 CEST	1.1.1.1	192.168.2.5	0xf2bd	No error (0)	www.google.com		172.253.63.105	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:30.060934067 CEST	1.1.1.1	192.168.2.5	0xf2bd	No error (0)	www.google.com		172.253.63.99	A (IP address)	IN (0x0001)	false
Oct 26, 2023 09:10:30.061326981 CEST	1.1.1.1	192.168.2.5	0x78b7	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

tzegilo.com

https:

a.nel.cloudflare.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49715	142.250.31.102	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:28 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49714	142.251.167.84	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:29 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2023-10-04-13; NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4
2023-10-26 07:10:29 UTC	1	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49725	35.190.80.1	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:30 UTC	27	OUT	POST /report/v3?s=doszA%2BALBIsHJtjJjy5tXbWsSn6hcwlGiwTf46kk33atFs2APRBi39dDscZtN9sTQ8M7NYynFwYasdpukcd8EsTJTaUXI2Z0vuz6Zjl5VYPblkf2VrvCXfA6lC37PQ%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 421 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-10-26 07:10:30 UTC	27	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 36 30 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 74 7a 65 67 69 6c 6f 2e 63 6f 6d 2f 73 74 61 74 74 61 67 2e 6a 73 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 31 32 2e 33 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 Data Ascii: [{"age":0,"body":{"elapsed_time":606,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://tzegilo.com/stattag.js","sampling_fraction":1.0,"server_ip":"104.21.12.37","status_code":404,"type":"http.error"},"type":"network-error","u

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	35.190.80.1	443	192.168.2.5	49725	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:30 UTC	27	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 26 Oct 2023 07:10:30 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	49727	23.62.164.112	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:33 UTC	28	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-10-26 07:10:33 UTC	28	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: Kestrel X-CID: 11 Cache-Control: public, max-age=142962 Date: Thu, 26 Oct 2023 07:10:33 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.5	49728	23.62.164.112	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:34 UTC	28	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-10-26 07:10:34 UTC	28	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=168896 Date: Thu, 26 Oct 2023 07:10:34 GMT Content-Length: 55 Connection: close X-CID: 2
2023-10-26 07:10:34 UTC	29	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.5	49729	20.114.59.183	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:57 UTC	29	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vh2GWBF3geyxZXG&MD=9zmEWgg1 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-10-26 07:10:58 UTC	29	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 684e1e4f-9a0c-4b52-9a18-a8ffb3b24c8b MS-RequestId: 1c517940-a48f-43ef-9b26-995770fb9c77 MS-CV: uvIBCYuk60ifV5AS.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 26 Oct 2023 07:10:57 GMT Connection: close Content-Length: 24490
2023-10-26 07:10:58 UTC	30	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-10-26 07:10:58 UTC	45	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49716	104.21.12.37	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:29 UTC	1	OUT	GET /stattag.js HTTP/1.1 Host: tzegilo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	142.250.31.102	443	192.168.2.5	49715	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:29 UTC	2	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-ikvxQVa_jRvtT5nYg84qrg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 26 Oct 2023 07:10:29 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6142 X-Daystart: 629 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-10-26 07:10:29 UTC	2	IN	Data Raw: 32 63 37 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 34 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 36 32 39 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 73 Data Ascii: 2c7<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6142" elapsed_seconds="629"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname="" s
2023-10-26 07:10:29 UTC	3	IN	Data Raw: 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-10-26 07:10:29 UTC	3	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	142.251.167.84	443	192.168.2.5	49714	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:29 UTC	3	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 26 Oct 2023 07:10:29 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-UyuasUXqaTfPak1oad14qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-10-26 07:10:29 UTC	5	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-10-26 07:10:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	104.21.12.37	443	192.168.2.5	49716	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:29 UTC	5	IN	HTTP/1.1 200 OK Date: Thu, 26 Oct 2023 07:10:29 GMT Content-Type: application/javascript Content-Length: 19019 Connection: close Last-Modified: Thu, 07 Sep 2023 08:19:52 GMT ETag: "64f987a8-4a4b" Link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 5516 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=haiKtbhZb8AF4Tbfid3xSeuZn%2FBYopWcqfUiv%2FzJxdfdi1NU9Y8DFZXlIWtTUOMocJSW6z8sjYpj7rlfIb6mobRrnxgBEHu1uUJ0DBgbUOcn5Sixk85HK4VTacce6w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c0e138599c57ba-IAD alt-svc: h3=":443"; ma=86400
2023-10-26 07:10:29 UTC	5	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 5f 5f 64 73 33 64 63 76 5f 5f 2e 6d 6d 68 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 24 29 7b 66 6f 72 28 76 61 72 20 78 2c 5f 3d 66 2e 6c 65 6e 67 74 68 2c 65 3d 24 5e 5f 2c 64 3d 30 3b 5f 3e 3d 34 3b 29 78 3d 28 36 35 35 33 35 26 28 78 3d 32 35 35 26 66 2e 63 68 61 72 43 6f 64 65 41 74 28 64 29 7c 28 32 35 35 26 66 2e 63 68 61 72 43 6f 64 65 41 74 28 2b 2b 64 29 29 3c 3c 38 7c 28 32 35 35 26 66 2e 63 68 61 72 43 6f 64 65 41 74 28 2b 2b 64 29 29 3c 3c 31 36 7c 28 32 35 35 26 66 2e 63 68 61 72 43 6f 64 65 41 74 28 2b 2b 64 29 29 3c 3c 32 34 29 29 2a 31 35 34 30 34 38 33 34 37 37 2b 28 28 28 78 3e 3e 3e 31 36 29 2a 31 35 34 30 34 38 33 34 37 37 26 36 35 35 33 35 29 3c 3c 31 36 29 2c 78 5e 3d 78 3e 3e 3e 32 Data Ascii: !function(){window.__ds3dcv__.mmh=function(f,$){for(var x,_=f.length,e=$^_,d=0;_>=4;)x=(65535&(x=255&f.charCodeAt(d)\|(255&f.charCodeAt(++d))<<8\|(255&f.charCodeAt(++d))<<16\|(255&f.charCodeAt(++d))<<24))1540483477+(((x>>>16)1540483477&65535)<<16),x^=x>>>2
2023-10-26 07:10:29 UTC	6	IN	Data Raw: 3e 3e 31 33 2c 65 3d 28 36 35 35 33 35 26 65 29 2a 31 35 34 30 34 38 33 34 37 37 2b 28 28 28 65 3e 3e 3e 31 36 29 2a 31 35 34 30 34 38 33 34 37 37 26 36 35 35 33 35 29 3c 3c 31 36 29 2c 28 65 5e 3d 65 3e 3e 3e 31 35 29 3e 3e 3e 30 7d 3b 7d 28 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 45 29 7b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 2c 65 3d 45 2e 75 28 29 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 3d 21 45 2e 45 29 7b 69 66 28 28 6e 3d 6e 5b 45 2e 78 5d 28 6e 65 77 20 52 65 67 45 78 70 28 45 2e 75 45 2c 45 2e 67 45 29 2c 45 2e 6a 29 29 69 6e 20 65 29 72 65 74 75 72 6e 20 65 5b 6e 5d 3b 76 61 72 20 69 3d 45 2e 61 2b 6e 2b 45 2e 6c 2c 6f 3d 45 2e 61 2b 6e 2b 45 2e 73 2c 72 3d 45 2e 74 3b 74 26 26 72 2d 2d 3b 76 61 72 20 61 2c 64 3d 77 69 6e 64 6f Data Ascii: >>13,e=(65535&e)1540483477+(((e>>>16)1540483477&65535)<<16),(e^=e>>>15)>>>0};}();(function(E){!function(){var n,e=E.u(),t=function(n,t=!E.E){if((n=n[E.x](new RegExp(E.uE,E.gE),E.j))in e)return e[n];var i=E.a+n+E.l,o=E.a+n+E.s,r=E.t;t&&r--;var a,d=windo
2023-10-26 07:10:29 UTC	7	IN	Data Raw: 45 5d 28 45 2e 79 45 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 69 28 4a 53 4f 4e 5b 45 2e 4c 67 5d 28 77 5b 45 2e 64 7a 5d 29 29 7d 63 61 74 63 68 28 6e 29 7b 69 28 45 2e 75 28 45 2e 68 59 2c 2d 45 2e 45 29 29 7d 7d 29 2c 77 5b 45 2e 52 45 5d 28 45 2e 44 45 2c 63 29 3b 66 6f 72 28 76 61 72 20 6c 3d 45 2e 4a 3b 6c 3c 75 5b 45 2e 72 5d 3b 6c 2b 2b 29 6f 3d 75 5b 6c 5d 2c 77 5b 45 2e 6c 45 5d 28 6f 2c 61 5b 6f 5d 29 3b 77 5b 45 2e 49 67 5d 28 64 29 7d 7d 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 6e 2c 45 2e 4a 29 7d 2c 75 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 66 6f 72 28 76 61 72 20 65 2c 74 2c 69 2c 6f 2c 72 3d 45 2e 75 28 29 2c 61 3d 45 2e 4a 3b 61 3c 6e 5b 45 2e 72 5d 3b 61 2b 2b 29 7b 65 3d 6e 5b 61 5d 2c 74 3d Data Ascii: E](E.yE,function(){try{i(JSON[E.Lg](w[E.dz]))}catch(n){i(E.u(E.hY,-E.E))}}),w[E.RE](E.DE,c);for(var l=E.J;l<u[E.r];l++)o=u[l],w[E.lE](o,a[o]);w[E.Ig](d)}},c=function(n){setTimeout(n,E.J)},u=function(n){for(var e,t,i,o,r=E.u(),a=E.J;a<n[E.r];a++){e=n[a],t=
2023-10-26 07:10:29 UTC	9	IN	Data Raw: 72 20 72 3d 70 65 72 66 6f 72 6d 61 6e 63 65 5b 45 2e 7a 64 5d 28 29 2c 61 3d 45 2e 4a 3b 45 2e 78 67 3e 70 65 72 66 6f 72 6d 61 6e 63 65 5b 45 2e 7a 64 5d 28 29 2d 72 3b 29 69 5b 45 2e 44 54 5d 28 6f 5b 45 2e 72 54 5d 29 2c 69 5b 45 2e 44 54 5d 28 6f 5b 45 2e 72 54 5d 29 2c 69 5b 45 2e 44 54 5d 28 6f 5b 45 2e 72 54 5d 29 2c 69 5b 45 2e 44 54 5d 28 6f 5b 45 2e 72 54 5d 29 2c 69 5b 45 2e 44 54 5d 28 6f 5b 45 2e 72 54 5d 29 2c 69 5b 45 2e 44 54 5d 28 6f 5b 45 2e 72 54 5d 29 2c 69 5b 45 2e 44 54 5d 28 6f 5b 45 2e 72 54 5d 29 2c 69 5b 45 2e 44 54 5d 28 6f 5b 45 2e 72 54 5d 29 2c 69 5b 45 2e 44 54 5d 28 6f 5b 45 2e 72 54 5d 29 2c 69 5b 45 2e 44 54 5d 28 6f 5b 45 2e 72 54 5d 29 2c 61 2b 3d 45 2e 71 64 3b 72 65 74 75 72 6e 20 72 3d 70 65 72 66 6f 72 6d 61 6e 63 Data Ascii: r r=performance[E.zd](),a=E.J;E.xg>performance[E.zd]()-r;)i[E.DT](o[E.rT]),i[E.DT](o[E.rT]),i[E.DT](o[E.rT]),i[E.DT](o[E.rT]),i[E.DT](o[E.rT]),i[E.DT](o[E.rT]),i[E.DT](o[E.rT]),i[E.DT](o[E.rT]),i[E.DT](o[E.rT]),i[E.DT](o[E.rT]),a+=E.qd;return r=performanc
2023-10-26 07:10:29 UTC	10	IN	Data Raw: 64 6f 77 5b 45 2e 77 64 5d 5b 45 2e 72 5d 3e 45 2e 4a 3f 77 69 6e 64 6f 77 5b 45 2e 77 64 5d 3a 45 2e 45 67 2c 6e 7d 2c 45 2e 6d 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6e 5b 45 2e 65 64 5d 3d 64 6f 63 75 6d 65 6e 74 5b 45 2e 41 64 5d 2c 6e 7d 2c 45 2e 57 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6e 5b 45 2e 4e 64 5d 3d 64 6f 63 75 6d 65 6e 74 5b 45 2e 75 67 5d 5b 45 2e 68 5d 2c 6e 7d 2c 45 2e 76 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6e 5b 45 2e 46 64 5d 3d 76 6f 69 64 20 45 2e 4a 21 3d 3d 6e 61 76 69 67 61 74 6f 72 26 26 76 6f 69 64 20 45 2e 4a 21 3d 3d 6e 61 76 69 67 61 74 6f 72 5b 45 2e 56 4b 5d 3f 45 2e 45 3a 45 2e 4a 2c 6e 7d 2c 45 2e 69 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 Data Ascii: dow[E.wd][E.r]>E.J?window[E.wd]:E.Eg,n},E.m,function(n){return n[E.ed]=document[E.Ad],n},E.W,function(n){return n[E.Nd]=document[E.ug][E.h],n},E.v,function(n){return n[E.Fd]=void E.J!==navigator&&void E.J!==navigator[E.VK]?E.E:E.J,n},E.i,function(n){retur
2023-10-26 07:10:29 UTC	11	IN	Data Raw: 62 6a 65 63 74 5b 45 2e 7a 67 5d 28 77 69 6e 64 6f 77 29 5b 45 2e 72 5d 2c 6e 7d 2c 45 2e 6e 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6e 5b 45 2e 6a 64 5d 3d 76 6f 69 64 20 45 2e 4a 21 3d 3d 77 69 6e 64 6f 77 5b 45 2e 47 54 5d 26 26 76 6f 69 64 20 45 2e 4a 21 3d 3d 77 69 6e 64 6f 77 5b 45 2e 47 54 5d 5b 45 2e 4e 54 5d 3f 77 69 6e 64 6f 77 5b 45 2e 47 54 5d 5b 45 2e 4e 54 5d 3a 45 2e 45 67 2c 6e 7d 2c 45 2e 6b 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 6e 5b 45 2e 61 64 5d 3d 76 6f 69 64 20 45 2e 4a 21 3d 3d 6e 61 76 69 67 61 74 6f 72 5b 45 2e 61 64 5d 3f 6e 61 76 69 67 61 74 6f 72 5b 45 2e 61 64 5d 3a 45 2e 45 67 2c 6e 7d 2c 45 2e 77 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 69 66 28 6e 61 76 69 67 61 74 6f 72 5b 45 2e 71 Data Ascii: bject[E.zg](window)[E.r],n},E.n,function(n){return n[E.jd]=void E.J!==window[E.GT]&&void E.J!==window[E.GT][E.NT]?window[E.GT][E.NT]:E.Eg,n},E.k,function(n){return n[E.ad]=void E.J!==navigator[E.ad]?navigator[E.ad]:E.Eg,n},E.w,function(n){if(navigator[E.q
2023-10-26 07:10:29 UTC	13	IN	Data Raw: 4b 5d 2c 65 5b 45 2e 41 4b 5d 3d 74 5b 45 2e 41 4b 5d 2c 65 5b 45 2e 4e 4b 5d 3d 74 5b 45 2e 4e 4b 5d 2c 65 5b 45 2e 46 4b 5d 3d 74 5b 45 2e 46 4b 5d 2c 6e 5b 45 2e 62 45 5d 3d 65 7d 65 6c 73 65 20 6e 5b 45 2e 62 45 5d 3d 45 2e 75 28 29 3b 72 65 74 75 72 6e 20 6e 7d 29 29 3b 76 61 72 20 66 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 66 6f 72 28 76 61 72 20 65 3d 45 2e 4a 2c 74 3d 45 2e 4a 3b 74 3c 6e 5b 45 2e 72 5d 3b 74 2b 2b 29 6e 5b 74 5d 26 26 28 65 2b 3d 45 2e 45 29 3b 72 65 74 75 72 6e 20 65 7d 3b 73 5b 45 2e 67 5d 28 45 2e 75 28 45 2e 48 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 65 3d 66 28 5b 45 2e 4a 4b 20 69 6e 20 77 69 6e 64 6f 77 2c 45 2e 43 4b 20 69 6e 20 77 69 6e 64 6f 77 2c 45 2e 6c 4b 20 69 6e 20 77 69 6e 64 6f 77 2c 45 2e 63 64 20 69 Data Ascii: K],e[E.AK]=t[E.AK],e[E.NK]=t[E.NK],e[E.FK]=t[E.FK],n[E.bE]=e}else n[E.bE]=E.u();return n}));var f=function(n){for(var e=E.J,t=E.J;t<n[E.r];t++)n[t]&&(e+=E.E);return e};s[E.g](E.u(E.H,function(n){var e=f([E.JK in window,E.CK in window,E.lK in window,E.cd i
2023-10-26 07:10:29 UTC	14	IN	Data Raw: 57 45 5d 5b 45 2e 69 54 5d 5d 29 3e 3d 45 2e 74 3b 6e 5b 45 2e 69 45 5d 3d 45 2e 75 28 45 2e 6e 45 2c 75 2c 45 2e 6b 45 2c 65 2c 45 2e 77 45 2c 64 2c 45 2e 65 45 2c 69 2c 45 2e 41 45 2c 74 2c 45 2e 4e 45 2c 61 2c 45 2e 46 45 2c 6f 2c 45 2e 50 45 2c 63 2c 45 2e 48 45 2c 72 2c 45 2e 6f 45 2c 77 29 7d 29 29 2c 73 5b 45 2e 67 5d 28 45 2e 75 28 45 2e 6f 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 77 69 6e 64 6f 77 5b 45 2e 4d 5d 26 26 45 2e 53 45 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 5b 45 2e 4d 5d 5b 45 2e 6f 54 5d 26 26 28 6e 5b 45 2e 4f 45 5d 3d 77 69 6e 64 6f 77 5b 45 2e 4d 5d 5b 45 2e 6f 54 5d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 6e 29 7b 74 72 79 7b 76 61 72 20 65 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 74 20 69 6e 20 6e 29 Data Ascii: WE][E.iT]])>=E.t;n[E.iE]=E.u(E.nE,u,E.kE,e,E.wE,d,E.eE,i,E.AE,t,E.NE,a,E.FE,o,E.PE,c,E.HE,r,E.oE,w)})),s[E.g](E.u(E.o,function(n){window[E.M]&&E.SE==typeof window[E.M][E.oT]&&(n[E.OE]=window[E.M][E.oT](function(){function n(n){try{var e=[];for(var t in n)
2023-10-26 07:10:29 UTC	15	IN	Data Raw: 5b 6f 5d 2c 65 5b 74 5d 28 6e 29 7d 29 7d 28 6f 29 7d 28 74 2c 6e 29 7d 29 3b 76 61 72 20 69 3d 45 2e 75 28 29 3b 77 69 6e 64 6f 77 5b 45 2e 4f 5d 3f 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 5b 45 2e 75 67 5d 5b 45 2e 68 5d 29 5b 45 2e 69 54 5d 5b 45 2e 72 5d 3e 45 2e 4a 26 26 28 69 3d 6f 28 29 29 3a 69 3d 6f 28 29 3b 76 61 72 20 61 3d 45 2e 75 28 29 3b 6e 5b 45 2e 72 45 5d 26 26 28 61 3d 72 28 6e 5b 45 2e 72 45 5d 29 2c 64 65 6c 65 74 65 20 6e 5b 45 2e 72 45 5d 29 2c 6e 5b 45 2e 54 45 5d 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 69 66 28 21 6e 7c 7c 45 2e 4a 3d 3d 3d 6e 5b 45 2e 72 5d 29 72 65 74 75 72 6e 5b 5d 3b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 74 3d 45 2e 4a 3b 74 3c 6e 5b 45 2e 72 5d 3b 74 2b 2b 29 7b 76 61 72 20 69 3d 72 28 6e 5b 74 5d 5b 45 2e Data Ascii: [o],e[t](n)})}(o)}(t,n)});var i=E.u();window[E.O]?new URL(window[E.ug][E.h])[E.iT][E.r]>E.J&&(i=o()):i=o();var a=E.u();n[E.rE]&&(a=r(n[E.rE]),delete n[E.rE]),n[E.TE]=function(n){if(!n\|\|E.J===n[E.r])return[];for(var e=[],t=E.J;t<n[E.r];t++){var i=r(n[t][E.
2023-10-26 07:10:29 UTC	17	IN	Data Raw: 3b 69 3c 61 72 67 73 2e 6c 65 6e 67 74 68 2d 31 3b 69 2b 3d 32 29 7b 6f 62 6a 5b 61 72 67 73 5b 69 5d 5d 3d 61 72 67 73 5b 69 2b 31 5d 7d 72 65 74 75 72 6e 20 6f 62 6a 7d 5d 2c 5b 27 67 27 2c 27 63 68 66 75 27 5d 2c 5b 27 45 27 2c 31 5d 2c 5b 27 64 27 2c 27 6e 71 71 4a 72 6f 54 79 27 5d 2c 5b 27 54 27 2c 27 6e 71 71 47 76 7a 72 4d 62 61 72 42 73 73 66 72 67 27 5d 2c 5b 27 4b 27 2c 27 6e 71 71 4a 76 61 71 62 6a 46 76 6d 72 58 72 6c 66 27 5d 2c 5b 27 59 27 2c 27 6e 71 71 47 62 68 70 75 27 5d 2c 5b 27 7a 27 2c 27 6e 71 71 48 66 72 65 4e 74 72 61 67 27 5d 2c 5b 27 71 27 2c 27 6e 71 71 4f 65 62 6a 66 72 65 43 79 68 74 76 61 58 72 6c 66 27 5d 2c 5b 27 53 27 2c 27 6e 71 71 48 76 71 27 5d 2c 5b 27 6d 27 2c 27 6e 71 71 45 72 73 72 65 65 72 65 27 5d 2c 5b 27 57 27 Data Ascii: ;i<args.length-1;i+=2){obj[args[i]]=args[i+1]}return obj}],['g','chfu'],['E',1],['d','nqqJroTy'],['T','nqqGvzrMbarBssfrg'],['K','nqqJvaqbjFvmrXrlf'],['Y','nqqGbhpu'],['z','nqqHfreNtrag'],['q','nqqOebjfreCyhtvaXrlf'],['S','nqqHvq'],['m','nqqErsreere'],['W'
2023-10-26 07:10:29 UTC	18	IN	Data Raw: 70 67 27 2c 27 70 68 66 67 62 7a 5f 76 71 5f 31 27 5d 2c 5b 27 56 67 27 2c 27 70 68 66 67 62 7a 5f 76 71 5f 32 27 5d 2c 5b 27 79 67 27 2c 27 70 79 76 70 78 5f 76 71 27 5d 2c 5b 27 52 67 27 2c 27 70 62 66 67 27 5d 2c 5b 27 44 67 27 2c 27 77 66 67 6e 74 27 5d 2c 5b 27 66 67 27 2c 27 65 5f 68 76 71 27 5d 2c 5b 27 51 67 27 2c 27 6e 71 71 76 67 76 62 61 6e 79 5f 76 71 66 27 5d 2c 5b 27 47 67 27 2c 27 7b 28 2e 2a 3f 29 5c 5c 7d 27 5d 2c 5b 27 58 67 27 2c 27 73 47 6c 63 72 27 5d 2c 5b 27 55 67 27 2c 27 70 75 6e 61 70 72 27 5d 2c 5b 27 63 67 27 2c 27 73 79 62 62 65 27 5d 2c 5b 27 62 67 27 2c 27 6e 6b 70 76 71 27 5d 2c 5b 27 42 67 27 2c 27 67 65 6e 73 73 76 70 46 62 68 65 70 72 56 71 27 5d 2c 5b 27 6e 67 27 2c 27 6e 6b 67 66 76 71 27 5d 2c 5b 27 6b 67 27 2c 27 6e Data Ascii: pg','phfgbz_vq_1'],['Vg','phfgbz_vq_2'],['yg','pyvpx_vq'],['Rg','pbfg'],['Dg','wfgnt'],['fg','e_hvq'],['Qg','nqqvgvbany_vqf'],['Gg','{(.*?)\\}'],['Xg','sGlcr'],['Ug','punapr'],['cg','sybbe'],['bg','nkpvq'],['Bg','genssvpFbheprVq'],['ng','nkgfvq'],['kg','n
2023-10-26 07:10:29 UTC	19	IN	Data Raw: 76 66 5f 70 75 65 62 7a 76 68 7a 5f 62 63 72 65 6e 27 5d 2c 5b 27 4f 45 27 2c 27 61 72 66 27 5d 2c 5b 27 4d 45 27 2c 27 65 6e 61 71 62 7a 27 5d 2c 5b 27 5a 45 27 2c 27 6e 71 72 6b 5f 67 6e 74 5f 69 72 65 66 76 62 61 27 5d 2c 5b 27 74 45 27 2c 27 32 32 39 27 5d 2c 5b 27 72 45 27 2c 27 68 65 79 43 6e 65 6e 7a 66 27 5d 2c 5b 27 4a 45 27 2c 35 30 30 5d 2c 5b 27 43 45 27 2c 27 20 27 5d 2c 5b 27 6c 45 27 2c 27 66 72 67 45 72 64 68 72 66 67 55 72 6e 71 72 65 27 5d 2c 5b 27 73 45 27 2c 27 65 76 27 5d 2c 5b 27 68 45 27 2c 27 65 69 27 5d 2c 5b 27 49 45 27 2c 27 65 63 63 27 5d 2c 5b 27 4c 45 27 2c 27 70 65 72 6e 67 72 52 79 72 7a 72 61 67 27 5d 2c 5b 27 78 45 27 2c 27 70 6e 61 69 6e 66 27 5d 2c 5b 27 6a 45 27 2c 27 6e 79 63 75 6e 27 5d 2c 5b 27 61 45 27 2c 27 71 72 Data Ascii: vf_puebzvhz_bcren'],['OE','arf'],['ME','enaqbz'],['ZE','nqrk_gnt_irefvba'],['tE','229'],['rE','heyCnenzf'],['JE',500],['CE',' '],['lE','frgErdhrfgUrnqre'],['sE','ev'],['hE','ei'],['IE','ecc'],['LE','perngrRyrzrag'],['xE','pnainf'],['jE','nycun'],['aE','qr
2023-10-26 07:10:29 UTC	21	IN	Data Raw: 5b 27 79 54 27 2c 27 74 72 67 50 62 61 67 72 6b 67 27 5d 2c 5b 27 52 54 27 2c 27 7a 62 6d 2d 6a 72 6f 74 79 27 5d 2c 5b 27 44 54 27 2c 27 74 72 67 43 6e 65 6e 7a 72 67 72 65 27 5d 2c 5b 27 66 54 27 2c 27 65 62 68 61 71 27 5d 2c 5b 27 51 54 27 2c 27 74 72 67 47 76 7a 72 6d 62 61 72 42 73 73 66 72 67 27 5d 2c 5b 27 47 54 27 2c 27 66 70 65 72 72 61 27 5d 2c 5b 27 58 54 27 2c 27 71 62 70 68 7a 72 61 67 52 79 72 7a 72 61 67 27 5d 2c 5b 27 55 54 27 2c 27 63 79 68 74 76 61 66 27 5d 2c 5b 27 63 54 27 2c 27 3b 27 5d 2c 5b 27 62 54 27 2c 27 56 61 67 79 27 5d 2c 5b 27 42 54 27 2c 27 67 76 7a 72 4d 62 61 72 27 5d 2c 5b 27 6e 54 27 2c 27 75 6e 65 71 6a 6e 65 72 50 62 61 70 68 65 65 72 61 70 6c 27 5d 2c 5b 27 6b 54 27 2c 27 61 68 7a 6f 72 65 27 5d 2c 5b 27 77 54 27 2c Data Ascii: ['yT','trgPbagrkg'],['RT','zbm-jroty'],['DT','trgCnenzrgre'],['fT','ebhaq'],['QT','trgGvzrmbarBssfrg'],['GT','fperra'],['XT','qbphzragRyrzrag'],['UT','cyhtvaf'],['cT',';'],['bT','Vagy'],['BT','gvzrMbar'],['nT','uneqjnerPbapheerapl'],['kT','ahzore'],['wT',
2023-10-26 07:10:29 UTC	22	IN	Data Raw: 66 41 63 61 41 72 74 62 67 76 6e 67 72 71 27 5d 2c 5b 27 50 4b 27 2c 27 65 27 5d 2c 5b 27 48 4b 27 2c 27 65 6f 27 5d 2c 5b 27 6f 4b 27 2c 27 75 67 67 63 66 3a 2f 2f 73 79 72 65 6e 63 65 67 2e 70 62 7a 27 5d 2c 5b 27 4f 4b 27 2c 27 6a 72 6f 74 79 32 27 5d 2c 5b 27 4d 4b 27 2c 27 6a 72 6f 74 79 27 5d 2c 5b 27 5a 4b 27 2c 27 48 41 5a 4e 46 58 52 51 5f 49 52 41 51 42 45 5f 4a 52 4f 54 59 27 5d 2c 5b 27 74 4b 27 2c 27 73 76 79 67 72 65 27 5d 2c 5b 27 72 4b 27 2c 27 28 70 62 79 62 65 2d 74 6e 7a 68 67 3a 27 5d 2c 5b 27 4a 4b 27 2c 27 5a 46 50 46 46 5a 6e 67 65 76 6b 27 5d 2c 5b 27 43 4b 27 2c 27 7a 66 46 72 67 56 7a 7a 72 71 76 6e 67 72 27 5d 2c 5b 27 6c 4b 27 2c 27 7a 66 56 61 71 72 6b 72 71 51 4f 27 5d 2c 5b 27 73 4b 27 2c 27 7a 66 43 62 76 61 67 72 65 52 61 Data Ascii: fAcaArtbgvngrq'],['PK','e'],['HK','eo'],['oK','uggcf://syrenceg.pbz'],['OK','jroty2'],['MK','jroty'],['ZK','HAZNFXRQ_IRAQBE_JROTY'],['tK','svygre'],['rK','(pbybe-tnzhg:'],['JK','ZFPFFZngevk'],['CK','zfFrgVzzrqvngr'],['lK','zfVaqrkrqQO'],['sK','zfCbvagreRa
2023-10-26 07:10:29 UTC	23	IN	Data Raw: 5a 59 27 2c 27 6e 63 63 79 6c 27 5d 2c 5b 27 74 59 27 2c 27 73 65 62 7a 50 75 6e 65 50 62 71 72 27 5d 2c 5b 27 72 59 27 2c 27 6b 27 5d 2c 5b 27 4a 59 27 2c 38 5d 2c 5b 27 43 59 27 2c 27 5a 62 6d 4e 63 63 72 6e 65 6e 61 70 72 27 5d 2c 5b 27 6c 59 27 2c 27 45 72 73 79 72 70 67 27 5d 2c 5b 27 73 59 27 2c 27 67 72 66 67 27 5d 2c 5b 27 68 59 27 2c 27 66 67 6e 67 68 66 27 5d 2c 5b 27 49 59 27 2c 27 71 72 73 76 61 72 43 65 62 63 72 65 67 6c 27 5d 2c 5b 27 4c 59 27 2c 27 70 75 6e 65 50 62 71 72 4e 67 27 5d 2c 5b 27 78 59 27 2c 27 6e 63 63 49 72 65 66 76 62 61 27 5d 2c 5b 27 6a 59 27 2c 27 6e 61 71 65 62 76 71 27 5d 2c 5b 27 61 59 27 2c 27 76 27 5d 2c 5b 27 75 7a 27 2c 27 69 6e 79 68 72 27 5d 2c 5b 27 67 7a 27 2c 27 72 61 68 7a 72 65 6e 6f 79 72 27 5d 2c 5b 27 45 Data Ascii: ZY','nccyl'],['tY','sebzPunePbqr'],['rY','k'],['JY',8],['CY','ZbmNccrnenapr'],['lY','Ersyrpg'],['sY','grfg'],['hY','fgnghf'],['IY','qrsvarCebcregl'],['LY','punePbqrNg'],['xY','nccIrefvba'],['jY','naqebvq'],['aY','v'],['uz','inyhr'],['gz','rahzrenoyr'],['E

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49719	104.21.12.37	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:29 UTC	24	OUT	GET /favicon.ico HTTP/1.1 Host: tzegilo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tzegilo.com/stattag.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	104.21.12.37	443	192.168.2.5	49719	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:29 UTC	25	IN	HTTP/1.1 404 Not Found Date: Thu, 26 Oct 2023 07:10:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=doszA%2BALBIsHJtjJjy5tXbWsSn6hcwlGiwTf46kk33atFs2APRBi39dDscZtN9sTQ8M7NYynFwYasdpukcd8EsTJTaUXI2Z0vuz6Zjl5VYPblkf2VrvCXfA6lC37PQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 81c0e13bb8710934-IAD alt-svc: h3=":443"; ma=86400
2023-10-26 07:10:29 UTC	25	IN	Data Raw: 32 32 63 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 31 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 Data Ascii: 22c<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.19.10</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSI
2023-10-26 07:10:29 UTC	26	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49723	35.190.80.1	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:30 UTC	26	OUT	OPTIONS /report/v3?s=doszA%2BALBIsHJtjJjy5tXbWsSn6hcwlGiwTf46kk33atFs2APRBi39dDscZtN9sTQ8M7NYynFwYasdpukcd8EsTJTaUXI2Z0vuz6Zjl5VYPblkf2VrvCXfA6lC37PQ%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://tzegilo.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	35.190.80.1	443	192.168.2.5	49723	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-26 07:10:30 UTC	26	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Thu, 26 Oct 2023 07:10:29 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	09:10:19
Start date:	26/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	09:10:24
Start date:	26/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2124,i,7918544021414885137,10403579994920642758,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	09:10:27
Start date:	26/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tzegilo.com/stattag.js
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /stattag.js HTTP/1.1Host: tzegilo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tzegilo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tzegilo.com/stattag.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vh2GWBF3geyxZXG&MD=9zmEWgg1 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.164.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 8.252.64.254
Source: unknown	TCP traffic detected without corresponding DNS query: 8.252.64.254
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://tzegilo.com/stattag.js

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 408, Parent PID: 5176

General

Chronological Activities

Analysis Process: chrome.exePID: 1220, Parent PID: 408

General

Chronological Activities

Analysis Process: chrome.exePID: 4368, Parent PID: 5176

Windows Analysis Report
https://tzegilo.com/stattag.js