Windows Analysis Report
https://tahoevillagenv.com/dsb/ktx85kimc95vn

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_6120_733139272

Source: C:\Windows\System32\svchost.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS

Source: classification engine

Classification label: mal48.phis.win@18/6@10/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1956,i,15272954775181516638,12148441359381449542,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tahoevillagenv.com/dsb/ktx85kimc95vn
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1956,i,15272954775181516638,12148441359381449542,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Windows\System32\svchost.exe TID: 6316

Thread sleep time: -30000s >= -30000s

Source: svchost.exe, 00000002.00000002.2473495350.000002B72B02B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2474339281.000002B730654000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	21 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://tahoevillagenv.com/dsb/ktx85kimc95vn	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://tahoevillagenv.com/favicon.ico	0%	Avira URL Cloud	safe
http://crl.ver)	0%	Avira URL Cloud	safe
https://www.roboticaeducativa.pe/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=18321851	0%	Avira URL Cloud	safe
https://www.roboticaeducativa.pe/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.253.63.84	true	false	high
roboticaeducativa.pe	50.31.176.165	true	false	unknown
www.google.com	172.253.63.105	true	false	high
clients.l.google.com	142.251.111.113	true	false	high
tahoevillagenv.com	193.3.19.175	true	false	unknown
www.roboticaeducativa.pe	unknown	unknown	false	unknown
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.roboticaeducativa.pe/sazcgdgs	false		unknown
https://www.roboticaeducativa.pe/sazcgdgs/	false		unknown
https://www.roboticaeducativa.pe/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=18321851	false	Avira URL Cloud: safe	unknown
https://tahoevillagenv.com/dsb/ktx85kimc95vn	false		unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://tahoevillagenv.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://www.roboticaeducativa.pe/favicon.ico	false	Avira URL Cloud: safe	unknown
https://tahoevillagenv.com/dsb/ktx85kimc95vn	false		unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://www.roboticaeducativa.pe/sazcgdgs/	false		unknown
https://www.roboticaeducativa.pe/sazcgdgs	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://g.live.com/odclientsettings/Prod.C:	edb.log.2.dr, qmgr.db.2.dr	false		high
https://g.live.com/odclientsettings/ProdV2	edb.log.2.dr, qmgr.db.2.dr	false		high
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96	svchost.exe, 00000002.00000003.1633434648.000002B730572000.00000004.00000800.00020000.00000000.sdmp, edb.log.2.dr	false		high
http://crl.ver)	svchost.exe, 00000002.00000002.2474370707.000002B73068F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://g.live.com/odclientsettings/ProdV2.C:	edb.log.2.dr, qmgr.db.2.dr	false		high
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	svchost.exe, 00000002.00000003.1633434648.000002B730572000.00000004.00000800.00020000.00000000.sdmp, edb.log.2.dr, qmgr.db.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.111.113	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
50.31.176.165	roboticaeducativa.pe	United States	23352	SERVERCENTRALUS	false
172.253.63.84	accounts.google.com	United States	15169	GOOGLEUS	false
172.253.63.105	www.google.com	United States	15169	GOOGLEUS	false
193.3.19.175	tahoevillagenv.com	Denmark	2107	ARNES-NETAcademicandResearchNetworkofSloveniaSI	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1335636
Start date and time:	2023-11-01 18:55:10 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://tahoevillagenv.com/dsb/ktx85kimc95vn
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@18/6@10/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 172.253.122.94, 34.104.35.123, 23.41.168.93, 72.21.81.240, 192.229.211.108, 172.253.63.94
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://tahoevillagenv.com/dsb/ktx85kimc95vn

Simulations

Behavior and APIs

Time	Type	Description
18:55:57	API Interceptor	2x Sleep call for process: svchost.exe modified

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.3267912677715847
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrd:KooCEYhgYEL0In
MD5:	1A30557125117D769D0AF62795E2FC9C
SHA1:	EB8ADE955EF865ED703183EB766B95694A4EF08D
SHA-256:	484E0D87F68F9FE32706FB5323E42874F19F3A4556BEAFB0ADF7F7EDFC7CDC24
SHA-512:	B43B1EB4351177E0FB6DF36DD8D93FC3E97B328C08AB5BDC54297DE37E4F3874674589A9ADED92D2732711D4D8BDE62742963A881EAD289709BDFEEFAB1E3084
Malicious:	false
Reputation:	low
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x98d9e8f2, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.4221123642683915
Encrypted:	false
SSDEEP:	1536:xSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:xaza/vMUM2Uvz7DO
MD5:	FA130A0A4F88B35B466E1D03063B6922
SHA1:	5671B9B93FB82E0CA29CA1A303BE57649CDD0A2D
SHA-256:	ACCCCAB2BDE0322729DB60DC60072C56BE9C5DE6F780F469FA4489ABD400326A
SHA-512:	CB6E7E2F794A50417827FA339F69EBD52CF0A0557911B1689328CE3E23356FF3BF4473A46B2394036291FD3AD40AFB7E2BF3C0EDE1894DAC092232F89B1F3032
Malicious:	false
Reputation:	low
Preview:	....... .......A.......X\...;...{......................0.!..........{A.97...{..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................,.>97...{....................v.97...{...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.0764334634254559
Encrypted:	false
SSDEEP:	3:+ml//KYerE8olukjn13a/rFzll/lollcVO/lnlZMxZNQl:+mt/Kzr6lv53qrpGOewk
MD5:	B3D830052ECDDB78FFB138F67F9FDE99
SHA1:	95F4448E5619F79C00279BBFD0B0874281F39FF6
SHA-256:	0F6AA73A6AEC54C4AA89D468AC51D507C7FB6BCDA6E058D58D180849B1200F7A
SHA-512:	344E274865635254A269D21361A85C7B329184FBD0A2F852C26DED3313443FC78D8757F329ACFE2DC49EBD377BA78D7591061F5BEA52934E4417E8370CB96F49
Malicious:	false
Reputation:	low
Preview:	.@.......................................;...{..97...{.......{A..............{A......{A..........{A]..................v.97...{..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	low
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Chrome Cache Entry: 54

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	82
Entropy (8bit):	4.734690267338022
Encrypted:	false
SSDEEP:	3:nmNjJMzVJu+1prSLaHKHEJqT2VHL:GMRJVpGLaVo8r
MD5:	C5DB22561933D5606CD760B8E6673F6D
SHA1:	9B61EEADD8601E39D3E01C978F4500F980CC6F71
SHA-256:	12787E9788EABA875A41EBAD1F8C9A9393F267C09B67E8A23DD428503A6E3CEC
SHA-512:	D5572826CC8CA906403AF92506D931CBFA9976EB22BA1D6CD1A0D60CB9F7273FA44574743B8DC8CA2FA04B56A8ED730ACC86159CFAA692BE0A93A9B3BAF0F5CB
Malicious:	false
Reputation:	low
URL:	https://tahoevillagenv.com/dsb/ktx85kimc95vn
Preview:	<meta http-equiv="refresh" content="0;https://www.roboticaeducativa.pe/sazcgdgs">.

Chrome Cache Entry: 55

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	82
Entropy (8bit):	4.734690267338022
Encrypted:	false
SSDEEP:	3:nmNjJMzVJu+1prSLaHKHEJqT2VHL:GMRJVpGLaVo8r
MD5:	C5DB22561933D5606CD760B8E6673F6D
SHA1:	9B61EEADD8601E39D3E01C978F4500F980CC6F71
SHA-256:	12787E9788EABA875A41EBAD1F8C9A9393F267C09B67E8A23DD428503A6E3CEC
SHA-512:	D5572826CC8CA906403AF92506D931CBFA9976EB22BA1D6CD1A0D60CB9F7273FA44574743B8DC8CA2FA04B56A8ED730ACC86159CFAA692BE0A93A9B3BAF0F5CB
Malicious:	false
Reputation:	low
URL:	https://tahoevillagenv.com/favicon.ico
Preview:	<meta http-equiv="refresh" content="0;https://www.roboticaeducativa.pe/sazcgdgs">.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2023 18:55:53.240636110 CET	49675	443	192.168.2.4	173.222.162.32
Nov 1, 2023 18:55:53.256196022 CET	49678	443	192.168.2.4	104.46.162.224
Nov 1, 2023 18:55:58.488535881 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:58.488573074 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:55:58.488641024 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:58.489273071 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.489305973 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.489357948 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.493222952 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:58.493237019 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:55:58.493403912 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.493417025 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.724112988 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.724306107 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.724318027 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.726388931 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.726464033 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.727370024 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.727454901 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.727554083 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.727560997 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.762825966 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:55:58.763061047 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:58.763081074 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:55:58.763452053 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:55:58.763514996 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:58.764139891 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:55:58.764205933 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:58.765048027 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:58.765110016 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:55:58.765350103 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:58.765357018 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:55:58.770224094 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.848368883 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:58.964708090 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.964799881 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.964823008 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.964898109 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.964945078 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.965581894 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.965599060 CET	443	49739	172.253.63.84	192.168.2.4
Nov 1, 2023 18:55:58.965643883 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:58.965662003 CET	49739	443	192.168.2.4	172.253.63.84
Nov 1, 2023 18:55:59.029620886 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:55:59.029766083 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:55:59.029824018 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:59.030411005 CET	49738	443	192.168.2.4	142.251.111.113
Nov 1, 2023 18:55:59.030437946 CET	443	49738	142.251.111.113	192.168.2.4
Nov 1, 2023 18:56:00.199908972 CET	49742	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.199949980 CET	443	49742	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.200088978 CET	49742	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.200619936 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.200659990 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.200706005 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.200974941 CET	49742	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.200992107 CET	443	49742	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.201196909 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.201214075 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.886059999 CET	443	49742	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.886372089 CET	49742	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.886451960 CET	443	49742	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.887363911 CET	443	49742	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.887432098 CET	49742	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.888412952 CET	49742	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.888484001 CET	443	49742	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.888624907 CET	49742	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.888642073 CET	443	49742	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.892302990 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.893091917 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.893106937 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.893959999 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.894023895 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.894426107 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.894486904 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.938033104 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.938045025 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:00.938093901 CET	49742	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:00.987425089 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:01.104861975 CET	443	49742	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:01.104935884 CET	443	49742	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:01.105006933 CET	49742	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:01.107039928 CET	49742	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:01.107100010 CET	443	49742	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:01.154102087 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:01.194456100 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:01.273401976 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.273442030 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.273510933 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.274435043 CET	49747	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.274458885 CET	443	49747	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.274513006 CET	49747	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.275695086 CET	49747	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.275708914 CET	443	49747	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.275993109 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.276005983 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.374264002 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:01.374342918 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:01.374393940 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:01.375864983 CET	49743	443	192.168.2.4	193.3.19.175
Nov 1, 2023 18:56:01.375891924 CET	443	49743	193.3.19.175	192.168.2.4
Nov 1, 2023 18:56:01.542959929 CET	443	49747	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.543458939 CET	49747	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.543493986 CET	443	49747	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.544584990 CET	443	49747	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.544661045 CET	49747	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.546189070 CET	49747	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.546283960 CET	443	49747	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.546637058 CET	49747	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.546647072 CET	443	49747	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.547208071 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.547503948 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.547535896 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.548490047 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.548561096 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.549031019 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.549103022 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.598344088 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.598345995 CET	49747	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.598370075 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.646461964 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.768146038 CET	443	49747	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.768348932 CET	443	49747	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.768470049 CET	49747	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.843745947 CET	49747	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.843767881 CET	443	49747	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.928380013 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.929841995 CET	49748	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.929874897 CET	443	49748	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.929932117 CET	49748	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.930299044 CET	49748	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:01.930313110 CET	443	49748	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:01.974451065 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.046700001 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.046771049 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.046827078 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.053491116 CET	49746	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.053507090 CET	443	49746	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.173680067 CET	443	49748	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.174035072 CET	49748	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.174056053 CET	443	49748	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.174376965 CET	443	49748	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.174966097 CET	49748	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.175024986 CET	443	49748	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.175277948 CET	49748	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.222443104 CET	443	49748	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.402976990 CET	443	49748	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.403050900 CET	443	49748	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.403107882 CET	49748	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.403371096 CET	49748	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.403383017 CET	443	49748	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.649115086 CET	49750	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.649190903 CET	443	49750	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.649271965 CET	49750	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.649672031 CET	49750	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.649687052 CET	443	49750	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.750077009 CET	49751	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:56:02.750138998 CET	443	49751	172.253.63.105	192.168.2.4
Nov 1, 2023 18:56:02.750212908 CET	49751	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:56:02.750648975 CET	49751	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:56:02.750668049 CET	443	49751	172.253.63.105	192.168.2.4
Nov 1, 2023 18:56:02.849541903 CET	49675	443	192.168.2.4	173.222.162.32
Nov 1, 2023 18:56:02.910336018 CET	443	49750	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.910861969 CET	49750	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.910882950 CET	443	49750	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.912383080 CET	443	49750	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.913809061 CET	49750	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.913990021 CET	443	49750	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.914197922 CET	49750	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:02.957195044 CET	443	49751	172.253.63.105	192.168.2.4
Nov 1, 2023 18:56:02.958425045 CET	49751	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:56:02.958447933 CET	443	49750	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:02.958499908 CET	443	49751	172.253.63.105	192.168.2.4
Nov 1, 2023 18:56:02.959482908 CET	443	49751	172.253.63.105	192.168.2.4
Nov 1, 2023 18:56:02.959563971 CET	49751	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:56:02.960920095 CET	49751	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:56:02.960994005 CET	443	49751	172.253.63.105	192.168.2.4
Nov 1, 2023 18:56:03.003704071 CET	49751	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:56:03.003724098 CET	443	49751	172.253.63.105	192.168.2.4
Nov 1, 2023 18:56:03.052377939 CET	49751	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:56:03.943392038 CET	443	49750	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:03.943485975 CET	443	49750	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:03.943609953 CET	49750	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:03.958831072 CET	49750	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:03.958858967 CET	443	49750	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:03.992995977 CET	49754	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:03.993043900 CET	443	49754	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:03.993115902 CET	49754	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:03.993530035 CET	49754	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:03.993545055 CET	443	49754	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:04.242391109 CET	443	49754	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:04.242779970 CET	49754	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:04.242811918 CET	443	49754	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:04.243149996 CET	443	49754	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:04.243906975 CET	49754	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:04.243968010 CET	443	49754	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:04.244059086 CET	49754	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:04.290487051 CET	443	49754	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:04.470987082 CET	443	49754	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:04.471066952 CET	443	49754	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:04.471229076 CET	49754	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:04.471714020 CET	49754	443	192.168.2.4	50.31.176.165
Nov 1, 2023 18:56:04.471738100 CET	443	49754	50.31.176.165	192.168.2.4
Nov 1, 2023 18:56:12.972362041 CET	443	49751	172.253.63.105	192.168.2.4
Nov 1, 2023 18:56:12.972426891 CET	443	49751	172.253.63.105	192.168.2.4
Nov 1, 2023 18:56:12.972587109 CET	49751	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:56:14.557301998 CET	49751	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:56:14.557370901 CET	443	49751	172.253.63.105	192.168.2.4
Nov 1, 2023 18:56:16.054740906 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.054778099 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.054864883 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.056648016 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.056663036 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.361094952 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.361191034 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.363476038 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.363486052 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.363862991 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.412290096 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.482693911 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.526456118 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.677964926 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.677989960 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.678009033 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.678020954 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.678051949 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.678065062 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.678086996 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.678101063 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.678136110 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.678206921 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.678272963 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.678277969 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.678303003 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.678344011 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.697402000 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.697417021 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:16.697449923 CET	49755	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:16.697454929 CET	443	49755	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:43.083940983 CET	80	49734	209.197.3.8	192.168.2.4
Nov 1, 2023 18:56:43.084070921 CET	49734	80	192.168.2.4	209.197.3.8
Nov 1, 2023 18:56:44.110608101 CET	80	49736	209.197.3.8	192.168.2.4
Nov 1, 2023 18:56:44.110796928 CET	49736	80	192.168.2.4	209.197.3.8
Nov 1, 2023 18:56:45.351422071 CET	80	49733	209.197.3.8	192.168.2.4
Nov 1, 2023 18:56:45.351675034 CET	49733	80	192.168.2.4	209.197.3.8
Nov 1, 2023 18:56:47.484312057 CET	49732	443	192.168.2.4	204.79.197.200
Nov 1, 2023 18:56:47.484802008 CET	49734	80	192.168.2.4	209.197.3.8
Nov 1, 2023 18:56:47.735497952 CET	49723	80	192.168.2.4	67.26.237.254
Nov 1, 2023 18:56:47.735522985 CET	49724	80	192.168.2.4	67.26.237.254
Nov 1, 2023 18:56:47.735572100 CET	49733	80	192.168.2.4	209.197.3.8
Nov 1, 2023 18:56:47.827748060 CET	80	49723	67.26.237.254	192.168.2.4
Nov 1, 2023 18:56:47.827807903 CET	80	49724	67.26.237.254	192.168.2.4
Nov 1, 2023 18:56:47.827856064 CET	49723	80	192.168.2.4	67.26.237.254
Nov 1, 2023 18:56:47.827867031 CET	49724	80	192.168.2.4	67.26.237.254
Nov 1, 2023 18:56:47.828253031 CET	80	49733	209.197.3.8	192.168.2.4
Nov 1, 2023 18:56:47.828316927 CET	49733	80	192.168.2.4	209.197.3.8
Nov 1, 2023 18:56:48.519455910 CET	49736	80	192.168.2.4	209.197.3.8
Nov 1, 2023 18:56:48.611337900 CET	80	49736	209.197.3.8	192.168.2.4
Nov 1, 2023 18:56:48.611573935 CET	49736	80	192.168.2.4	209.197.3.8
Nov 1, 2023 18:56:53.169523954 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.169603109 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.169718981 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.170547962 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.170576096 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.471055984 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.471163988 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.473779917 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.473813057 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.474042892 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.487874985 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.530523062 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.764189005 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.764209032 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.764308929 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.764396906 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.764396906 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.764458895 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.764525890 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.764590025 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.764635086 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.764652014 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.764673948 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.764714956 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.764720917 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.764765978 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.772733927 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.772773027 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:56:53.772854090 CET	49758	443	192.168.2.4	20.12.23.50
Nov 1, 2023 18:56:53.772870064 CET	443	49758	20.12.23.50	192.168.2.4
Nov 1, 2023 18:57:02.701881886 CET	49760	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:57:02.701965094 CET	443	49760	172.253.63.105	192.168.2.4
Nov 1, 2023 18:57:02.702054024 CET	49760	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:57:02.702480078 CET	49760	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:57:02.702516079 CET	443	49760	172.253.63.105	192.168.2.4
Nov 1, 2023 18:57:02.916456938 CET	443	49760	172.253.63.105	192.168.2.4
Nov 1, 2023 18:57:02.916856050 CET	49760	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:57:02.916917086 CET	443	49760	172.253.63.105	192.168.2.4
Nov 1, 2023 18:57:02.917432070 CET	443	49760	172.253.63.105	192.168.2.4
Nov 1, 2023 18:57:02.918052912 CET	49760	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:57:02.918169022 CET	443	49760	172.253.63.105	192.168.2.4
Nov 1, 2023 18:57:02.958511114 CET	49760	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:57:12.914496899 CET	443	49760	172.253.63.105	192.168.2.4
Nov 1, 2023 18:57:12.914571047 CET	443	49760	172.253.63.105	192.168.2.4
Nov 1, 2023 18:57:12.914625883 CET	49760	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:57:14.553536892 CET	49760	443	192.168.2.4	172.253.63.105
Nov 1, 2023 18:57:14.553575039 CET	443	49760	172.253.63.105	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2023 18:55:58.392242908 CET	61385	53	192.168.2.4	1.1.1.1
Nov 1, 2023 18:55:58.392453909 CET	60732	53	192.168.2.4	1.1.1.1
Nov 1, 2023 18:55:58.392975092 CET	56744	53	192.168.2.4	1.1.1.1
Nov 1, 2023 18:55:58.393352985 CET	63148	53	192.168.2.4	1.1.1.1
Nov 1, 2023 18:55:58.442181110 CET	53	64485	1.1.1.1	192.168.2.4
Nov 1, 2023 18:55:58.486969948 CET	53	63148	1.1.1.1	192.168.2.4
Nov 1, 2023 18:55:58.487405062 CET	53	61385	1.1.1.1	192.168.2.4
Nov 1, 2023 18:55:58.487550020 CET	53	60732	1.1.1.1	192.168.2.4
Nov 1, 2023 18:55:58.487704039 CET	53	56744	1.1.1.1	192.168.2.4
Nov 1, 2023 18:55:59.174720049 CET	53	56312	1.1.1.1	192.168.2.4
Nov 1, 2023 18:56:00.088660955 CET	52325	53	192.168.2.4	1.1.1.1
Nov 1, 2023 18:56:00.088867903 CET	50597	53	192.168.2.4	1.1.1.1
Nov 1, 2023 18:56:00.183579922 CET	53	50597	1.1.1.1	192.168.2.4
Nov 1, 2023 18:56:00.190032005 CET	53	52325	1.1.1.1	192.168.2.4
Nov 1, 2023 18:56:01.143369913 CET	56161	53	192.168.2.4	1.1.1.1
Nov 1, 2023 18:56:01.143616915 CET	64041	53	192.168.2.4	1.1.1.1
Nov 1, 2023 18:56:01.236906052 CET	53	56161	1.1.1.1	192.168.2.4
Nov 1, 2023 18:56:01.305097103 CET	53	64041	1.1.1.1	192.168.2.4
Nov 1, 2023 18:56:02.653680086 CET	51015	53	192.168.2.4	1.1.1.1
Nov 1, 2023 18:56:02.653877020 CET	57275	53	192.168.2.4	1.1.1.1
Nov 1, 2023 18:56:02.746635914 CET	53	57275	1.1.1.1	192.168.2.4
Nov 1, 2023 18:56:02.746869087 CET	53	51015	1.1.1.1	192.168.2.4
Nov 1, 2023 18:56:16.240987062 CET	53	65184	1.1.1.1	192.168.2.4
Nov 1, 2023 18:56:23.776396036 CET	138	138	192.168.2.4	192.168.2.255
Nov 1, 2023 18:56:35.120194912 CET	53	60667	1.1.1.1	192.168.2.4
Nov 1, 2023 18:56:58.032325029 CET	53	60108	1.1.1.1	192.168.2.4
Nov 1, 2023 18:56:58.323654890 CET	53	55831	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 1, 2023 18:56:01.305192947 CET	192.168.2.4	1.1.1.1	c1ee	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 1, 2023 18:55:58.392242908 CET	192.168.2.4	1.1.1.1	0x4f2	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:55:58.392453909 CET	192.168.2.4	1.1.1.1	0x56ec	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Nov 1, 2023 18:55:58.392975092 CET	192.168.2.4	1.1.1.1	0xc34	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:55:58.393352985 CET	192.168.2.4	1.1.1.1	0xad11	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Nov 1, 2023 18:56:00.088660955 CET	192.168.2.4	1.1.1.1	0x55dd	Standard query (0)	tahoevillagenv.com	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:00.088867903 CET	192.168.2.4	1.1.1.1	0xb383	Standard query (0)	tahoevillagenv.com	65	IN (0x0001)	false
Nov 1, 2023 18:56:01.143369913 CET	192.168.2.4	1.1.1.1	0x57a0	Standard query (0)	www.roboticaeducativa.pe	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:01.143616915 CET	192.168.2.4	1.1.1.1	0x314a	Standard query (0)	www.roboticaeducativa.pe	65	IN (0x0001)	false
Nov 1, 2023 18:56:02.653680086 CET	192.168.2.4	1.1.1.1	0xfa2f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:02.653877020 CET	192.168.2.4	1.1.1.1	0xff78	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 1, 2023 18:55:58.487405062 CET	1.1.1.1	192.168.2.4	0x4f2	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2023 18:55:58.487405062 CET	1.1.1.1	192.168.2.4	0x4f2	No error (0)	clients.l.google.com		142.251.111.113	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:55:58.487405062 CET	1.1.1.1	192.168.2.4	0x4f2	No error (0)	clients.l.google.com		142.251.111.138	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:55:58.487405062 CET	1.1.1.1	192.168.2.4	0x4f2	No error (0)	clients.l.google.com		142.251.111.102	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:55:58.487405062 CET	1.1.1.1	192.168.2.4	0x4f2	No error (0)	clients.l.google.com		142.251.111.139	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:55:58.487405062 CET	1.1.1.1	192.168.2.4	0x4f2	No error (0)	clients.l.google.com		142.251.111.101	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:55:58.487405062 CET	1.1.1.1	192.168.2.4	0x4f2	No error (0)	clients.l.google.com		142.251.111.100	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:55:58.487550020 CET	1.1.1.1	192.168.2.4	0x56ec	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2023 18:55:58.487704039 CET	1.1.1.1	192.168.2.4	0xc34	No error (0)	accounts.google.com		172.253.63.84	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:00.190032005 CET	1.1.1.1	192.168.2.4	0x55dd	No error (0)	tahoevillagenv.com		193.3.19.175	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:01.236906052 CET	1.1.1.1	192.168.2.4	0x57a0	No error (0)	www.roboticaeducativa.pe	roboticaeducativa.pe		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2023 18:56:01.236906052 CET	1.1.1.1	192.168.2.4	0x57a0	No error (0)	roboticaeducativa.pe		50.31.176.165	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:01.305097103 CET	1.1.1.1	192.168.2.4	0x314a	Server failure (2)	www.roboticaeducativa.pe	none	none	65	IN (0x0001)	false
Nov 1, 2023 18:56:02.746635914 CET	1.1.1.1	192.168.2.4	0xff78	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 1, 2023 18:56:02.746869087 CET	1.1.1.1	192.168.2.4	0xfa2f	No error (0)	www.google.com		172.253.63.105	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:02.746869087 CET	1.1.1.1	192.168.2.4	0xfa2f	No error (0)	www.google.com		172.253.63.147	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:02.746869087 CET	1.1.1.1	192.168.2.4	0xfa2f	No error (0)	www.google.com		172.253.63.103	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:02.746869087 CET	1.1.1.1	192.168.2.4	0xfa2f	No error (0)	www.google.com		172.253.63.106	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:02.746869087 CET	1.1.1.1	192.168.2.4	0xfa2f	No error (0)	www.google.com		172.253.63.99	A (IP address)	IN (0x0001)	false
Nov 1, 2023 18:56:02.746869087 CET	1.1.1.1	192.168.2.4	0xfa2f	No error (0)	www.google.com		172.253.63.104	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

tahoevillagenv.com

https:

www.roboticaeducativa.pe

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49739	172.253.63.84	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:55:58 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk; 1P_JAR=2023-10-04-09
2023-11-01 17:55:58 UTC	0	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49738	142.251.111.113	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:55:58 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49746	50.31.176.165	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:01 UTC	8	OUT	GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=18321851 HTTP/1.1 Host: www.roboticaeducativa.pe Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://www.roboticaeducativa.pe/sazcgdgs Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	50.31.176.165	443	192.168.2.4	49746	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:02 UTC	9	IN	HTTP/1.1 302 Moved Temporarily Date: Wed, 01 Nov 2023 17:56:01 GMT Content-Type: text/html Content-Length: 142 Connection: close Set-Cookie: wschkid=59578c1eb33e728bec0ba58ae1574d8b8457274b.1698947761.1; Expires=Fri, 01-Dec-23 17:56:01 GMT; Domain=www.roboticaeducativa.pe; Path=/; HttpOnly; SameSite=Lax Location: https://www.roboticaeducativa.pe/sazcgdgs Server: imunify360-webshield/1.21
2023-11-01 17:56:02 UTC	9	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49748	50.31.176.165	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:02 UTC	9	OUT	GET /sazcgdgs HTTP/1.1 Host: www.roboticaeducativa.pe Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://www.roboticaeducativa.pe/sazcgdgs Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: wschkid=59578c1eb33e728bec0ba58ae1574d8b8457274b.1698947761.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	50.31.176.165	443	192.168.2.4	49748	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:02 UTC	10	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 01 Nov 2023 17:56:01 GMT Content-Type: text/html Content-Length: 707 Connection: close location: https://www.roboticaeducativa.pe/sazcgdgs/ Server: imunify360-webshield/1.21
2023-11-01 17:56:02 UTC	10	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helv

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49750	50.31.176.165	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:02 UTC	11	OUT	GET /sazcgdgs/ HTTP/1.1 Host: www.roboticaeducativa.pe Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://www.roboticaeducativa.pe/sazcgdgs Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: wschkid=59578c1eb33e728bec0ba58ae1574d8b8457274b.1698947761.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	50.31.176.165	443	192.168.2.4	49750	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:03 UTC	12	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 17:56:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close Server: imunify360-webshield/1.21

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49754	50.31.176.165	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:04 UTC	12	OUT	GET /favicon.ico HTTP/1.1 Host: www.roboticaeducativa.pe Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.roboticaeducativa.pe/sazcgdgs/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: wschkid=59578c1eb33e728bec0ba58ae1574d8b8457274b.1698947761.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	50.31.176.165	443	192.168.2.4	49754	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:04 UTC	13	IN	HTTP/1.1 404 Not Found Date: Wed, 01 Nov 2023 17:56:03 GMT Content-Type: text/html Content-Length: 708 Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache Server: imunify360-webshield/1.21
2023-11-01 17:56:04 UTC	13	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.4	49755	20.12.23.50	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:16 UTC	14	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=O5SYP7znxPd9Rxd&MD=9SDH+xXT HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-01 17:56:16 UTC	14	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: bfc3e9e1-7ac3-4fe4-8251-c592d9958d3d MS-RequestId: e60f8d9d-ba57-43b5-a489-581b9779c0ba MS-CV: 9FRKQfdsak2sHJNE.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 01 Nov 2023 17:56:16 GMT Connection: close Content-Length: 24490
2023-11-01 17:56:16 UTC	15	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-01 17:56:16 UTC	30	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.4	49758	20.12.23.50	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:53 UTC	38	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=O5SYP7znxPd9Rxd&MD=9SDH+xXT HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-01 17:56:53 UTC	39	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 3b6d3e81-33ec-425b-93d0-2064775f8f2c MS-RequestId: 9cfe95a8-a3a4-4377-9087-a9bfa482099e MS-CV: FhIhp7Ag/UeY43Sg.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 01 Nov 2023 17:56:52 GMT Connection: close Content-Length: 25457
2023-11-01 17:56:53 UTC	39	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-11-01 17:56:53 UTC	55	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	172.253.63.84	443	192.168.2.4	49739	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:55:58 UTC	1	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 01 Nov 2023 17:55:58 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'report-sample' 'nonce-y5hAj4WDOxh-4d2RfYASyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-01 17:55:58 UTC	3	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-01 17:55:58 UTC	3	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	142.251.111.113	443	192.168.2.4	49738	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:55:59 UTC	3	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-HnFmnjZIbt5iX0J6JFzOHw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 01 Nov 2023 17:55:58 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6148 X-Daystart: 39358 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-01 17:55:59 UTC	3	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 34 38 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 39 33 35 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6148" elapsed_seconds="39358"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-01 17:55:59 UTC	4	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-01 17:55:59 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49742	193.3.19.175	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:00 UTC	4	OUT	GET /dsb/ktx85kimc95vn HTTP/1.1 Host: tahoevillagenv.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	193.3.19.175	443	192.168.2.4	49742	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:01 UTC	5	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 01 Nov 2023 17:56:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 82 Connection: close Last-Modified: Wed, 01 Nov 2023 12:35:00 GMT ETag: "52-609167ff1fcd2" Accept-Ranges: bytes
2023-11-01 17:56:01 UTC	5	IN	Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 6f 62 6f 74 69 63 61 65 64 75 63 61 74 69 76 61 2e 70 65 2f 73 61 7a 63 67 64 67 73 22 3e 0a Data Ascii: <meta http-equiv="refresh" content="0;https://www.roboticaeducativa.pe/sazcgdgs">

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49743	193.3.19.175	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:01 UTC	5	OUT	GET /favicon.ico HTTP/1.1 Host: tahoevillagenv.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://tahoevillagenv.com/dsb/ktx85kimc95vn Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	193.3.19.175	443	192.168.2.4	49743	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:01 UTC	6	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 01 Nov 2023 17:56:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 82 Connection: close Last-Modified: Wed, 01 Nov 2023 12:35:00 GMT ETag: "52-609167ff1fcd2" Accept-Ranges: bytes
2023-11-01 17:56:01 UTC	6	IN	Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 6f 62 6f 74 69 63 61 65 64 75 63 61 74 69 76 61 2e 70 65 2f 73 61 7a 63 67 64 67 73 22 3e 0a Data Ascii: <meta http-equiv="refresh" content="0;https://www.roboticaeducativa.pe/sazcgdgs">

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49747	50.31.176.165	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:01 UTC	6	OUT	GET /sazcgdgs HTTP/1.1 Host: www.roboticaeducativa.pe Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://tahoevillagenv.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	50.31.176.165	443	192.168.2.4	49747	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-01 17:56:01 UTC	7	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 17:56:00 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Server: imunify360-webshield/1.21 Last-Modified: Wednesday, 01-Nov-2023 17:56:00 GMT Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0 cf-edge-cache: no-cache
2023-11-01 17:56:01 UTC	7	IN	Data Raw: 35 33 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a Data Ascii: 53a<!doctype html><html><head><meta charset="utf-8"><meta name="robots" content="noindex, nofollow"><title>One moment, please...</title><style>body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh;

Target ID:	0
Start time:	18:55:55
Start date:	01/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	18:55:56
Start date:	01/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1956,i,15272954775181516638,12148441359381449542,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	18:55:56
Start date:	01/11/2023
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	18:55:58
Start date:	01/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tahoevillagenv.com/dsb/ktx85kimc95vn
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true