Edit tour

Windows Analysis Report
http://novo.oratoriomariano.com/novo/

Overview

General Information

Sample URL:	http://novo.oratoriomariano.com/novo/
Analysis ID:	1520161
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,9115757416579988487,16549715016900930779,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://novo.oratoriomariano.com/novo/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://novo.oratoriomariano.com/novo/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://novo.oratoriomariano.com/novo/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: http://novo.oratoriomariano.com/novo/12473	HTTP Parser: No favicon
Source: http://novo.oratoriomariano.com/novo/12473	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:58133 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 03:55:33 GMTServer: ApacheLast-Modified: Thu, 29 Sep 2022 22:56:50 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1191Keep-Alive: timeout=5, max=73Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 95 52 4d 6f db 38 10 bd f7 57 d0 82 61 88 85 22 3b 05 f6 22 43 c8 c1 ed 62 b3 6d 92 2e 92 3d 15 3d 30 d2 d8 62 43 93 5e 72 6c 27 70 fc df 77 48 4a b6 e2 a6 dd 2e 7c b0 38 9f 6f de 7b e3 b7 6c 66 56 4f 56 2e 1a 64 e9 8c b3 77 93 f3 77 ec f6 49 6d 84 d4 ec 0f b1 04 f5 e6 b3 35 df a0 c2 82 35 88 2b 57 8c c7 0b 89 cd fa 3e af cc 72 6c a1 6e 0c 3a f5 34 76 72 b9 52 70 06 8f 2b a1 eb 37 57 97 77 ec 93 ac 40 57 70 ec b3 62 9b ff 77 ef 78 29 1c 82 1d ab d8 7e b6 94 98 e3 23 b2 b7 e3 37 e9 7c ad 2b 94 46 a7 43 be 4b d6 0e 98 43 2b 2b 4c a6 5d 82 41 ca 77 1b 61 19 94 d8 48 37 85 bc 86 b9 58 2b 74 e5 ae 91 35 5c 99 1a 8a 64 2e 6a b8 33 8b 85 82 24 6b f3 b7 20 6c d5 c4 f4 4a 58 d0 78 48 dd 09 bb 00 2c 12 02 ad 31 24 b0 b1 66 7b a3 af a4 73 52 2f da fc 60 92 3d 00 ac 6e 51 20 5c ea 99 31 0f 12 8a c1 79 56 85 af 6b a2 b2 48 5e 1c 9a ec 33 c8 1d 20 d2 0c 82 b7 cf 86 39 3c d2 82 3a 3d 86 b3 e3 01 9c be e7 52 d7 9f 60 03 ea 46 c3 7b 5a 56 1e 08 81 0c 33 cd 77 16 70 6d 89 85 50 99 22 a7 7f 45 64 1e 89 eb 4a 06 c3 d4 13 c4 f3 78 ac fb 5b a3 54 34 45 f3 5c 81 5e 60 b3 e7 2d bc 4b 2d 51 0a 15 ee 3a ee 0b db 3c d1 b6 84 dc 82 a8 43 9e 36 4e ed 45 8a 14 59 9a 0d cc 94 70 2e 4d 2a a3 94 58 39 a8 13 9e 8b ba 6e a3 91 04 1f f4 7b 1a b3 4d 35 e7 c5 69 ef b1 aa d7 da 1b 48 bd 5e 57 df bb 6f bf 7b 20 f9 ee 48 65 de e9 5f 96 65 df 01 17 18 27 f0 e2 07 b5 f7 c2 c9 2a 19 8d ba ba 7d 8b f7 ff ef 09 57 fe c2 9e 58 e7 f7 54 0d 54 0f 1f 4f 6d f5 d9 02 79 b1 96 7e b9 2b 7b da ca 79 cf 3b f9 77 76 1c 8d 86 79 b4 23 ed 5b 13 ad e4 12 a8 79 b0 33 d3 b0 65 1f ac 35 36 7d 69 d3 82 7d 37 87 99 95 5f c8 2c fc b3 96 16 1c eb c6 32 34 ec 1e 58 3b 38 4f c2 0d de 1d b1 af 0f d5 7b 07 cb ae b1 0f 3b 46 ae c5 12 c8 4c d1 cf 48 78 f5 5a a9 e7 67 ff 95 24 17 bb 7d f1 e7 ed cd b5 77 af f3 ae eb f6 9c ba 34 50 32 f8 19 27 3c ae 18 9c 4f 3d 22 5d 62 2e 10 89 83 4b 32 d7 94 9a f5 0b aa 62 f1 b4 6f fc 38 26 e5 99 2c ed 17 fd 95 ca 07 93 e7 67 9a d7 62 97 c1 2f 62 03 a7 d8 32 fd cb e8 da 85 a7 d8 ec 8f b0 c9 13 6c 53 f9 c5 7e 2d 75 f6 73 ba b3 40 a9 43 4b 71 39 7f 4a 25 cf 76 56 6c 8b c1 24 5b 09 6c 8a ad d4 b5 d9 e6 ca 54 c2 5f 90 fb a0 a6 be 7d a0 1f 83 cd 4f ee eb 88 8a c9 99 73 24 49 47 4c 0f 43 23 6b b8 32 b5 b7 65 32 17 35 dc 85 f2 e4 42 e7 c7 57 7a fe db 84 17 3f 68 ba 17 4e 56 be 3e 2e 4a 79 31 cc a5 fb bd c3 f2 4a 17 1f 8d 5e 89 7a d4 99 e5 7d c5 28 44 81 c1 f9 f1 46 3a e3 78 26 f0 dd e1 9e 46 b8 99 12 74 64 02 8f 2b 41 c2 90 4e 17 e9 a1 2d a6 2a a3 94 58 39 a8 d9 b1 88 c6 f3 e2 b4 b0 4b b3 43 87 2f 9c 04 b2 49 f1 fa 4e d8 05 a0 7b c1 38 41 dd 45 03 7c f9 da b9 37 11 f7 ce a8 35 42 c2 65 39 4c 2d 9f 82 72 c0 ba ac 05 45 72 6e 42 36 0e fe 04 1b 50 37 1a de 93 1b
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 27 Sep 2024 03:55:33 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Thu, 29 Sep 2022 22:56:50 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1191Keep-Alive: timeout=5, max=75Content-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 95 52 4d 6f db 38 10 bd f7 57 d0 82 61 88 85 22 3b 05 f6 22 43 c8 c1 ed 62 b3 6d 92 2e 92 3d 15 3d 30 d2 d8 62 43 93 5e 72 6c 27 70 fc df 77 48 4a b6 e2 a6 dd 2e 7c b0 38 9f 6f de 7b e3 b7 6c 66 56 4f 56 2e 1a 64 e9 8c b3 77 93 f3 77 ec f6 49 6d 84 d4 ec 0f b1 04 f5 e6 b3 35 df a0 c2 82 35 88 2b 57 8c c7 0b 89 cd fa 3e af cc 72 6c a1 6e 0c 3a f5 34 76 72 b9 52 70 06 8f 2b a1 eb 37 57 97 77 ec 93 ac 40 57 70 ec b3 62 9b ff 77 ef 78 29 1c 82 1d ab d8 7e b6 94 98 e3 23 b2 b7 e3 37 e9 7c ad 2b 94 46 a7 43 be 4b d6 0e 98 43 2b 2b 4c a6 5d 82 41 ca 77 1b 61 19 94 d8 48 37 85 bc 86 b9 58 2b 74 e5 ae 91 35 5c 99 1a 8a 64 2e 6a b8 33 8b 85 82 24 6b f3 b7 20 6c d5 c4 f4 4a 58 d0 78 48 dd 09 bb 00 2c 12 02 ad 31 24 b0 b1 66 7b a3 af a4 73 52 2f da fc 60 92 3d 00 ac 6e 51 20 5c ea 99 31 0f 12 8a c1 79 56 85 af 6b a2 b2 48 5e 1c 9a ec 33 c8 1d 20 d2 0c 82 b7 cf 86 39 3c d2 82 3a 3d 86 b3 e3 01 9c be e7 52 d7 9f 60 03 ea 46 c3 7b 5a 56 1e 08 81 0c 33 cd 77 16 70 6d 89 85 50 99 22 a7 7f 45 64 1e 89 eb 4a 06 c3 d4 13 c4 f3 78 ac fb 5b a3 54 34 45 f3 5c 81 5e 60 b3 e7 2d bc 4b 2d 51 0a 15 ee 3a ee 0b db 3c d1 b6 84 dc 82 a8 43 9e 36 4e ed 45 8a 14 59 9a 0d cc 94 70 2e 4d 2a a3 94 58 39 a8 13 9e 8b ba 6e a3 91 04 1f f4 7b 1a b3 4d 35 e7 c5 69 ef b1 aa d7 da 1b 48 bd 5e 57 df bb 6f bf 7b 20 f9 ee 48 65 de e9 5f 96 65 df 01 17 18 27 f0 e2 07 b5 f7 c2 c9 2a 19 8d ba ba 7d 8b f7 ff ef 09 57 fe c2 9e 58 e7 f7 54 0d 54 0f 1f 4f 6d f5 d9 02 79 b1 96 7e b9 2b 7b da ca 79 cf 3b f9 77 76 1c 8d 86 79 b4 23 ed 5b 13 ad e4 12 a8 79 b0 33 d3 b0 65 1f ac 35 36 7d 69 d3 82 7d 37 87 99 95 5f c8 2c fc b3 96 16 1c eb c6 32 34 ec 1e 58 3b 38 4f c2 0d de 1d b1 af 0f d5 7b 07 cb ae b1 0f 3b 46 ae c5 12 c8 4c d1 cf 48 78 f5 5a a9 e7 67 ff 95 24 17 bb 7d f1 e7 ed cd b5 77 af f3 ae eb f6 9c ba 34 50 32 f8 19 27 3c ae 18 9c 4f 3d 22 5d 62 2e 10 89 83 4b 32 d7 94 9a f5 0b aa 62 f1 b4 6f fc 38 26 e5 99 2c ed 17 fd 95 ca 07 93 e7 67 9a d7 62 97 c1 2f 62 03 a7 d8 32 fd cb e8 da 85 a7 d8 ec 8f b0 c9 13 6c 53 f9 c5 7e 2d 75 f6 73 ba b3 40 a9 43 4b 71 39 7f 4a 25 cf 76 56 6c 8b c1 24 5b 09 6c 8a ad d4 b5 d9 e6 ca 54 c2 5f 90 fb a0 a6 be 7d a0 1f 83 cd 4f ee eb 88 8a c9 99 73 24 49 47 4c 0f 43 23 6b b8 32 b5 b7 65 32 17 35 dc 85 f2 e4 42 e7 c7 57 7a fe db 84 17 3f 68 ba 17 4e 56 be 3e 2e 4a 79 31 cc a5 fb bd c3 f2 4a 17 1f 8d 5e 89 7a d4 99 e5 7d c5 28 44 81 c1 f9 f1 46 3a e3 78 26 f0 dd e1 9e 46 b8 99 12 74 64 02 8f 2b 41 c2 90 4e 17 e9 a1 2d a6 2a a3 94 58 39 a8 d9 b1 88 c6 f3 e2 b4 b0 4b b3 43 87 2f 9c 04 b2 49 f1 fa 4e d8 05 a0 7b c1 38 41 dd 45 03 7c f9 da b9 37 11 f7 ce a8 35 42 c2 65 39 4c 2d 9f 82 72 c0 ba ac 05 45 72 6e 42 36 0e

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /novo/ HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /novo/12473 HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/js/simple-expand.min.js HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://novo.oratoriomariano.com/novo/12473Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/x.png HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://novo.oratoriomariano.com/novo/12473Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.3.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://novo.oratoriomariano.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/js/simple-expand.min.js HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/x.png HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404top_w.jpg HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://novo.oratoriomariano.com/novo/12473Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404mid.gif HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://novo.oratoriomariano.com/novo/12473Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404bottom.gif HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://novo.oratoriomariano.com/novo/12473Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.3.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404mid.gif HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404top_w.jpg HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://novo.oratoriomariano.com/novo/12473Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi-sys/images/404bottom.gif HTTP/1.1Host: novo.oratoriomariano.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: novo.oratoriomariano.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 03:55:32 GMTServer: ApacheLast-Modified: Thu, 29 Sep 2022 22:59:29 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 27 Sep 2024 03:55:34 GMTServer: ApacheLast-Modified: Thu, 29 Sep 2022 22:59:29 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66

Source: unknown	Network traffic detected: HTTP traffic on port 58137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@16/22@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,9115757416579988487,16549715016900930779,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://novo.oratoriomariano.com/novo/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,9115757416579988487,16549715016900930779,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://novo.oratoriomariano.com/novo/	100%	Avira URL Cloud	phishing
http://novo.oratoriomariano.com/novo/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://novo.oratoriomariano.com/cgi-sys/images/404mid.gif	0%	Avira URL Cloud	safe
http://novo.oratoriomariano.com/cgi-sys/images/x.png	0%	Avira URL Cloud	safe
http://novo.oratoriomariano.com/cgi-sys/images/404top_w.jpg	0%	Avira URL Cloud	safe
http://code.jquery.com/jquery-3.3.1.min.js	0%	Avira URL Cloud	safe
http://novo.oratoriomariano.com/cgi-sys/images/404bottom.gif	0%	Avira URL Cloud	safe
http://novo.oratoriomariano.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
code.jquery.com	151.101.2.137	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
novo.oratoriomariano.com	162.241.61.68	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://novo.oratoriomariano.com/cgi-sys/images/x.png	false	Avira URL Cloud: safe	unknown
http://novo.oratoriomariano.com/novo/12473	true		unknown
http://novo.oratoriomariano.com/novo/	true		unknown
http://novo.oratoriomariano.com/cgi-sys/images/404mid.gif	false	Avira URL Cloud: safe	unknown
http://code.jquery.com/jquery-3.3.1.min.js	false	Avira URL Cloud: safe	unknown
http://novo.oratoriomariano.com/cgi-sys/images/404top_w.jpg	false	Avira URL Cloud: safe	unknown
http://novo.oratoriomariano.com/cgi-sys/images/404bottom.gif	false	Avira URL Cloud: safe	unknown
http://novo.oratoriomariano.com/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.241.61.68	novo.oratoriomariano.com	United States	46606	UNIFIEDLAYER-AS-1US	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
151.101.66.137	unknown	United States	54113	FASTLYUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520161
Start date and time:	2024-09-27 05:54:33 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://novo.oratoriomariano.com/novo/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@16/22@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.181.238, 173.194.76.84, 34.104.35.123, 20.114.59.183, 199.232.214.172, 192.229.221.95, 20.3.187.198, 13.85.23.206, 40.69.42.241, 20.242.39.171, 131.107.255.255, 142.250.185.131
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://novo.oratoriomariano.com/novo/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 97 x 97, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2672
Entropy (8bit):	7.864218635615192
Encrypted:	false
SSDEEP:	48:TlCtqLaLvN6P+NsI1hmhzoioE0jAoeZBrnFIVVbtdoV0GdXSnZ9wKS6Ei3:ItqLaLVvk9X08n3nWV5+B1SnZ9wKfD3
MD5:	F851DB995B0253A71D638F779BE88330
SHA1:	5F5319E016676E6B92F7E597B837677DDF52C0A5
SHA-256:	2C024E287D53DCC084B60B01A69990C369E758DC7C91B0FE4791F02D18AAE61A
SHA-512:	AB09FAECBB8C24ACADE89EFC25515C2B25C12C378144180E5B807309F793720E30BCE75A604515181554068FE4BAAD34E4EE050A6B5C5F9485D1E4712B9EC724
Malicious:	false
Reputation:	low
URL:	http://novo.oratoriomariano.com/cgi-sys/images/x.png
Preview:	.PNG........IHDR...a...a.......?.....sBIT.....O....`PLTEf.....^^.77...zz\|....uu.-&.{W.........A-. ..3&.iH.RB.......\@....//.............`.....t.__...3j&.....pHYs...........~.....tEXtCreation Time.03/04/09.......tEXtSoftware.Adobe Fireworks CS4......]IDATh....z....1.H....m....[....t...6..........]].S.SY.C..z.O..................g^tf.e:0[...^..B19.m9......5(.....p......Z..1.E.}....Z.Q..R...w........C.......;..ZH..j8stB0....t..._4M.D{..c.U..:...w....&.q...f..+..F..b.7...H...P........u.s..D....?.n.S.H...su....K.!R;DN..BA._..K,..]/....(o.}..~...v.Gke.~.66.+..#6.SW.N..w9.&.}..m...j...kW.....0E.{.........8...!2NT.....AU../.kUu...D._..w.[..........]%@.cm.(.UU..L_.%....XWU..3[.T...m. J...T.9@..Of.b....C\|Ukk/..R8.H.>p.V....R.....e.Es$...=@x...A...?.$..=.....T<..`j..o4.B..b.......]...h.M.p....<z.:.@H.....y..N.........."..0T.....X..71.4...k..$...V.Tx^...s...}..1../.7.`s+..6..W!..!.zR....V....I..N...}7}...X-.2T.........6).V........`6+.Y..6t'".U/.#>F..80.

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 868x169, components 3
Category:	downloaded
Size (bytes):	4335
Entropy (8bit):	5.483603315043782
Encrypted:	false
SSDEEP:	48:Ivi3ZsdwUKPGIhuF/ig2BamU/CSkMKisRHcfZakyWr9A9RSxNRXbRzwn:HpowU4ovDPCSrKishcxjyWrCCb+n
MD5:	DE6ECBBB2471827D90BF32C47A0CBC45
SHA1:	FFEAAFE8B9CA2752908C5D4E95E4803EF7FFDD18
SHA-256:	5CAE6C33F0F9D4449CE8539A60E7D40EBA2DDC75979FC26284854A29C36D08CB
SHA-512:	FAF0F054EF55B3362BA26615BC670DCC0471D660BBFBC4D086CE8CB143D31235AFC4AD4332FB669CAB4ED422C99FE67AB31D8E955D9B18F21A4CFDD33090D496
Malicious:	false
Reputation:	low
URL:	http://novo.oratoriomariano.com/cgi-sys/images/404top_w.jpg
Preview:	......JFIF.....H.H.....C..............................................!........."$".$.......C.........................................................................d..........................................:..............................!..16FQt.....aq..AV..&..................................'....................R........Q.!13...............?..X..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 868x169, components 3
Category:	dropped
Size (bytes):	4335
Entropy (8bit):	5.483603315043782
Encrypted:	false
SSDEEP:	48:Ivi3ZsdwUKPGIhuF/ig2BamU/CSkMKisRHcfZakyWr9A9RSxNRXbRzwn:HpowU4ovDPCSrKishcxjyWrCCb+n
MD5:	DE6ECBBB2471827D90BF32C47A0CBC45
SHA1:	FFEAAFE8B9CA2752908C5D4E95E4803EF7FFDD18
SHA-256:	5CAE6C33F0F9D4449CE8539A60E7D40EBA2DDC75979FC26284854A29C36D08CB
SHA-512:	FAF0F054EF55B3362BA26615BC670DCC0471D660BBFBC4D086CE8CB143D31235AFC4AD4332FB669CAB4ED422C99FE67AB31D8E955D9B18F21A4CFDD33090D496
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H.....C..............................................!........."$".$.......C.........................................................................d..........................................:..............................!..16FQt.....aq..AV..&..................................'....................R........Q.!13...............?..X..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 97 x 97, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2672
Entropy (8bit):	7.864218635615192
Encrypted:	false
SSDEEP:	48:TlCtqLaLvN6P+NsI1hmhzoioE0jAoeZBrnFIVVbtdoV0GdXSnZ9wKS6Ei3:ItqLaLVvk9X08n3nWV5+B1SnZ9wKfD3
MD5:	F851DB995B0253A71D638F779BE88330
SHA1:	5F5319E016676E6B92F7E597B837677DDF52C0A5
SHA-256:	2C024E287D53DCC084B60B01A69990C369E758DC7C91B0FE4791F02D18AAE61A
SHA-512:	AB09FAECBB8C24ACADE89EFC25515C2B25C12C378144180E5B807309F793720E30BCE75A604515181554068FE4BAAD34E4EE050A6B5C5F9485D1E4712B9EC724
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...a...a.......?.....sBIT.....O....`PLTEf.....^^.77...zz\|....uu.-&.{W.........A-. ..3&.iH.RB.......\@....//.............`.....t.__...3j&.....pHYs...........~.....tEXtCreation Time.03/04/09.......tEXtSoftware.Adobe Fireworks CS4......]IDATh....z....1.H....m....[....t...6..........]].S.SY.C..z.O..................g^tf.e:0[...^..B19.m9......5(.....p......Z..1.E.}....Z.Q..R...w........C.......;..ZH..j8stB0....t..._4M.D{..c.U..:...w....&.q...f..+..F..b.7...H...P........u.s..D....?.n.S.H...su....K.!R;DN..BA._..K,..]/....(o.}..~...v.Gke.~.66.+..#6.SW.N..w9.&.}..m...j...kW.....0E.{.........8...!2NT.....AU../.kUu...D._..w.[..........]%@.cm.(.UU..L_.%....XWU..3[.T...m. J...T.9@..Of.b....C\|Ukk/..R8.H.>p.V....R.....e.Es$...=@x...A...?.$..=.....T<..`j..o4.B..b.......]...h.M.p....<z.:.@H.....y..N.........."..0T.....X..71.4...k..$...V.Tx^...s...}..1../.7.`s+..6..W!..!.zR....V....I..N...}7}...X-.2T.........6).V........`6+.Y..6t'".U/.#>F..80.

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 4
Category:	dropped
Size (bytes):	120
Entropy (8bit):	6.060493667147718
Encrypted:	false
SSDEEP:	3:CcnebN95vXG5Z1CK/7kCfrpvsdhyt86psoPHHn:tQG5Z1Dn+Wy6pseH
MD5:	DC8055F43FBB4A4B6DFB298EC35188F2
SHA1:	1FFC540743DE1CDB929D9D1218978005141E8D9D
SHA-256:	B857737891B84293B3DF526B48CE3D54FDCC5789C250EADFF9DD38E3C2C68CAF
SHA-512:	2CC173EFBA132E4352582F000F226E86A9A898B8A3AC1BA9633B2F19838B618EE3047555928E5258CC97E514D6F96ADF86391F7C6104288F1A61543E93B13518
Malicious:	false
Reputation:	low
Preview:	GIF89ad.................!.......,....d.....I...............H....................D..VL*.....J.T..P.j......-...;

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 4
Category:	downloaded
Size (bytes):	120
Entropy (8bit):	6.060493667147718
Encrypted:	false
SSDEEP:	3:CcnebN95vXG5Z1CK/7kCfrpvsdhyt86psoPHHn:tQG5Z1Dn+Wy6pseH
MD5:	DC8055F43FBB4A4B6DFB298EC35188F2
SHA1:	1FFC540743DE1CDB929D9D1218978005141E8D9D
SHA-256:	B857737891B84293B3DF526B48CE3D54FDCC5789C250EADFF9DD38E3C2C68CAF
SHA-512:	2CC173EFBA132E4352582F000F226E86A9A898B8A3AC1BA9633B2F19838B618EE3047555928E5258CC97E514D6F96ADF86391F7C6104288F1A61543E93B13518
Malicious:	false
Reputation:	low
URL:	http://novo.oratoriomariano.com/cgi-sys/images/404mid.gif
Preview:	GIF89ad.................!.......,....d.....I...............H....................D..VL*.....J.T..P.j......-...;

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 14
Category:	dropped
Size (bytes):	537
Entropy (8bit):	6.848296452361371
Encrypted:	false
SSDEEP:	12:BDGHgnth2eq8ExIFDW+ax8+RorOwL+8Cu2uPhNWnyRmK3Fd7HRa:lGHith7rEAW+a0W8GChUnyRmoy
MD5:	54EB288427ACF79ED320EFD4916FE0B7
SHA1:	67BA813FF74D52035D70FCDA58B57563F01FB829
SHA-256:	70E4A5F9F7D98C1564B17ECC69196FED4F74FE5AFB2C61B4FB7045DD3309DC4F
SHA-512:	C7C00A268ADA15FC6B19F64860DD5CE92FA69E6B64E2D7B3ADA02B74E6CC3C4EB4466BBA443752A76F4EE908FA93F3683C6256F7A473B05C86ECAEBBCAC125E1
Malicious:	false
Reputation:	low
Preview:	GIF89ad......6e............\|.....m.....\.......Nw................X..s........d.................{..~.....k.....c..Y......................................................................................!.......,....d......@.AB,...r.l:..tJ.Z..v..z..xL....z]T...\|N.....~.....OnB.............Un.............S......................................f..............D.........f..............D.#p.........E......H...2..............@....#..... C..I...(S.\...0c.I...8s.....6.*.d.......(ph.DC...8..Z...X.j....`..K...S9X Q"I..;

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 868 x 14
Category:	downloaded
Size (bytes):	537
Entropy (8bit):	6.848296452361371
Encrypted:	false
SSDEEP:	12:BDGHgnth2eq8ExIFDW+ax8+RorOwL+8Cu2uPhNWnyRmK3Fd7HRa:lGHith7rEAW+a0W8GChUnyRmoy
MD5:	54EB288427ACF79ED320EFD4916FE0B7
SHA1:	67BA813FF74D52035D70FCDA58B57563F01FB829
SHA-256:	70E4A5F9F7D98C1564B17ECC69196FED4F74FE5AFB2C61B4FB7045DD3309DC4F
SHA-512:	C7C00A268ADA15FC6B19F64860DD5CE92FA69E6B64E2D7B3ADA02B74E6CC3C4EB4466BBA443752A76F4EE908FA93F3683C6256F7A473B05C86ECAEBBCAC125E1
Malicious:	false
Reputation:	low
URL:	http://novo.oratoriomariano.com/cgi-sys/images/404bottom.gif
Preview:	GIF89ad......6e............\|.....m.....\.......Nw................X..s........d.................{..~.....k.....c..Y......................................................................................!.......,....d......@.AB,...r.l:..tJ.Z..v..z..xL....z]T...\|N.....~.....OnB.............Un.............S......................................f..............D.........f..............D.#p.........E......H...2..............@....#..... C..I...(S.\...0c.I...8s.....6.*.d.......(ph.DC...8..Z...X.j....`..K...S9X Q"I..;

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 2782
Category:	dropped
Size (bytes):	1191
Entropy (8bit):	7.796270292729931
Encrypted:	false
SSDEEP:	24:XcZ+V72kAJOJMbpIYwbu7xzHfOHSyW3BgOk0o8fG+ITcIlp4ezR1ZO5:XcZKAeYpIrqzHfkSLHkbH4sRjO5
MD5:	DE892F8C9F4F88B59E09D5F162C5E1F2
SHA1:	1D257DA4E5DDE3A5817F2F41F047BAFD49B646A3
SHA-256:	70C74579F4A1E433CC33E298EA1C08073BFFCDFB6D6DD36163C942B2C8FE4381
SHA-512:	84006416B70DFE6B8CBA6F5EAA0F618406D8404A9FE0E04680BAC3D63F43294F7514A1777D1882A19574331599E4A3E4BC4B6298822535C7283CC1557A2024DC
Malicious:	false
Reputation:	low
Preview:	...........RMo.8...W.a..";.."C...b.m...=.=0..bC.^rl'p..wHJ....\|.8.o.{.lfVOV..d.w..w..Im........5..5.+W......>..rl.n.:.4vr.Rp..+..7W.w.@Wp.b..w.x).....~....#...7.\|.+.F.C.K...C++L.].A.w.a...H7....X+t.5\...d.j.3...$k. l...JX.xH....,...1$..f{...sR/..`.=..nQ \.1....yV..k..H^...3.. .....9<.:=.......R.`..F.{ZV....3.w.pm..P."..Ed...J......x..[.T4E.\.^`..-.K-Q...:...<....C.6N.E..Y...p.M..X9.....n.....{..M5..i....H.^W.o.{ ..He.._.e....'...........}.....W..X..T.T..Om...y..~.+{..y.;.wv...y.#.[.....y.3.e..56}i.}7..._.,.......24..X;8O........{....;F....L..Hx.Z..g..$..}....w......4P2..'<...O="]b....K2.....b.o.8&.,........g..b../b...2.........lS..~-u.s..@.CKq9.J%.vVl..$[.l......T._.....}....O...s$IGL.C#k.2..e2.5...B..Wz...?h..NV.>.Jy1.....J...^.z..}.(D....F:.x&...F...td..+A.N..-.*..X9......K.C./...I..N...{.8A.E.\|..7...5B.e9L-..r....ErnB6....P7......i.JX..U.l....W..0%.......LF......F.r/K\....[..g@......p....t...T_5P=\|$,A.K=...l.2..~.Ky.9..I.

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max compression, from Unix, original size modulo 2^32 86927
Category:	dropped
Size (bytes):	30288
Entropy (8bit):	7.989374364238999
Encrypted:	false
SSDEEP:	384:vqVmdqPCM85TevWTS9XJbgB2EttwJ52qjCpG6XUcUsJ5plH94VYb/n9SjXjwPG6G:vqUdH5TevT9Zi2CtE5FcGcUvq9f9tG
MD5:	FA20D8437865646E82DC61B9ADF6C93E
SHA1:	936B2B3A3757ECA48867CF43BADEF1C608177A28
SHA-256:	777EFEE22CC03118F4E5BA78AEF0CF7ADB1E8A13FC2B5C60FD220E80472F0188
SHA-512:	81C77E1A7B29D089EF10056C10AAC8F696CC889499D9B68B40550E861173557EDAF39049859188FE9EEC55F69B3B22B05044AFD8B6B212101EC792A7FD289F02
Malicious:	false
Reputation:	low
Preview:	............y{.F./...)D....-Jr&.w@..8^.gs&v.C1y .I!.....D.\|.[......3s.}3c.K.......q.....Uqwp........ .F._.=x...YR.yv.d....T..4.".XWyQR.......X./..Ju...........JT.}...%}6..a._...B..n....U>[/.....u....5o......Je..fz'Q\....W....".9......00c....P.Arp.f3s.V.tg...a..u..P+.6.a@3..i.fA.vW.?.?qu...i.N..L.'..F"R..'a.P.wE^...\.2...`.....4.DI..uy).tA..[...[1..A.........eR.....;.....L...d..u..D..i;..B...>.W.....W......d.L....... [/.T..T.@..V\.{...NDYL.......v...,..<.4?a%.....B%.z.T..0(.E...@.J.VR.ws... ....l.N...~$..a5.T.l..V.=.L..0...........u._+.f.zu....(...~..;..6...T..x..CE.b>...-.{!.....M..M.........7[.N..:>/..^.zu~..d...../..L..V.....m.`.@x=........e\|"..YQ$w..t...x......m.,.p..NF...>~...I..M.....J...Ub.......x..#..-M.U...%..j+T2......o.B.b+..UW1n..,.~$.....pMqeF,2,SD..>..V.9.sy..N..#.......U...O..2y...).Q.t...".}..y..zR.........y..$.OP}6.;J.*.....KQ.A..b..Q.x../....6$..s..0... .B..M.......R..nu...w:.....\|..o.'.H.2iTV....H...d.Y.I..

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 11816
Category:	downloaded
Size (bytes):	4677
Entropy (8bit):	7.946065353100574
Encrypted:	false
SSDEEP:	96:bZ/NwFlux9fPOlplZDCxX44cnBn4PxuyjWe8zngjoNRc/YrdgN:bZ/CQZOLUcFleWJMUraYrdgN
MD5:	E6AAE2410885DF2F2629465B60A2691D
SHA1:	859D3D883FB8CA2AADEDF5753ABCD7ACCE922479
SHA-256:	A113D210F17827A95D9D1EEE68BF4E0AA8BD39D67DF1D9420FF5E9C0F49B1D48
SHA-512:	77CFA85A05295F3E1D239AE09D6EC80B7D038A0466276B7D5586E614035BABFAA7FAC4B965643EF18C38648ED68BACBFB510BCF06AC578BCFE2C11F7892544AD
Malicious:	false
Reputation:	low
URL:	http://novo.oratoriomariano.com/favicon.ico
Preview:	...........Rms......sg...J&av.......$...Nm.Rm.H.I...n..M...=._c.pw...~y...........3(\.........G...(z}.......[8....32qQt.....j.E..l0;.....h.Q....o.A....q...K......./^..z..P....P.`..1P.P...%J^Vy..g::<.s.}........k9=.v.].....I.v.s8w..>....;.]........N......p..3x.y......v...G......e...).e.,...v.&FV..I...Jq....M3H.......hp8(...a{.8jo..t..EI......6.....q^..>.Y.Z...Q.....H.].rBis_.4.:...Jar..!c...(.j...):....{{.d!5........D.h4..+....k5.y...U...D$w..Z.}Y....QO.,..5..I>.i6...<..]2X.pCM.....e^...Wh.2...\|~..l'....\|..v,.....sT.Wd....G.'.8R.....F......O.......E..>.......8....V..?\....~..[..K..J.z.....p...=4.LB)..Y....y..u.F......M.........Y.....b....;...C..d.5.[.&TW...Rd.{/_..l..y.o...Y'.+....G.;G.....\...?z..JL.9..~"...P..,E....O.$.}..(..O.W...<...2X!.SS..Q..rx......O....x."..#.D.J...M...A.P.!3-.u.H.2..6....?.....<g...R.;1<.]..........9....G..$.Vp...0s.B.Q.=.f.%a..fQmB<.q..MZq..0&....V....k....I&;..A...}m.D3.q..Icy+!Ef.}.~...`.i....../~].B......&.

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 2782
Category:	downloaded
Size (bytes):	1191
Entropy (8bit):	7.796270292729931
Encrypted:	false
SSDEEP:	24:XcZ+V72kAJOJMbpIYwbu7xzHfOHSyW3BgOk0o8fG+ITcIlp4ezR1ZO5:XcZKAeYpIrqzHfkSLHkbH4sRjO5
MD5:	DE892F8C9F4F88B59E09D5F162C5E1F2
SHA1:	1D257DA4E5DDE3A5817F2F41F047BAFD49B646A3
SHA-256:	70C74579F4A1E433CC33E298EA1C08073BFFCDFB6D6DD36163C942B2C8FE4381
SHA-512:	84006416B70DFE6B8CBA6F5EAA0F618406D8404A9FE0E04680BAC3D63F43294F7514A1777D1882A19574331599E4A3E4BC4B6298822535C7283CC1557A2024DC
Malicious:	false
Reputation:	low
URL:	http://novo.oratoriomariano.com/cgi-sys/js/simple-expand.min.js
Preview:	...........RMo.8...W.a..";.."C...b.m...=.=0..bC.^rl'p..wHJ....\|.8.o.{.lfVOV..d.w..w..Im........5..5.+W......>..rl.n.:.4vr.Rp..+..7W.w.@Wp.b..w.x).....~....#...7.\|.+.F.C.K...C++L.].A.w.a...H7....X+t.5\...d.j.3...$k. l...JX.xH....,...1$..f{...sR/..`.=..nQ \.1....yV..k..H^...3.. .....9<.:=.......R.`..F.{ZV....3.w.pm..P."..Ed...J......x..[.T4E.\.^`..-.K-Q...:...<....C.6N.E..Y...p.M..X9.....n.....{..M5..i....H.^W.o.{ ..He.._.e....'...........}.....W..X..T.T..Om...y..~.+{..y.;.wv...y.#.[.....y.3.e..56}i.}7..._.,.......24..X;8O........{....;F....L..Hx.Z..g..$..}....w......4P2..'<...O="]b....K2.....b.o.8&.,........g..b../b...2.........lS..~-u.s..@.CKq9.J%.vVl..$[.l......T._.....}....O...s$IGL.C#k.2..e2.5...B..Wz...?h..NV.>.Jy1.....J...^.z..}.(D....F:.x&...F...td..+A.N..-.*..X9......K.C./...I..N...{.8A.E.\|..7...5B.e9L-..r....ErnB6....P7......i.JX..U.l....W..0%.......LF......F.r/K\....[..g@......p....t...T_5P=\|$,A.K=...l.2..~.Ky.9..I.

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 11816
Category:	downloaded
Size (bytes):	4677
Entropy (8bit):	7.946065353100574
Encrypted:	false
SSDEEP:	96:bZ/NwFlux9fPOlplZDCxX44cnBn4PxuyjWe8zngjoNRc/YrdgN:bZ/CQZOLUcFleWJMUraYrdgN
MD5:	E6AAE2410885DF2F2629465B60A2691D
SHA1:	859D3D883FB8CA2AADEDF5753ABCD7ACCE922479
SHA-256:	A113D210F17827A95D9D1EEE68BF4E0AA8BD39D67DF1D9420FF5E9C0F49B1D48
SHA-512:	77CFA85A05295F3E1D239AE09D6EC80B7D038A0466276B7D5586E614035BABFAA7FAC4B965643EF18C38648ED68BACBFB510BCF06AC578BCFE2C11F7892544AD
Malicious:	false
Reputation:	low
URL:	http://novo.oratoriomariano.com/novo/12473
Preview:	...........Rms......sg...J&av.......$...Nm.Rm.H.I...n..M...=._c.pw...~y...........3(\.........G...(z}.......[8....32qQt.....j.E..l0;.....h.Q....o.A....q...K......./^..z..P....P.`..1P.P...%J^Vy..g::<.s.}........k9=.v.].....I.v.s8w..>....;.]........N......p..3x.y......v...G......e...).e.,...v.&FV..I...Jq....M3H.......hp8(...a{.8jo..t..EI......6.....q^..>.Y.Z...Q.....H.].rBis_.4.:...Jar..!c...(.j...):....{{.d!5........D.h4..+....k5.y...U...D$w..Z.}Y....QO.,..5..I>.i6...<..]2X.pCM.....e^...Wh.2...\|~..l'....\|..v,.....sT.Wd....G.'.8R.....F......O.......E..>.......8....V..?\....~..[..K..J.z.....p...=4.LB)..Y....y..u.F......M.........Y.....b....;...C..d.5.[.&TW...Rd.{/_..l..y.o...Y'.+....G.;G.....\...?z..JL.9..~"...P..,E....O.$.}..(..O.W...<...2X!.SS..Q..rx......O....x."..#.D.J...M...A.P.!3-.u.H.2..6....?.....<g...R.;1<.]..........9....G..$.Vp...0s.B.Q.=.f.%a..fQmB<.q..MZq..0&....V....k....I&;..A...}m.D3.q..Icy+!Ef.}.~...`.i....../~].B......&.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max compression, from Unix, original size modulo 2^32 86927
Category:	downloaded
Size (bytes):	30288
Entropy (8bit):	7.989374364238999
Encrypted:	false
SSDEEP:	384:vqVmdqPCM85TevWTS9XJbgB2EttwJ52qjCpG6XUcUsJ5plH94VYb/n9SjXjwPG6G:vqUdH5TevT9Zi2CtE5FcGcUvq9f9tG
MD5:	FA20D8437865646E82DC61B9ADF6C93E
SHA1:	936B2B3A3757ECA48867CF43BADEF1C608177A28
SHA-256:	777EFEE22CC03118F4E5BA78AEF0CF7ADB1E8A13FC2B5C60FD220E80472F0188
SHA-512:	81C77E1A7B29D089EF10056C10AAC8F696CC889499D9B68B40550E861173557EDAF39049859188FE9EEC55F69B3B22B05044AFD8B6B212101EC792A7FD289F02
Malicious:	false
Reputation:	low
URL:	http://code.jquery.com/jquery-3.3.1.min.js
Preview:	............y{.F./...)D....-Jr&.w@..8^.gs&v.C1y .I!.....D.\|.[......3s.}3c.K.......q.....Uqwp........ .F._.=x...YR.yv.d....T..4.".XWyQR.......X./..Ju...........JT.}...%}6..a._...B..n....U>[/.....u....5o......Je..fz'Q\....W....".9......00c....P.Arp.f3s.V.tg...a..u..P+.6.a@3..i.fA.vW.?.?qu...i.N..L.'..F"R..'a.P.wE^...\.2...`.....4.DI..uy).tA..[...[1..A.........eR.....;.....L...d..u..D..i;..B...>.W.....W......d.L....... [/.T..T.@..V\.{...NDYL.......v...,..<.4?a%.....B%.z.T..0(.E...@.J.VR.ws... ....l.N...~$..a5.T.l..V.=.L..0...........u._+.f.zu....(...~..;..6...T..x..CE.b>...-.{!.....M..M.........7[.N..:>/..^.zu~..d...../..L..V.....m.`.@x=........e\|"..YQ$w..t...x......m.,.p..NF...>~...I..M.....J...Ub.......x..#..-M.U...%..j+T2......o.B.b+..UW1n..,.~$.....pMqeF,2,SD..>..V.9.sy..N..#.......U...O..2y...).Q.t...".}..y..zR.........y..$.OP}6.;J.*.....KQ.A..b..Q.x../....6$..s..0... .B..M.......R..nu...w:.....\|..o.'.H.2iTV....H...d.Y.I..

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 05:55:30.754652023 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 27, 2024 05:55:32.345470905 CEST	49735	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:32.346137047 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:32.350414038 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:32.350534916 CEST	49735	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:32.350979090 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:32.351041079 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:32.352440119 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:32.357314110 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:32.904716969 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:32.907744884 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:32.914010048 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.029711962 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.029733896 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.029747009 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.029757977 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.029769897 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.029844046 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.029894114 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.049449921 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.049815893 CEST	49735	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.054310083 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.054569960 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.055993080 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.060950041 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.061129093 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.061449051 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.066387892 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.167581081 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.167608023 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.167737961 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.175079107 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.175110102 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.175122023 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.175170898 CEST	49735	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.388495922 CEST	49740	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.388745070 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.393539906 CEST	80	49740	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.393585920 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.393613100 CEST	49740	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.393627882 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.394046068 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.394303083 CEST	49740	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.398811102 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.399180889 CEST	80	49740	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.514230967 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.514261961 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.514296055 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.514307022 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.514313936 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.514317989 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.514359951 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.514431000 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.514442921 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.514452934 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.514504910 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.514504910 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.514657974 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.514668941 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.514739990 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.519290924 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.519313097 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.519325018 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.519397020 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.566525936 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.602829933 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.602902889 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.602936983 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.602972984 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.602996111 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.603022099 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.603044987 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.603055954 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.603089094 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.603121996 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.603142977 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.603406906 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.603581905 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.603655100 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.603667021 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.603775024 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.603786945 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.603811026 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.603811026 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.604449034 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.604538918 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.604623079 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:55:33.650278091 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:55:33.841643095 CEST	49742	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.841754913 CEST	49735	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.841806889 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.846709967 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.846733093 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.846743107 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.846797943 CEST	49742	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.847090006 CEST	49742	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.851890087 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.891078949 CEST	80	49740	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.891093016 CEST	80	49740	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.891103983 CEST	80	49740	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.891212940 CEST	49740	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.899113894 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.899131060 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.899219036 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.904022932 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:33.908832073 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:33.908920050 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:33.910789967 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:33.915570021 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:33.957935095 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.959311962 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.959425926 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.959438086 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.959476948 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:33.959520102 CEST	49735	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:33.960247993 CEST	49735	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.000794888 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.005264997 CEST	49740	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.008965015 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.010093927 CEST	80	49740	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.013787031 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.120769978 CEST	80	49740	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.130227089 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.130278111 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.130289078 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.130300999 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.130333900 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.130395889 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.149231911 CEST	49746	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:55:34.149342060 CEST	443	49746	216.58.206.68	192.168.2.4
Sep 27, 2024 05:55:34.149422884 CEST	49746	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:55:34.150007963 CEST	49746	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:55:34.150038958 CEST	443	49746	216.58.206.68	192.168.2.4
Sep 27, 2024 05:55:34.164055109 CEST	49740	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.335592985 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.371558905 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.371572971 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.371635914 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.371642113 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.371654987 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.371665955 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.371685982 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.371746063 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.371779919 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.371783972 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.371854067 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.371864080 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.371876001 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.371882915 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.371912003 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.376435041 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.376478910 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.376514912 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.376523972 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.376535892 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.376576900 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.376614094 CEST	49742	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.381441116 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.462512970 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.462538004 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.462548971 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.462567091 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.462646008 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.462656975 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.462667942 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.462683916 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.462697983 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.462862968 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.462896109 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.462934017 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.463006020 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.463063955 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.463073969 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.463097095 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.463180065 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.463190079 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.463200092 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.463207006 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.463233948 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.463893890 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:55:34.494297028 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.494312048 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.494353056 CEST	49742	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.494354010 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.494365931 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.494396925 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.494436026 CEST	49742	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.506901979 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:55:34.538582087 CEST	49742	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.675623894 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.680547953 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.796268940 CEST	443	49746	216.58.206.68	192.168.2.4
Sep 27, 2024 05:55:34.796562910 CEST	49746	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:55:34.796646118 CEST	443	49746	216.58.206.68	192.168.2.4
Sep 27, 2024 05:55:34.798490047 CEST	443	49746	216.58.206.68	192.168.2.4
Sep 27, 2024 05:55:34.798563004 CEST	49746	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:55:34.798573017 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:34.801065922 CEST	49746	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:55:34.801229954 CEST	443	49746	216.58.206.68	192.168.2.4
Sep 27, 2024 05:55:34.847856998 CEST	49746	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:55:34.847908974 CEST	443	49746	216.58.206.68	192.168.2.4
Sep 27, 2024 05:55:34.847943068 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:34.894732952 CEST	49746	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:55:35.142343998 CEST	49747	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:35.142390013 CEST	443	49747	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:35.142455101 CEST	49747	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:35.144476891 CEST	49747	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:35.144490004 CEST	443	49747	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:35.794452906 CEST	443	49747	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:35.794533014 CEST	49747	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:35.803422928 CEST	49747	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:35.803458929 CEST	443	49747	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:35.803714991 CEST	443	49747	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:35.848721981 CEST	49747	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:36.234688997 CEST	49747	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:36.275403976 CEST	443	49747	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:36.419579983 CEST	443	49747	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:36.419652939 CEST	443	49747	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:36.419739962 CEST	49747	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:36.419922113 CEST	49747	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:36.419941902 CEST	443	49747	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:36.500375986 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:36.500418901 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:36.500479937 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:36.501133919 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:36.501146078 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:37.136898994 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:37.136981010 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:37.138220072 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:37.138237953 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:37.138487101 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:37.140707016 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:37.183403969 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:37.413043976 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:37.413130045 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:37.413216114 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:37.414249897 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 27, 2024 05:55:37.414298058 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 27, 2024 05:55:38.958745003 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:38.958807945 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:38.959788084 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:38.959831953 CEST	49735	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:39.175435066 CEST	80	49740	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:39.175508022 CEST	49740	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:39.496273994 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:39.496380091 CEST	49742	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:39.803217888 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:39.803411007 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:40.761050940 CEST	49740	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:40.761185884 CEST	49741	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:40.761223078 CEST	49736	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:40.761317968 CEST	49735	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:40.761359930 CEST	49742	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:40.766012907 CEST	80	49740	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:40.766031981 CEST	80	49741	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:40.766051054 CEST	80	49736	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:40.766181946 CEST	80	49735	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:40.766195059 CEST	80	49742	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:44.712281942 CEST	443	49746	216.58.206.68	192.168.2.4
Sep 27, 2024 05:55:44.712369919 CEST	443	49746	216.58.206.68	192.168.2.4
Sep 27, 2024 05:55:44.712428093 CEST	49746	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:55:44.758960962 CEST	49746	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:55:44.758999109 CEST	443	49746	216.58.206.68	192.168.2.4
Sep 27, 2024 05:55:46.826050997 CEST	58133	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:46.835516930 CEST	53	58133	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:46.835623980 CEST	58133	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:46.835680962 CEST	58133	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:46.840754032 CEST	53	58133	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:47.282082081 CEST	53	58133	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:47.286488056 CEST	58133	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:47.292691946 CEST	53	58133	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:47.292752028 CEST	58133	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:51.028273106 CEST	58134	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:55:51.062959909 CEST	80	58134	162.241.61.68	192.168.2.4
Sep 27, 2024 05:55:51.063119888 CEST	58134	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:56:18.613601923 CEST	49739	80	192.168.2.4	151.101.2.137
Sep 27, 2024 05:56:18.618468046 CEST	80	49739	151.101.2.137	192.168.2.4
Sep 27, 2024 05:56:19.472970963 CEST	49743	80	192.168.2.4	151.101.66.137
Sep 27, 2024 05:56:19.477785110 CEST	80	49743	151.101.66.137	192.168.2.4
Sep 27, 2024 05:56:34.193912983 CEST	58137	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:56:34.193968058 CEST	443	58137	216.58.206.68	192.168.2.4
Sep 27, 2024 05:56:34.194236994 CEST	58137	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:56:34.194469929 CEST	58137	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:56:34.194484949 CEST	443	58137	216.58.206.68	192.168.2.4
Sep 27, 2024 05:56:34.823344946 CEST	443	58137	216.58.206.68	192.168.2.4
Sep 27, 2024 05:56:34.823703051 CEST	58137	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:56:34.823767900 CEST	443	58137	216.58.206.68	192.168.2.4
Sep 27, 2024 05:56:34.824090958 CEST	443	58137	216.58.206.68	192.168.2.4
Sep 27, 2024 05:56:34.824480057 CEST	58137	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:56:34.824578047 CEST	443	58137	216.58.206.68	192.168.2.4
Sep 27, 2024 05:56:34.864435911 CEST	58137	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:56:36.076251030 CEST	58134	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:56:36.081245899 CEST	80	58134	162.241.61.68	192.168.2.4
Sep 27, 2024 05:56:44.728509903 CEST	443	58137	216.58.206.68	192.168.2.4
Sep 27, 2024 05:56:44.728585958 CEST	443	58137	216.58.206.68	192.168.2.4
Sep 27, 2024 05:56:44.728818893 CEST	58137	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:56:44.778090954 CEST	58137	443	192.168.2.4	216.58.206.68
Sep 27, 2024 05:56:44.778125048 CEST	443	58137	216.58.206.68	192.168.2.4
Sep 27, 2024 05:56:52.760503054 CEST	58134	80	192.168.2.4	162.241.61.68
Sep 27, 2024 05:56:52.765578032 CEST	80	58134	162.241.61.68	192.168.2.4
Sep 27, 2024 05:56:52.765640974 CEST	58134	80	192.168.2.4	162.241.61.68

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 05:55:30.186278105 CEST	53	56484	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:30.191880941 CEST	53	57751	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:31.327692986 CEST	53	52598	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:32.109112024 CEST	54634	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:32.109256029 CEST	60483	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:32.324103117 CEST	53	60483	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:32.344532013 CEST	53	54634	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:33.048290968 CEST	65264	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:33.048444986 CEST	56427	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:33.055104971 CEST	53	56427	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:33.055322886 CEST	53	65264	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:33.173466921 CEST	64852	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:33.173650026 CEST	51212	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:33.181196928 CEST	53	51212	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:33.384532928 CEST	53	64852	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:33.873568058 CEST	58082	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:33.873739004 CEST	61149	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:33.883128881 CEST	53	61149	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:33.883142948 CEST	53	58082	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:34.140355110 CEST	64250	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:34.140737057 CEST	63249	53	192.168.2.4	1.1.1.1
Sep 27, 2024 05:55:34.147188902 CEST	53	63249	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:34.147216082 CEST	53	64250	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:46.595195055 CEST	138	138	192.168.2.4	192.168.2.255
Sep 27, 2024 05:55:46.825491905 CEST	53	62403	1.1.1.1	192.168.2.4
Sep 27, 2024 05:55:48.398031950 CEST	53	55160	1.1.1.1	192.168.2.4
Sep 27, 2024 05:56:07.322284937 CEST	53	57361	1.1.1.1	192.168.2.4
Sep 27, 2024 05:56:29.631460905 CEST	53	50711	1.1.1.1	192.168.2.4
Sep 27, 2024 05:56:29.687514067 CEST	53	57543	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 27, 2024 05:55:32.109112024 CEST	192.168.2.4	1.1.1.1	0x4795	Standard query (0)	novo.oratoriomariano.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:32.109256029 CEST	192.168.2.4	1.1.1.1	0x9838	Standard query (0)	novo.oratoriomariano.com	65	IN (0x0001)	false
Sep 27, 2024 05:55:33.048290968 CEST	192.168.2.4	1.1.1.1	0xcc52	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.048444986 CEST	192.168.2.4	1.1.1.1	0x64b8	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Sep 27, 2024 05:55:33.173466921 CEST	192.168.2.4	1.1.1.1	0x6cf2	Standard query (0)	novo.oratoriomariano.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.173650026 CEST	192.168.2.4	1.1.1.1	0x8b79	Standard query (0)	novo.oratoriomariano.com	65	IN (0x0001)	false
Sep 27, 2024 05:55:33.873568058 CEST	192.168.2.4	1.1.1.1	0x42a9	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.873739004 CEST	192.168.2.4	1.1.1.1	0x967a	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Sep 27, 2024 05:55:34.140355110 CEST	192.168.2.4	1.1.1.1	0x14b8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:34.140737057 CEST	192.168.2.4	1.1.1.1	0x8554	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 27, 2024 05:55:32.344532013 CEST	1.1.1.1	192.168.2.4	0x4795	No error (0)	novo.oratoriomariano.com		162.241.61.68	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.055322886 CEST	1.1.1.1	192.168.2.4	0xcc52	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.055322886 CEST	1.1.1.1	192.168.2.4	0xcc52	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.055322886 CEST	1.1.1.1	192.168.2.4	0xcc52	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.055322886 CEST	1.1.1.1	192.168.2.4	0xcc52	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.384532928 CEST	1.1.1.1	192.168.2.4	0x6cf2	No error (0)	novo.oratoriomariano.com		162.241.61.68	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.883142948 CEST	1.1.1.1	192.168.2.4	0x42a9	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.883142948 CEST	1.1.1.1	192.168.2.4	0x42a9	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.883142948 CEST	1.1.1.1	192.168.2.4	0x42a9	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:33.883142948 CEST	1.1.1.1	192.168.2.4	0x42a9	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:34.147188902 CEST	1.1.1.1	192.168.2.4	0x8554	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 27, 2024 05:55:34.147216082 CEST	1.1.1.1	192.168.2.4	0x14b8	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:43.922830105 CEST	1.1.1.1	192.168.2.4	0x65	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:43.922830105 CEST	1.1.1.1	192.168.2.4	0x65	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 27, 2024 05:55:45.475064993 CEST	1.1.1.1	192.168.2.4	0x935a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 05:55:45.475064993 CEST	1.1.1.1	192.168.2.4	0x935a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

novo.oratoriomariano.com

code.jquery.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	162.241.61.68	80	1260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:55:32.352440119 CEST	444	OUT	GET /novo/ HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:32.904716969 CEST	244	IN	HTTP/1.1 302 Moved Temporarily Date: Fri, 27 Sep 2024 03:55:32 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive location: 12473 Content-Length: 0 Keep-Alive: timeout=5, max=75 Content-Type: text/html; charset=UTF-8
Sep 27, 2024 05:55:32.907744884 CEST	449	OUT	GET /novo/12473 HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:33.029711962 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Fri, 27 Sep 2024 03:55:32 GMT Server: Apache Last-Modified: Thu, 29 Sep 2022 22:59:29 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4677 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 [TRUNCATED] Data Ascii: RmssgJ&av$NmRmHInM=_cpw~y3(\G(z}[832qQtjEl0;hQoAqK/^zPP`1PP%J^Vyg::<s}k9=v]Ivs8w>;]Np3xyvGe)e,v&FVIJqM3Hhp8(a{8jotEI.6q^>YZQH]rBis_4:Jar!c(j):{{d!5Dh4+k5yUD$wZ}YQO,5I>i6<]2XpCMe^Wh2.\|~l'\|v,sTWdG'8RFOE>8.V?\~[KJzp=4LB)YyuFMYb;Cd5[&TWRd{/_lyoY'+G;G\?zJL9*~"P,EO$}(OW<2X!SSQrxOx"#DJMAP!3-uH26?<gR;1<]9G$Vp0sBQ=f%afQmB<qMZq0&Vk
Sep 27, 2024 05:55:33.029733896 CEST	1236	IN	Data Raw: 49 26 3b f9 fa 41 83 05 ea 7d 2a 6d a5 44 33 d4 a4 71 b1 99 49 63 79 2b 21 45 66 c8 7d ce 7e f9 e5 e0 60 b1 69 91 ef a6 ab dd a3 c9 f3 17 2f 7e 5d ec ba 42 9a b5 cd c3 17 bf 26 87 2f 56 43 53 84 7b 98 88 e4 2e 37 54 eb b4 bf 38 87 cf fd bf 11 0b Data Ascii: I&;A}mD3qIcy+!Ef}~`i/~]B&/VCS{.7T81),)VRCx{k_hT!dnD3bxixqTHr2=-c/7UtoGc-'9_e$'(e66FANz=86CG]__^g
Sep 27, 2024 05:55:33.029747009 CEST	1236	IN	Data Raw: 7f 5f 9a cc 0f 7c 7e cc 8d 47 d3 16 aa a5 c0 11 77 9c 06 70 2d f3 c2 71 9d 65 72 e7 67 b7 4d f9 97 a6 78 33 93 82 c8 22 5c 19 aa d0 38 89 76 00 b7 8c 58 2d df 59 8d 52 e0 90 bf bc 76 3f ae 12 5e 1f 5f 0e 51 fa 28 da aa 25 42 fb 6a 70 ac 19 d5 3a Data Ascii: _\|~Gwp-qergMx3"\8vX-YRv?^_Q(%Bjp:}P[_0uBTg0+\|~@('H{3jsrTMsMDk={j-o\|m4aG+.<W6CYkGm^jTRm=9tMj=;
Sep 27, 2024 05:55:33.029757977 CEST	1236	IN	Data Raw: 14 ae c5 80 4c 2a 8c 23 31 8e 23 06 59 f2 f0 d3 3a 38 d6 e1 50 bb de 46 46 b7 2c 79 13 c3 eb 75 2c de 42 97 c2 94 0d 7e ca ef ce d4 fc 46 da 3e 63 a3 84 03 87 6c 70 70 13 cd 94 f3 29 5a 76 13 0c 5e b2 55 09 1a 0f 04 36 41 2d 8c a4 36 a7 16 95 33 Data Ascii: L#1#Y:8PFF,yu,B~F>clpp)Zv^U6A-63YZ2Zsc]1Z [SiXCY^WQCbK~+n:)@UP7RpWO~b!/r@l-ElQK$gYzKoF
Sep 27, 2024 05:55:33.029769897 CEST	29	IN	Data Raw: b7 fe ec 9e d9 f5 30 98 c9 c5 d1 84 d2 26 3c 14 ae 64 4b ff 17 cc cb 70 7c 28 2e 00 00 Data Ascii: 0&<dKp\|(.
Sep 27, 2024 05:55:33.049449921 CEST	361	OUT	GET /cgi-sys/js/simple-expand.min.js HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://novo.oratoriomariano.com/novo/12473 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:33.167581081 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 03:55:33 GMT Server: Apache Last-Modified: Thu, 29 Sep 2022 22:56:50 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1191 Keep-Alive: timeout=5, max=73 Connection: Keep-Alive Content-Type: application/javascript Data Raw: 1f 8b 08 00 00 00 00 00 00 03 95 52 4d 6f db 38 10 bd f7 57 d0 82 61 88 85 22 3b 05 f6 22 43 c8 c1 ed 62 b3 6d 92 2e 92 3d 15 3d 30 d2 d8 62 43 93 5e 72 6c 27 70 fc df 77 48 4a b6 e2 a6 dd 2e 7c b0 38 9f 6f de 7b e3 b7 6c 66 56 4f 56 2e 1a 64 e9 8c b3 77 93 f3 77 ec f6 49 6d 84 d4 ec 0f b1 04 f5 e6 b3 35 df a0 c2 82 35 88 2b 57 8c c7 0b 89 cd fa 3e af cc 72 6c a1 6e 0c 3a f5 34 76 72 b9 52 70 06 8f 2b a1 eb 37 57 97 77 ec 93 ac 40 57 70 ec b3 62 9b ff 77 ef 78 29 1c 82 1d ab d8 7e b6 94 98 e3 23 b2 b7 e3 37 e9 7c ad 2b 94 46 a7 43 be 4b d6 0e 98 43 2b 2b 4c a6 5d 82 41 ca 77 1b 61 19 94 d8 48 37 85 bc 86 b9 58 2b 74 e5 ae 91 35 5c 99 1a 8a 64 2e 6a b8 33 8b 85 82 24 6b f3 b7 20 6c d5 c4 f4 4a 58 d0 78 48 dd 09 bb 00 2c 12 02 ad 31 24 b0 b1 66 7b a3 af a4 73 52 2f da fc 60 92 3d 00 ac 6e 51 20 5c ea 99 31 0f 12 8a c1 79 56 85 af 6b a2 b2 48 5e 1c 9a ec 33 c8 1d 20 d2 0c 82 b7 cf 86 39 3c d2 82 3a 3d 86 b3 e3 01 9c be e7 52 d7 9f 60 03 ea 46 c3 7b 5a 56 1e 08 81 0c 33 cd 77 16 70 6d 89 85 50 99 22 a7 [TRUNCATED] Data Ascii: RMo8Wa";"Cbm.==0bC^rl'pwHJ.\|8o{lfVOV.dwwIm55+W>rln:4vrRp+7Ww@Wpbwx)~#7\|+FCKC++L]AwaH7X+t5\d.j3$k lJXxH,1$f{sR/`=nQ \1yVkH^3 9<:=R`F{ZV3wpmP"EdJx[T4E\^`-K-Q:<C6NEYp.MX9n{M5iH^Wo{ He_e'}WXTTOmy~+{y;wvy#[y3e56}i}7_,24X;8O{;FLHxZg$}w4P2'<O="]b.K2bo8&,gb/b2lS~-us@CKq9J%vVl$[lT_}Os$IGLC#k2e25BWz?hNV>.Jy1J^z}(DF:x&Ftd+AN-*X9KC/IN{8AE\|75Be9L-rErnB6P7iJXUlW0%LF
Sep 27, 2024 05:55:33.167608023 CEST	257	IN	Data Raw: d0 ca a7 db 46 92 72 2f 4b 5c fb 1a d0 8b ef 5b a2 a5 67 40 d0 cd 1b 92 e7 c4 70 c3 1c 1e 11 74 dd 93 9c c2 54 5f 35 50 3d 7c 24 2c 41 d4 4b 3d 0b b6 ff 6c a1 32 ba 96 7e 80 4b 79 86 39 88 aa 49 0f 33 e3 89 48 b4 61 23 1d cf 34 1d 2b 10 6d 9a d4 Data Ascii: Fr/K\[g@ptT_5P=\|$,AK=l2~Ky9I3Ha#4+mY+=E{a.Nia!uy4R;`cF_I{y&N.WZ8k2mZe3/5%T HO[d<\|oao0<XzFtadH0<=O
Sep 27, 2024 05:55:33.841806889 CEST	416	OUT	GET /cgi-sys/images/404mid.gif HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://novo.oratoriomariano.com/novo/12473 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:33.957935095 CEST	361	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 03:55:33 GMT Server: Apache Last-Modified: Thu, 29 Sep 2022 22:57:51 GMT Accept-Ranges: bytes Content-Length: 120 Keep-Alive: timeout=5, max=72 Connection: Keep-Alive Content-Type: image/gif Data Raw: 47 49 46 38 39 61 64 03 04 00 91 00 00 9a b2 c9 ff ff ff a0 b6 cc a1 b7 cd 21 f9 04 00 07 00 ff 00 2c 00 00 00 00 64 03 04 00 00 02 49 dc 82 a9 cb ed 0f a3 9c b4 da 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a6 ea ca b6 ee 9b 00 80 01 d7 f6 8d e7 fa ce f7 fe 0f 0c 0a 87 44 8a 8c 56 4c 2a 97 cc a6 f3 09 8d 4a a7 54 cc f1 50 cd 6a b7 dc ae f7 0b 0e 8b 2d b2 02 00 3b Data Ascii: GIF89ad!,dIHDVL*JTPj-;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	162.241.61.68	80	1260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:55:33.049815893 CEST	411	OUT	GET /cgi-sys/images/x.png HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://novo.oratoriomariano.com/novo/12473 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:33.175079107 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 03:55:33 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Thu, 29 Sep 2022 22:56:49 GMT Accept-Ranges: bytes Content-Length: 2672 Keep-Alive: timeout=5, max=75 Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 61 00 00 00 61 08 03 00 00 00 f1 d8 3f 91 00 00 00 03 73 42 49 54 08 08 08 db e1 4f e0 00 00 00 60 50 4c 54 45 66 00 00 e7 cf cf 8a 5e 5e 86 37 37 cc 00 00 7a 7a 7c bb 02 02 f9 75 75 e7 2d 26 ef 7b 57 a7 01 01 ff ff ff d9 8f 8f d4 41 2d c6 20 17 cd 33 26 e6 69 48 e8 52 42 fd b4 b2 99 00 00 e1 5c 40 bd 8f 8f bc 2f 2f f4 ef ef dc bf bf e3 15 15 db 00 00 f6 8e 60 9f a1 a3 fe 99 74 c5 5f 5f bd 13 10 33 6a 26 19 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 16 74 45 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 30 33 2f 30 34 2f 30 39 d9 8b d2 0e 00 00 00 1c 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 46 69 72 65 77 6f 72 6b 73 20 43 53 34 06 b2 d3 a0 00 00 09 5d 49 44 41 54 68 81 ad 9a 8d 7a ab ac 12 85 31 a1 48 ac c1 2a 89 88 6d e5 fe ef f2 5b 03 a2 88 9a 74 9f e7 8c c6 36 0a f3 ba 06 18 fc 09 fb fc ab 15 5d 5d d6 53 db b7 53 59 97 43 f7 e7 7a ec 4f ce eb a9 11 9c 16 2e 96 a5 ff aa 8b ff 0f a1 9b 14 e7 1c [TRUNCATED] Data Ascii: PNGIHDRaa?sBITO`PLTEf^^77zz\|uu-&{WA- 3&iHRB\@//`t__3j&pHYs~tEXtCreation Time03/04/09tEXtSoftwareAdobe Fireworks CS4]IDAThz1Hm[t6]]SSYCzO.g^tfe:0[^B19m95(pZ1E}ZQRwC;ZHj8stB0t_4MD{cU:w&qf+F.b7HPusD?nSHsuK!R;DNBA_K,]/(o}~vGke~66+#6SWNw9&}mjkW0E{8!2NTAU/kUuD_w[]%@cm(UUL_%XWU3[Tm JT9@OfbC\|Ukk/R8H>pVReEs$=@xA?$=T<`jo4Bb]hMp<z:@HyN"0TX714k$VTx^s}1/7`s+6W!!zRVIN}7}X-2T6)V
Sep 27, 2024 05:55:33.175110102 CEST	1236	IN	Data Raw: ae f4 e9 f5 8f 07 88 0d 60 36 2b ed a3 59 be c9 36 74 27 22 d4 55 2f d7 23 3e 46 fa c5 38 30 cf aa 1a c7 26 f7 2f 01 48 dd dc 65 e3 47 13 0b 41 92 f7 26 01 8c da bd 88 51 5d 69 00 72 42 63 a5 d8 20 1a 29 7d 67 01 c1 68 67 9b fb bc 34 77 f5 26 46 Data Ascii: `6+Y6t'"U/#>F80&/HeGA&Q]irBc )}ghg4w&FT8ZNO8W>{Bk@QS73x+'Ou)`3J1pD(T,\|y Q *@-YG7Jr)&8GC0Uy
Sep 27, 2024 05:55:33.175122023 CEST	468	IN	Data Raw: 65 db de 91 6a d9 f5 f2 5c db 62 78 5e ae e4 1f de 71 7c 5b c7 03 12 d1 e9 93 f5 4b 50 41 15 e2 c7 23 e0 a4 67 c1 2e 57 58 f8 57 f7 e1 90 8d 45 43 9d 11 43 9b a5 57 cc 9b b7 03 17 a6 bc 0a bf c6 4d 60 94 ed bd d7 2c 9a eb db 79 6f 5e 7c dc 65 e0 Data Ascii: ej\bx^q\|[KPA#g.WXWECCWM`,yo^\|e\ ,T-,oetLX\m-\1h9R{ d?!8_N]xo{zSS}7y8o-?@Y~cwLUTxg]4gf'
Sep 27, 2024 05:55:33.841754913 CEST	418	OUT	GET /cgi-sys/images/404top_w.jpg HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://novo.oratoriomariano.com/novo/12473 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:33.959311962 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 03:55:33 GMT Server: Apache Last-Modified: Thu, 13 Oct 2022 23:25:41 GMT Accept-Ranges: bytes Content-Length: 4335 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: image/jpeg Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c0 00 11 08 00 a9 03 64 03 01 11 00 02 11 01 03 11 01 ff c4 00 1b 00 01 01 00 02 03 01 00 00 00 00 00 00 00 00 00 00 00 01 02 04 03 07 08 05 ff c4 00 3a 10 01 00 01 03 00 07 04 07 07 04 02 03 00 00 00 00 00 01 03 07 11 02 04 06 16 17 81 c2 12 21 94 d2 31 36 46 51 74 84 91 05 13 14 61 71 b2 c3 41 56 b1 c1 26 b3 a1 d3 f0 ff c4 00 19 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 05 06 03 04 ff c4 00 27 11 01 00 03 01 00 02 02 01 03 05 01 01 00 00 00 00 00 04 15 52 01 91 a1 02 b1 05 03 11 51 12 21 31 33 d1 13 14 ff da 00 0c [TRUNCATED] Data Ascii: JFIFHHC!"$"$Cd:!16FQtaqAV&'RQ!13?X
Sep 27, 2024 05:55:33.959425926 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 05:55:33.959438086 CEST	1236	IN	Data Raw: fb 0a c8 b8 2c 24 68 e3 2d ca c6 37 a2 b6 3e 1a 8e 7e bd 82 b6 36 39 e7 a5 84 8d 1c 65 b9 7d 9e ed a8 ab 8f cf 56 a3 3d 05 64 5c 16 12 34 45 e5 b9 71 18 de 8a dc f5 6a 13 d0 56 45 c1 61 23 49 17 96 e5 e8 fb 51 5b 9e ad 42 7a 4a d8 d8 e7 9e 96 12 Data Ascii: ,$h-7>~69e}V=d\4EqjVEa#IQ[BzJ47Fq+cczXHg;[?GN[F2z+~+cczXHkE_CV4qj#,$hrjellsK&\,$ixrWC?_+bK8s1<
Sep 27, 2024 05:55:33.959476948 CEST	870	IN	Data Raw: c6 cb 97 9c ce d1 e6 3e 0e 8c 74 15 71 71 f6 58 48 d2 cd ec b9 79 ef da 3c fe 51 a9 d0 8e 82 ae 36 3e cb 09 1f ca 4d ec b9 73 3e b1 f2 8d 4e 8c 74 15 71 71 f6 58 48 d2 cd ec b9 7f dc 58 f9 4a 1e 42 ae 2e 3e cb 09 1a 38 d9 72 fd 1b c7 11 f2 94 3c Data Ascii: >tqqXHy<Q6>Ms>NtqqXHXJB.>8r<\\}4lx<~!We/.^;'Bz,$'.\G]RqqXHq_]NF.',!Wely,$heghF:,$if\(GAWe&\XFF:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	151.101.2.137	80	1260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:55:33.061449051 CEST	330	OUT	GET /jquery-3.3.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://novo.oratoriomariano.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:33.514230967 CEST	601	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Length: 30288 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: W/"28feccc0-1538f" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Content-Encoding: gzip Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Fri, 27 Sep 2024 03:55:33 GMT Age: 3536582 X-Served-By: cache-lga13622-LGA, cache-nyc-kteb1890028-NYC X-Cache: HIT, HIT X-Cache-Hits: 13, 8672 X-Timer: S1727409333.468977,VS0,VE0 Vary: Accept-Encoding
Sep 27, 2024 05:55:33.514261961 CEST	1236	IN	Data Raw: 1f 8b 08 00 00 00 00 00 02 03 bc bd 79 7b db 46 b2 2f fc ff fb 29 44 8c 8f 02 98 2d 4a 72 26 b9 77 40 b5 f9 38 5e 12 67 73 26 76 b6 43 31 79 20 b2 49 21 a6 00 06 00 b5 44 e4 7c f6 5b bf ea 05 0d 10 94 33 73 ee 7d 33 63 11 4b a3 d7 ea ea da eb f8 Data Ascii: y{F/)D-Jr&w@8^gs&vC1y I!D\|[3s}3cKqUqwp F_=xYRyvdT4"XWyQRX/JuJT}%}6a_BnU>[/u5oJefz'Q\W"9
Sep 27, 2024 05:55:33.514296055 CEST	1236	IN	Data Raw: 38 36 58 20 f0 20 3d a0 2f 2b 1f f4 e9 de 1c d5 59 44 70 32 8b d0 cf 97 57 ab ea 6e 5f 3f 87 1e 64 98 0e 9f da 9e 9f 10 36 5e e6 17 c9 f2 e5 75 b2 6c 7c 7a c5 93 d2 c2 83 38 5f 98 68 21 8a e5 04 a7 e9 73 8c e7 1e 0d 64 44 c2 e8 bd 31 2c ce 68 66 Data Ascii: 86X =/+YDp2Wn_?d6^ul\|z8_h!sdD1,hf4Nd0.:o!\|]}%pz7[;p{:ORm+JNXEqiHdHn{]N(]4*Lw_YD+B"qOdEs&y\
Sep 27, 2024 05:55:33.514307022 CEST	1236	IN	Data Raw: 1c 8b 2f 75 6d 7f 0b c7 40 0d 34 2d e1 f9 0d fd a5 d5 37 0f a8 2e f1 95 3c 1e d3 a8 8e c5 7f 37 c0 8b 37 1b ed b5 59 72 34 9f dc 9f 8a 4f b7 dc f1 d1 46 8f 8a 36 1e 77 1a 70 aa 94 ec a4 2f 64 70 72 4b a7 e0 d1 a7 9f 7c f2 f1 a7 f6 c0 2f c0 81 6c Data Ascii: /um@4-7.<77Yr4OF6wp/dprK\|/l61eR<g,Ew\|d'O8=ya<.=d&~h_\2}"UG+\|>bDij05{F9YR P>?cy]
Sep 27, 2024 05:55:33.514317989 CEST	672	IN	Data Raw: a4 10 15 8e 76 1b 8b 6f 9c a8 4d 53 1e 20 21 12 6f 3f 27 ed de 8c c2 99 4c c4 25 21 bc d6 0b b1 90 bd 3c 9c 11 89 a8 6b 0a 53 94 51 f3 64 bd ac 7e 4c d5 4d 04 11 64 95 af e8 2d 08 a0 74 90 cc 66 2f 89 53 aa be 4e cb 4a 51 b7 46 bb 8f a0 cf 5f e6 Data Ascii: voMS !o?'L%!<kSQd~LMd-tf/SNJQF_{(Ns)T!e'N)]3\|cj5Wk+<]":ES}.^6HG*D]Du</Dce]p&{;pTDMdf8
Sep 27, 2024 05:55:33.514431000 CEST	1236	IN	Data Raw: f7 72 d6 05 1b fc a5 96 2c 3b 55 0c d5 f2 a4 07 16 ac 63 61 54 c6 83 ec a8 c9 bd 12 41 6c e7 82 6a da d9 37 6e c6 88 d1 dd db 4c 5d c1 5f 6d a7 ab 9a c7 22 be a5 57 f6 4b 31 78 1c 63 ed 23 20 80 2b f0 c7 aa b4 e5 2d 32 b8 92 97 f6 d5 66 73 39 b8 Data Ascii: r,;UcaTAlj7nL]_m"WK1xc# +-2fs9QfYxw,[]ZaV9A 6WB=sYO'@sXfZ^wTv>.%-d^JF]4Xj1X)zZY^+piaj_O?=
Sep 27, 2024 05:55:33.514442921 CEST	1236	IN	Data Raw: 7d 4c c4 2e c0 59 03 10 4c b1 3e 28 77 ec 54 48 19 71 d1 68 c7 ab a3 d7 90 43 79 62 57 ab 5c 00 0e ec d6 75 19 a1 a3 b6 1f db ed d6 4b a3 41 77 ce 27 44 02 57 0d 13 a2 f0 57 67 03 47 45 b5 dd 10 6c 9d 30 a7 2f e9 48 eb 72 e1 d1 4b d0 81 d4 a6 b5 Data Ascii: }L.YL>(wTHqhCybW\uKAw'DWWgGEl0/HrK-h5" q!sg -a:>z@f-1J{\|%O-qNS"TARtsuU[wkGoXc#0]W=G
Sep 27, 2024 05:55:33.514452934 CEST	1236	IN	Data Raw: 2d 84 16 1d 7c 13 7f 23 3d 68 ff c3 79 7e df 17 c9 2c cd e1 0b cf 7b ff 22 bf c5 35 31 fb 1c 64 65 45 3c e8 4d 5e cc 70 9d 5e 25 0b 0e b3 12 d5 54 55 35 91 73 08 67 eb ea ca f5 c5 55 0a 91 94 28 14 51 40 bb e5 57 ba bc 35 74 bc 83 41 f5 f6 4e 79 Data Ascii: -\|#=hy~,{"51deE<M^p^%TU5sgU(Q@W5tANy1ESYAN1~L} $*[aS'`m"yh,Q#}(#@;$hpMRD7W\owz(:ZDZ;:#^tG0q\|
Sep 27, 2024 05:55:33.514657974 CEST	1236	IN	Data Raw: 72 cd 55 ba b9 bb f0 56 5c 60 6a 3d 43 fb eb a7 27 46 82 7c 45 c8 e8 96 c6 46 48 9b ff 86 f8 91 bf 6b 13 11 3a 9d 87 17 40 39 17 d1 d6 e2 91 b5 b8 20 14 4b e7 05 75 e5 c2 ad 23 f5 ce 05 28 02 88 36 6c 27 a8 1e 67 9b a0 c7 46 47 de 4d 24 6e b7 b5 Data Ascii: rUV\`j=C'F\|EFHk:@9 Ku#(6l'gFGM$nKD8JkS5\|C8PUgt@g#g^jHeR/q@HkObb pIoS5S=h,2Z@v<}(/F-6BkV3
Sep 27, 2024 05:55:33.514668941 CEST	1236	IN	Data Raw: 33 45 77 7a 28 6c a9 48 e4 2b 47 d7 f7 e6 df 12 b9 39 a1 8a 96 13 78 8a 40 4e 6c f6 8a ea 88 a9 c9 85 b7 71 25 d1 d4 5e 05 07 9e 5f 99 fb 40 35 3f d0 db 2f 46 dc d2 51 7d 6c 0e 10 ee f2 6e 64 7e 19 12 c3 1b e0 46 17 29 38 d4 f5 44 d0 b5 39 0d 16 Data Ascii: 3Ewz(lH+G9x@Nlq%^_@5?/FQ}lnd~F)8D9`M!ot}TF\|tCV;7+H)2>4T_>?n#Y6T;hJbKo6XT`ZP5~!'A!BCaZ"dhcBvPsp
Sep 27, 2024 05:55:33.519290924 CEST	1236	IN	Data Raw: 1e cc d5 58 1f 6e 76 29 1b f1 29 f7 e0 59 7d ee 2f 90 27 67 fc f7 09 1f 11 fa 6a 98 d3 ef e9 64 12 ee b4 98 72 20 c3 ae a4 61 43 06 53 0f a0 dd 25 f3 13 1a 72 42 10 c8 80 26 0b e5 03 b3 9e 66 8a 70 cf 09 04 e3 8a 7a 70 32 e9 07 d8 b5 c1 44 37 96 Data Ascii: Xnv))Y}/'gjdr aCS%rB&fpzp2D7rrIDJsyN\|'.NBgIvK@KENP4@"a9/$AG5p7j?>1\|+FK-N'B}(8}p!435-B 5DN]Z.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	162.241.61.68	80	1260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:55:33.394046068 CEST	308	OUT	GET /cgi-sys/js/simple-expand.min.js HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:33.899113894 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 03:55:33 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Thu, 29 Sep 2022 22:56:50 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1191 Keep-Alive: timeout=5, max=75 Content-Type: application/javascript Data Raw: 1f 8b 08 00 00 00 00 00 00 03 95 52 4d 6f db 38 10 bd f7 57 d0 82 61 88 85 22 3b 05 f6 22 43 c8 c1 ed 62 b3 6d 92 2e 92 3d 15 3d 30 d2 d8 62 43 93 5e 72 6c 27 70 fc df 77 48 4a b6 e2 a6 dd 2e 7c b0 38 9f 6f de 7b e3 b7 6c 66 56 4f 56 2e 1a 64 e9 8c b3 77 93 f3 77 ec f6 49 6d 84 d4 ec 0f b1 04 f5 e6 b3 35 df a0 c2 82 35 88 2b 57 8c c7 0b 89 cd fa 3e af cc 72 6c a1 6e 0c 3a f5 34 76 72 b9 52 70 06 8f 2b a1 eb 37 57 97 77 ec 93 ac 40 57 70 ec b3 62 9b ff 77 ef 78 29 1c 82 1d ab d8 7e b6 94 98 e3 23 b2 b7 e3 37 e9 7c ad 2b 94 46 a7 43 be 4b d6 0e 98 43 2b 2b 4c a6 5d 82 41 ca 77 1b 61 19 94 d8 48 37 85 bc 86 b9 58 2b 74 e5 ae 91 35 5c 99 1a 8a 64 2e 6a b8 33 8b 85 82 24 6b f3 b7 20 6c d5 c4 f4 4a 58 d0 78 48 dd 09 bb 00 2c 12 02 ad 31 24 b0 b1 66 7b a3 af a4 73 52 2f da fc 60 92 3d 00 ac 6e 51 20 5c ea 99 31 0f 12 8a c1 79 56 85 af 6b a2 b2 48 5e 1c 9a ec 33 c8 1d 20 d2 0c 82 b7 cf 86 39 3c d2 82 3a 3d 86 b3 e3 01 9c be e7 52 d7 9f 60 03 ea 46 c3 7b 5a 56 1e 08 81 0c 33 cd 77 16 70 6d 89 85 50 99 22 a7 [TRUNCATED] Data Ascii: RMo8Wa";"Cbm.==0bC^rl'pwHJ.\|8o{lfVOV.dwwIm55+W>rln:4vrRp+7Ww@Wpbwx)~#7\|+FCKC++L]AwaH7X+t5\d.j3$k lJXxH,1$f{sR/`=nQ \1yVkH^3 9<:=R`F{ZV3wpmP"EdJx[T4E\^`-K-Q:<C6NEYp.MX9n{M5iH^Wo{ He_e'}WXTTOmy~+{y;wvy#[y3e56}i}7_,24X;8O{;FLHxZg$}w4P2'<O="]b.K2bo8&,gb/b2lS~-us@CKq9J%vVl$[lT_}Os$IGLC#k2e25BWz?hNV>.Jy1J^z}(DF:x&Ftd+AN-*X9KC/IN{8AE\|75Be9L-rErnB6P7iJXU
Sep 27, 2024 05:55:33.899131060 CEST	283	IN	Data Raw: 8e 6c 19 03 e4 b3 da b0 57 a7 b8 30 25 93 b9 02 bd c0 86 86 4c 46 a3 d4 95 ee d0 ca a7 db 46 92 72 2f 4b 5c fb 1a d0 8b ef 5b a2 a5 67 40 d0 cd 1b 92 e7 c4 70 c3 1c 1e 11 74 dd 93 9c c2 54 5f 35 50 3d 7c 24 2c 41 d4 4b 3d 0b b6 ff 6c a1 32 ba 96 Data Ascii: lW0%LFFr/K\[g@ptT_5P=\|$,AK=l2~Ky9I3Ha#4+mY+=E{a.Nia!uy4R;`cF_I{y&N.WZ8k2mZe3/5%T HO[d<\|oao0<
Sep 27, 2024 05:55:34.008965015 CEST	304	OUT	GET /cgi-sys/images/404top_w.jpg HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:34.130227089 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 03:55:34 GMT Server: Apache Last-Modified: Thu, 13 Oct 2022 23:25:41 GMT Accept-Ranges: bytes Content-Length: 4335 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: image/jpeg Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c0 00 11 08 00 a9 03 64 03 01 11 00 02 11 01 03 11 01 ff c4 00 1b 00 01 01 00 02 03 01 00 00 00 00 00 00 00 00 00 00 00 01 02 04 03 07 08 05 ff c4 00 3a 10 01 00 01 03 00 07 04 07 07 04 02 03 00 00 00 00 00 01 03 07 11 02 04 06 16 17 81 c2 12 21 94 d2 31 36 46 51 74 84 91 05 13 14 61 71 b2 c3 41 56 b1 c1 26 b3 a1 d3 f0 ff c4 00 19 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 05 06 03 04 ff c4 00 27 11 01 00 03 01 00 02 02 01 03 05 01 01 00 00 00 00 00 04 15 52 01 91 a1 02 b1 05 03 11 51 12 21 31 33 d1 13 14 ff da 00 0c [TRUNCATED] Data Ascii: JFIFHHC!"$"$Cd:!16FQtaqAV&'RQ!13?X
Sep 27, 2024 05:55:34.130278111 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Sep 27, 2024 05:55:34.130289078 CEST	1236	IN	Data Raw: fb 0a c8 b8 2c 24 68 e3 2d ca c6 37 a2 b6 3e 1a 8e 7e bd 82 b6 36 39 e7 a5 84 8d 1c 65 b9 7d 9e ed a8 ab 8f cf 56 a3 3d 05 64 5c 16 12 34 45 e5 b9 71 18 de 8a dc f5 6a 13 d0 56 45 c1 61 23 49 17 96 e5 e8 fb 51 5b 9e ad 42 7a 4a d8 d8 e7 9e 96 12 Data Ascii: ,$h-7>~69e}V=d\4EqjVEa#IQ[BzJ47Fq+cczXHg;[?GN[F2z+~+cczXHkE_CV4qj#,$hrjellsK&\,$ixrWC?_+bK8s1<
Sep 27, 2024 05:55:34.130300999 CEST	870	IN	Data Raw: c6 cb 97 9c ce d1 e6 3e 0e 8c 74 15 71 71 f6 58 48 d2 cd ec b9 79 ef da 3c fe 51 a9 d0 8e 82 ae 36 3e cb 09 1f ca 4d ec b9 73 3e b1 f2 8d 4e 8c 74 15 71 71 f6 58 48 d2 cd ec b9 7f dc 58 f9 4a 1e 42 ae 2e 3e cb 09 1a 38 d9 72 fd 1b c7 11 f2 94 3c Data Ascii: >tqqXHy<Q6>Ms>NtqqXHXJB.>8r<\\}4lx<~!We/.^;'Bz,$'.\G]RqqXHq_]NF.',!Wely,$heghF:,$if\(GAWe&\XFF:
Sep 27, 2024 05:55:34.675623894 CEST	305	OUT	GET /cgi-sys/images/404bottom.gif HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:34.798573017 CEST	778	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 03:55:34 GMT Server: Apache Last-Modified: Thu, 29 Sep 2022 22:57:19 GMT Accept-Ranges: bytes Content-Length: 537 Keep-Alive: timeout=5, max=73 Connection: Keep-Alive Content-Type: image/gif Data Raw: 47 49 46 38 39 61 64 03 0e 00 d5 00 00 36 65 94 f7 f9 fb ad c0 d4 9d b4 cb cd d9 e4 7c 9b b9 a2 b8 ce 6d 8f b1 e6 ec f2 5c 82 a9 8c a7 c2 bd cd dc 4e 77 a1 f2 f5 f8 b0 c3 d5 85 a2 be dc e4 ec 93 ad c6 ff ff ff 58 7f a6 73 94 b5 a7 bc d0 c5 d2 e0 64 89 ad 81 9e bc d1 dc e7 ea ef f4 f6 f8 fa b3 c5 d7 7b 94 b5 7e 9d bb 8c ad c5 6b 94 b5 8c a5 bd 63 87 ac 59 80 a7 d4 de e8 ed f1 f5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 00 07 00 ff 00 2c 00 00 00 00 64 03 0e 00 00 06 ff 40 83 41 42 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 b0 78 4c 2e 9b cf e8 b4 7a 5d 54 08 87 ec b8 7c 4e af db ef f8 bc 7e cf ef fb ff 80 4f 6e 42 81 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 55 6e 15 03 91 96 97 98 99 9a 9b 9c 9d 9e 9f 53 1e 0e 0e 11 a0 a6 a7 a8 a9 aa ab ac ad 9e a2 16 18 ae b3 b4 b5 b6 b7 b8 [TRUNCATED] Data Ascii: GIF89ad6e\|m\NwXsd{~kcY!,d@AB,rl:tJZvzxL.z]T\|N~OnBUnSfDfD#pEH2@# CI(S\0cI8s6*d(phDC8ZXj`KS9X Q"I;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	162.241.61.68	80	1260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:55:33.394303083 CEST	297	OUT	GET /cgi-sys/images/x.png HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:33.891078949 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 03:55:33 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Thu, 29 Sep 2022 22:56:49 GMT Accept-Ranges: bytes Content-Length: 2672 Keep-Alive: timeout=5, max=75 Content-Type: image/png Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 61 00 00 00 61 08 03 00 00 00 f1 d8 3f 91 00 00 00 03 73 42 49 54 08 08 08 db e1 4f e0 00 00 00 60 50 4c 54 45 66 00 00 e7 cf cf 8a 5e 5e 86 37 37 cc 00 00 7a 7a 7c bb 02 02 f9 75 75 e7 2d 26 ef 7b 57 a7 01 01 ff ff ff d9 8f 8f d4 41 2d c6 20 17 cd 33 26 e6 69 48 e8 52 42 fd b4 b2 99 00 00 e1 5c 40 bd 8f 8f bc 2f 2f f4 ef ef dc bf bf e3 15 15 db 00 00 f6 8e 60 9f a1 a3 fe 99 74 c5 5f 5f bd 13 10 33 6a 26 19 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 16 74 45 58 74 43 72 65 61 74 69 6f 6e 20 54 69 6d 65 00 30 33 2f 30 34 2f 30 39 d9 8b d2 0e 00 00 00 1c 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 46 69 72 65 77 6f 72 6b 73 20 43 53 34 06 b2 d3 a0 00 00 09 5d 49 44 41 54 68 81 ad 9a 8d 7a ab ac 12 85 31 a1 48 ac c1 2a 89 88 6d e5 fe ef f2 5b 03 a2 88 9a 74 9f e7 8c c6 36 0a f3 ba 06 18 fc 09 fb fc ab 15 5d 5d d6 53 db b7 53 59 97 43 f7 e7 7a ec 4f ce eb a9 11 9c 16 2e 96 a5 ff aa 8b ff 0f a1 9b 14 e7 1c [TRUNCATED] Data Ascii: PNGIHDRaa?sBITO`PLTEf^^77zz\|uu-&{WA- 3&iHRB\@//`t__3j&pHYs~tEXtCreation Time03/04/09tEXtSoftwareAdobe Fireworks CS4]IDAThz1Hm[t6]]SSYCzO.g^tfe:0[^B19m95(pZ1E}ZQRwC;ZHj8stB0t_4MD{cU:w&qf+F.b7HPusD?nSHsuK!R;DNBA_K,]/(o}~vGke~66+#6SWNw9&}mjkW0E{8!2NTAU/kUuD_w[]%@cm(UUL_%XWU3[Tm JT9@OfbC\|Ukk/R8H>pVReEs$=@xA?$=T<`jo4Bb]hMp<z:@HyN"0TX714k$VTx^s}1/7`s+6W!!zRVIN}7}X-2T6)V
Sep 27, 2024 05:55:33.891093016 CEST	1236	IN	Data Raw: ae f4 e9 f5 8f 07 88 0d 60 36 2b ed a3 59 be c9 36 74 27 22 d4 55 2f d7 23 3e 46 fa c5 38 30 cf aa 1a c7 26 f7 2f 01 48 dd dc 65 e3 47 13 0b 41 92 f7 26 01 8c da bd 88 51 5d 69 00 72 42 63 a5 d8 20 1a 29 7d 67 01 c1 68 67 9b fb bc 34 77 f5 26 46 Data Ascii: `6+Y6t'"U/#>F80&/HeGA&Q]irBc )}ghg4w&FT8ZNO8W>{Bk@QS73x+'Ou)`3J1pD(T,\|y Q *@-YG7Jr)&8GC0Uy
Sep 27, 2024 05:55:33.891103983 CEST	468	IN	Data Raw: 65 db de 91 6a d9 f5 f2 5c db 62 78 5e ae e4 1f de 71 7c 5b c7 03 12 d1 e9 93 f5 4b 50 41 15 e2 c7 23 e0 a4 67 c1 2e 57 58 f8 57 f7 e1 90 8d 45 43 9d 11 43 9b a5 57 cc 9b b7 03 17 a6 bc 0a bf c6 4d 60 94 ed bd d7 2c 9a eb db 79 6f 5e 7c dc 65 e0 Data Ascii: ej\bx^q\|[KPA#g.WXWECCWM`,yo^\|e\ ,T-,oetLX\m-\1h9R{ d?!8_N]xo{zSS}7y8o-?@Y~cwLUTxg]4gf'
Sep 27, 2024 05:55:34.005264997 CEST	302	OUT	GET /cgi-sys/images/404mid.gif HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:34.120769978 CEST	361	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 03:55:34 GMT Server: Apache Last-Modified: Thu, 29 Sep 2022 22:57:51 GMT Accept-Ranges: bytes Content-Length: 120 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: image/gif Data Raw: 47 49 46 38 39 61 64 03 04 00 91 00 00 9a b2 c9 ff ff ff a0 b6 cc a1 b7 cd 21 f9 04 00 07 00 ff 00 2c 00 00 00 00 64 03 04 00 00 02 49 dc 82 a9 cb ed 0f a3 9c b4 da 8b b3 de bc fb 0f 86 e2 48 96 e6 89 a6 ea ca b6 ee 9b 00 80 01 d7 f6 8d e7 fa ce f7 fe 0f 0c 0a 87 44 8a 8c 56 4c 2a 97 cc a6 f3 09 8d 4a a7 54 cc f1 50 cd 6a b7 dc ae f7 0b 0e 8b 2d b2 02 00 3b Data Ascii: GIF89ad!,dIHDVL*JTPj-;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	162.241.61.68	80	1260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:55:33.847090006 CEST	419	OUT	GET /cgi-sys/images/404bottom.gif HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://novo.oratoriomariano.com/novo/12473 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:34.335592985 CEST	804	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 03:55:34 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Thu, 29 Sep 2022 22:57:19 GMT Accept-Ranges: bytes Content-Length: 537 Keep-Alive: timeout=5, max=75 Content-Type: image/gif Data Raw: 47 49 46 38 39 61 64 03 0e 00 d5 00 00 36 65 94 f7 f9 fb ad c0 d4 9d b4 cb cd d9 e4 7c 9b b9 a2 b8 ce 6d 8f b1 e6 ec f2 5c 82 a9 8c a7 c2 bd cd dc 4e 77 a1 f2 f5 f8 b0 c3 d5 85 a2 be dc e4 ec 93 ad c6 ff ff ff 58 7f a6 73 94 b5 a7 bc d0 c5 d2 e0 64 89 ad 81 9e bc d1 dc e7 ea ef f4 f6 f8 fa b3 c5 d7 7b 94 b5 7e 9d bb 8c ad c5 6b 94 b5 8c a5 bd 63 87 ac 59 80 a7 d4 de e8 ed f1 f5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 f9 04 00 07 00 ff 00 2c 00 00 00 00 64 03 0e 00 00 06 ff 40 83 41 42 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 b0 78 4c 2e 9b cf e8 b4 7a 5d 54 08 87 ec b8 7c 4e af db ef f8 bc 7e cf ef fb ff 80 4f 6e 42 81 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 55 6e 15 03 91 96 97 98 99 9a 9b 9c 9d 9e 9f 53 1e 0e 0e 11 a0 a6 a7 a8 a9 aa ab ac ad 9e a2 16 18 ae b3 b4 b5 b6 b7 b8 [TRUNCATED] Data Ascii: GIF89ad6e\|m\NwXsd{~kcY!,d@AB,rl:tJZvzxL.z]T\|N~OnBUnSfDfD#pEH2@# CI(S\0cI8s6*d(phDC8ZXj`KS9X Q"I;
Sep 27, 2024 05:55:34.376614094 CEST	402	OUT	GET /favicon.ico HTTP/1.1 Host: novo.oratoriomariano.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://novo.oratoriomariano.com/novo/12473 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:34.494297028 CEST	1236	IN	HTTP/1.1 404 Not Found Date: Fri, 27 Sep 2024 03:55:34 GMT Server: Apache Last-Modified: Thu, 29 Sep 2022 22:59:29 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4677 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 [TRUNCATED] Data Ascii: RmssgJ&av$NmRmHInM=_cpw~y3(\G(z}[832qQtjEl0;hQoAqK/^zPP`1PP%J^Vyg::<s}k9=v]Ivs8w>;]Np3xyvGe)e,v&FVIJqM3Hhp8(a{8jotEI.6q^>YZQH]rBis_4:Jar!c(j):{{d!5Dh4+k5yUD$wZ}YQO,5I>i6<]2XpCMe^Wh2.\|~l'\|v,sTWdG'8RFOE>8.V?\~[KJzp=4LB)YyuFMYb;Cd5[&TWRd{/_lyoY'+G;G\?zJL9*~"P,EO$}(OW<2X!SSQrxOx"#DJMAP!3-uH26?<gR;1<]9G$Vp0sBQ=f%afQmB<qMZq0&Vk
Sep 27, 2024 05:55:34.494312048 CEST	1236	IN	Data Raw: 49 26 3b f9 fa 41 83 05 ea 7d 2a 6d a5 44 33 d4 a4 71 b1 99 49 63 79 2b 21 45 66 c8 7d ce 7e f9 e5 e0 60 b1 69 91 ef a6 ab dd a3 c9 f3 17 2f 7e 5d ec ba 42 9a b5 cd c3 17 bf 26 87 2f 56 43 53 84 7b 98 88 e4 2e 37 54 eb b4 bf 38 87 cf fd bf 11 0b Data Ascii: I&;A}mD3qIcy+!Ef}~`i/~]B&/VCS{.7T81),)VRCx{k_hT!dnD3bxixqTHr2=-c/7UtoGc-'9_e$'(e66FANz=86CG]__^g
Sep 27, 2024 05:55:34.494354010 CEST	1236	IN	Data Raw: 7f 5f 9a cc 0f 7c 7e cc 8d 47 d3 16 aa a5 c0 11 77 9c 06 70 2d f3 c2 71 9d 65 72 e7 67 b7 4d f9 97 a6 78 33 93 82 c8 22 5c 19 aa d0 38 89 76 00 b7 8c 58 2d df 59 8d 52 e0 90 bf bc 76 3f ae 12 5e 1f 5f 0e 51 fa 28 da aa 25 42 fb 6a 70 ac 19 d5 3a Data Ascii: _\|~Gwp-qergMx3"\8vX-YRv?^_Q(%Bjp:}P[_0uBTg0+\|~@('H{3jsrTMsMDk={j-o\|m4aG+.<W6CYkGm^jTRm=9tMj=;
Sep 27, 2024 05:55:34.494365931 CEST	1236	IN	Data Raw: 14 ae c5 80 4c 2a 8c 23 31 8e 23 06 59 f2 f0 d3 3a 38 d6 e1 50 bb de 46 46 b7 2c 79 13 c3 eb 75 2c de 42 97 c2 94 0d 7e ca ef ce d4 fc 46 da 3e 63 a3 84 03 87 6c 70 70 13 cd 94 f3 29 5a 76 13 0c 5e b2 55 09 1a 0f 04 36 41 2d 8c a4 36 a7 16 95 33 Data Ascii: L#1#Y:8PFF,yu,B~F>clpp)Zv^U6A-63YZ2Zsc]1Z [SiXCY^WQCbK~+n:)@UP7RpWO~b!/r@l-ElQK$gYzKoF
Sep 27, 2024 05:55:34.494396925 CEST	29	IN	Data Raw: b7 fe ec 9e d9 f5 30 98 c9 c5 d1 84 d2 26 3c 14 ae 64 4b ff 17 cc cb 70 7c 28 2e 00 00 Data Ascii: 0&<dKp\|(.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	151.101.66.137	80	1260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:55:33.910789967 CEST	287	OUT	GET /jquery-3.3.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 05:55:34.371558905 CEST	606	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Length: 30288 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: W/"28feccc0-1538f" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Content-Encoding: gzip Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Fri, 27 Sep 2024 03:55:34 GMT Age: 1454153 X-Served-By: cache-lga21927-LGA, cache-ewr-kewr1740035-EWR X-Cache: HIT, HIT X-Cache-Hits: 19139, 194752 X-Timer: S1727409334.324112,VS0,VE0 Vary: Accept-Encoding
Sep 27, 2024 05:55:34.371572971 CEST	1236	IN	Data Raw: 1f 8b 08 00 00 00 00 00 02 03 bc bd 79 7b db 46 b2 2f fc ff fb 29 44 8c 8f 02 98 2d 4a 72 26 b9 77 40 b5 f9 38 5e 12 67 73 26 76 b6 43 31 79 20 b2 49 21 a6 00 06 00 b5 44 e4 7c f6 5b bf ea 05 0d 10 94 33 73 ee 7d 33 63 11 4b a3 d7 ea ea da eb f8 Data Ascii: y{F/)D-Jr&w@8^gs&vC1y I!D\|[3s}3cKqUqwp F_=xYRyvdT4"XWyQRX/JuJT}%}6a_BnU>[/u5oJefz'Q\W"9
Sep 27, 2024 05:55:34.371642113 CEST	1236	IN	Data Raw: 38 36 58 20 f0 20 3d a0 2f 2b 1f f4 e9 de 1c d5 59 44 70 32 8b d0 cf 97 57 ab ea 6e 5f 3f 87 1e 64 98 0e 9f da 9e 9f 10 36 5e e6 17 c9 f2 e5 75 b2 6c 7c 7a c5 93 d2 c2 83 38 5f 98 68 21 8a e5 04 a7 e9 73 8c e7 1e 0d 64 44 c2 e8 bd 31 2c ce 68 66 Data Ascii: 86X =/+YDp2Wn_?d6^ul\|z8_h!sdD1,hf4Nd0.:o!\|]}%pz7[;p{:ORm+JNXEqiHdHn{]N(]4*Lw_YD+B"qOdEs&y\
Sep 27, 2024 05:55:34.371654987 CEST	1236	IN	Data Raw: 1c 8b 2f 75 6d 7f 0b c7 40 0d 34 2d e1 f9 0d fd a5 d5 37 0f a8 2e f1 95 3c 1e d3 a8 8e c5 7f 37 c0 8b 37 1b ed b5 59 72 34 9f dc 9f 8a 4f b7 dc f1 d1 46 8f 8a 36 1e 77 1a 70 aa 94 ec a4 2f 64 70 72 4b a7 e0 d1 a7 9f 7c f2 f1 a7 f6 c0 2f c0 81 6c Data Ascii: /um@4-7.<77Yr4OF6wp/dprK\|/l61eR<g,Ew\|d'O8=ya<.=d&~h_\2}"UG+\|>bDij05{F9YR P>?cy]
Sep 27, 2024 05:55:34.371665955 CEST	1236	IN	Data Raw: a4 10 15 8e 76 1b 8b 6f 9c a8 4d 53 1e 20 21 12 6f 3f 27 ed de 8c c2 99 4c c4 25 21 bc d6 0b b1 90 bd 3c 9c 11 89 a8 6b 0a 53 94 51 f3 64 bd ac 7e 4c d5 4d 04 11 64 95 af e8 2d 08 a0 74 90 cc 66 2f 89 53 aa be 4e cb 4a 51 b7 46 bb 8f a0 cf 5f e6 Data Ascii: voMS !o?'L%!<kSQd~LMd-tf/SNJQF_{(Ns)T!e'N)]3\|cj5Wk+<]":ES}.^6HG*D]Du</Dce]p&{;pTDMdf8
Sep 27, 2024 05:55:34.371746063 CEST	624	IN	Data Raw: df 2e 9e 05 a8 5a 64 64 54 29 f5 03 87 68 9c 48 d1 93 40 d7 33 54 89 99 9e 1e 82 22 7b 60 3d 3d e1 99 b2 08 a9 73 76 3f 30 4b b7 c6 7c 9b aa 81 90 a1 55 c5 c3 1f 33 e8 a7 b2 21 80 6d 99 01 c1 bc 2b 3d 3c fc 56 cf 92 5f 52 b4 4a 46 a3 94 d5 5a bd Data Ascii: .ZddT)hH@3T"{`==sv?0K\|U3!m+=<V_RJFZe-,9\|,d1jC9y!ARt(Wg_D*LVC{)gKuVi?@Ue\|M,%"-n/b<@(MUj/K&SiP6$^/"1\\
Sep 27, 2024 05:55:34.371779919 CEST	1236	IN	Data Raw: 78 4c 74 e9 cf ba 38 74 38 04 c2 49 98 c1 b5 4d df 38 2f af 90 b8 6d a7 8e 38 aa a2 23 7b 1d f1 c2 9c a0 de 93 7a 0e 2b 8c 98 1a cb bc 27 fe 6a 7d 4c c4 2e c0 59 03 10 4c b1 3e 28 77 ec 54 48 19 71 d1 68 c7 ab a3 d7 90 43 79 62 57 ab 5c 00 0e ec Data Ascii: xLt8t8IM8/m8#{z+'j}L.YL>(wTHqhCybW\uKAw'DWWgGEl0/HrK-h5" q!sg -a:>z@f-1J{\|%O-qNS"TAR
Sep 27, 2024 05:55:34.371854067 CEST	224	IN	Data Raw: cc fa f2 49 a4 da 66 09 8a be 27 46 ff a1 cf 4f 3f f0 f9 b2 ea ea a8 f3 99 95 ae af c3 a3 23 50 30 43 5b 4d d1 a8 66 f1 97 ab e9 f7 0b ea 50 67 2d 84 16 1d 7c 13 7f 23 3d 68 ff c3 79 7e df 17 c9 2c cd e1 0b cf 7b ff 22 bf c5 35 31 fb 1c 64 65 45 Data Ascii: If'FO?#P0C[MfPg-\|#=hy~,{"51deE<M^p^%TU5sgU(Q@W5tANy1ESYAN1~L} $*[aS'`m"yh,Q#}(#@;$hpMR
Sep 27, 2024 05:55:34.371864080 CEST	1236	IN	Data Raw: b0 06 44 d4 04 aa e1 37 57 03 f6 17 b1 d4 c6 18 5c e4 ba f8 bd 11 6f 0b 8e 77 c3 95 7a 04 d8 01 1b 28 d4 8d 3a 9e 5a af 44 02 07 5a 3b 8d 11 3a fc 23 91 85 5e 9f 97 74 ab 47 82 ab 30 e5 71 7c b0 17 89 30 ba 17 a2 1f f7 b4 0e d5 58 66 5c f8 dd 0c Data Ascii: D7W\owz(:ZDZ;:#^tG0q\|0Xf\[2(~OK{{?{:U}byQH5`P j=O1y514ji-e+O81Z*Rmt4BgicEDYl[UMMG
Sep 27, 2024 05:55:34.371876001 CEST	1236	IN	Data Raw: e5 ca 35 83 53 88 0f 3d a8 c4 68 98 a7 2c 87 32 88 9e b1 d0 5a ce 40 76 cd 3c e5 af f3 dd 7d fa 84 28 e0 d7 2f 80 07 08 b2 d7 d0 46 1b ee ff 1f 2d df ca 05 36 90 c3 42 6b 56 d4 33 16 d2 1e df 95 0c 9d 0b 48 b8 b4 38 cd e7 5f b4 7c b4 8a ac b2 22 Data Ascii: 5S=h,2Z@v<}(/F-6BkV3H8_\|"X-{};m.Q1O1vZ&FCH1Q=dK=sr+}.w{m\FG:[BGn#@T"gEu0"8Zaj;D5Th
Sep 27, 2024 05:55:34.376435041 CEST	1236	IN	Data Raw: 4b e5 c7 8b 6f 06 83 36 58 d4 e2 54 e8 c1 60 5a b9 83 50 35 ad c1 bb d0 ed 7e 86 21 27 41 af f1 21 42 16 43 b8 0b c2 61 d8 f2 84 e2 00 5a ce 22 e0 14 b2 d1 64 94 68 1b 13 63 42 da 76 50 df 73 fc 70 84 e6 e8 3e 77 8a de a6 5e ab 1d 70 df 29 1b 1a Data Ascii: Ko6XT`ZP5~!'A!BCaZ"dhcBvPsp>w^p)hB6;-&F\|P`#E;E#^pRD2lwGl+F@XAvRzq+~dtWi5&}A-._>N4^Gf?wM_r?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	58134	162.241.61.68	80	1260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 05:56:36.076251030 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49747	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 03:55:36 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 03:55:36 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=46238 Date: Fri, 27 Sep 2024 03:55:36 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49748	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-27 03:55:37 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 03:55:37 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=46183 Date: Fri, 27 Sep 2024 03:55:37 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-27 03:55:37 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6032, Parent PID: 2696

General

Target ID:	0
Start time:	23:55:26
Start date:	26/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1260, Parent PID: 6032

General

Target ID:	2
Start time:	23:55:28
Start date:	26/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,9115757416579988487,16549715016900930779,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6396, Parent PID: 2696

General

Target ID:	3
Start time:	23:55:31
Start date:	26/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://novo.oratoriomariano.com/novo/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://novo.oratoriomariano.com/novo/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

Windows Analysis Report
http://novo.oratoriomariano.com/novo/