Edit tour

Windows Analysis Report
https://iyu59.com/

Overview

General Information

Sample URL:	https://iyu59.com/
Analysis ID:	1433043
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1996,i,4205315775780067847,8781418941483147223,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=2036,i,9588645296810091784,9140298293887751568,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://iyu59.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714347361084&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 23.11.208.106:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.11.208.106:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49732 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@23/13@6/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1996,i,4205315775780067847,8781418941483147223,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=2036,i,9588645296810091784,9140298293887751568,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://iyu59.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1996,i,4205315775780067847,8781418941483147223,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=2036,i,9588645296810091784,9140298293887751568,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://iyu59.com/	100%	Avira URL Cloud	phishing
https://iyu59.com/	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse
iyu59.com	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://iyu59.com/vendor/vendor.23238u92u82.js	100%	Avira URL Cloud	phishing
https://iyu59.com/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	172.217.4.196	true	false		high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	0%, Virustotal, Browse	unknown
iyu59.com	107.172.87.11	true	false	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://iyu59.com/index.php?t=8ee8bbe33accbf341cd7c4492172fef66d3e7343069a3f07d5ebb7b7178b51c0	false		unknown
https://www.google.com/async/newtab_promos	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGPW6u7EGIjBAQQosG8R7G8M0AHvrIR1lkm6Fcw1BxGoSSQ9JVnp2NGzLM73PS3Myy-LTxX0wrbgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://iyu59.com/	true		unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGPW6u7EGIjBervkNa0AJ1JcF-kQA0vDVvnJJSjAjxEgmkxaRf5Y_E6ZrAplngDA0yR-DRFp3EoAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://iyu59.com/vendor/vendor.23238u92u82.js	false	Avira URL Cloud: phishing	unknown
https://iyu59.com/favicon.ico	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
107.172.87.11	iyu59.com	United States	36352	AS-COLOCROSSINGUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.4.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1433043
Start date and time:	2024-04-29 01:35:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://iyu59.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@23/13@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.4.195, 142.250.111.84, 142.250.191.238, 34.104.35.123, 72.21.81.240, 199.232.210.172, 192.229.211.108, 13.85.23.206, 52.165.164.15, 142.250.190.3, 104.102.249.211, 104.102.249.139, 104.102.249.192, 104.102.249.202, 104.102.249.200, 104.102.249.147
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Source	URL
Screenshot	http://<UNKNOWNECI:000103>System.Byte[]</UNKNOWNECI>

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Apr 28 22:36:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.98682331827081
Encrypted:	false
SSDEEP:	48:8hwdpTxR2dHfidAKZdA19ehwiZUklqeh1y+3:8h+XAmy
MD5:	A880D700DEE3946155EE7CBEB58132F3
SHA1:	F8BDC68667D361211BF3D48150CC1078FB676C64
SHA-256:	D2B4ECAA7B000464537A3FC7E59EC6ACE0488157473AD14E08ACA675C695372C
SHA-512:	3CA638E88009F47B03E950335E8055705EBC96744030D0D5E1D694A37599871335F1CD223CDA7790970B36766E8DD3D981E7035F0FEE8CAD63AD3C558B12CCFE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....8.u....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Apr 28 22:36:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.003663887540904
Encrypted:	false
SSDEEP:	48:81sZwdpTxR2dHfidAKZdA1weh/iZUkAQkqehWy+2:8M+X69QLy
MD5:	0DAA5CBDC36B4727F99F4A5B65426195
SHA1:	AF311ED8576AAF40986FF54AF6DA7F33371FF012
SHA-256:	732B8E27ECDB7A319C7F54C1578395984556A1568FB95A8006B96E77D42578F4
SHA-512:	CA14DF7EF1047863E5A607EA78F5D3532E9BF551E21767B84A387BBC5E34ED5D04E4FB15FA7103A3289659DB4E552CD45EDFD18D7E70BFF45E41FE076B097C82
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....vg<....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.011648512415294
Encrypted:	false
SSDEEP:	48:8xZwdpTxRsHfidAKZdA14tseh7sFiZUkmgqeh7sEy+BX:8xZ+XOnqy
MD5:	D21500752C39211F01DDD6EAFFFE6664
SHA1:	6CA64E617FE8E8970E2671FBB20461F60E218A10
SHA-256:	3BCB0BD402AF5878B5C877787A6DFDD56C328F0355C28B0877EDCF9355990305
SHA-512:	52F70562640F5E849CCE525B1B8B955F78C13FE4B219BADD946B73166EDCA213C678C1F9B84824211C9FA89424CCD09822271D01D784840FB34DBCDFF82D525F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Apr 28 22:36:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.001656222029042
Encrypted:	false
SSDEEP:	48:8KwdpTxR2dHfidAKZdA1vehDiZUkwqehCy+R:8K+Xh8y
MD5:	A85A7F6C55D7471C7541C10A37D98502
SHA1:	1131760CF5929A73CD6A667FC613FBCB81269BC7
SHA-256:	B68C14C027CBA18737BE952DF371AE5AB0BDEACC5B6DCD1FAC1F9A9BF93CA525
SHA-512:	69A8B0645A8BDCA6924B38DFE1902127382765930A58F6E6B11632335E8CFF3EC61510A57F6A6B4F97163325A4BDB699CF531FB4D9EC7AB58A8D45776729A3B4
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....1.^....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Apr 28 22:36:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9901284502378354
Encrypted:	false
SSDEEP:	48:8AwdpTxR2dHfidAKZdA1hehBiZUk1W1qehIy+C:8A+Xh9oy
MD5:	C0D4FA1FB630B6C65E763C8395A6A703
SHA1:	E0C3B4460DDA86D302917B4387B558774E9BC69A
SHA-256:	F983F41CFB696A66F7341EBCD8EEDEEDB31F512420D542FA7618B19F3FC1DABF
SHA-512:	C333A0CE225DD18456CD9F08356908447CFDD2EFEBE5657335B39E491EA9EA9C6D662D60FA80A8554747B08586DCBCC20FECA417C81CBC35EA42E9BD48C4E8A7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....sJ....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Apr 28 22:36:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.00128094872614
Encrypted:	false
SSDEEP:	48:8UwdpTxR2dHfidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbqy+yT+:8U+XdT/TbxWOvTbqy7T
MD5:	8D3180E90540B551F463CA2621BD82F4
SHA1:	3CFF7D4AEBEF3DE14A3A68B1CB06EBAF2A805C3D
SHA-256:	EB988F459EB5C76673FE3B7786B8F1850AADB37EF42427BA0A7B17753C26A345
SHA-512:	28D056E2C411176117A08742D802A4805782AE6E2617A0C9721DA45625F43CF16C8E4FFAFE50B46ADC4D62B968056502C9B045B193DEC6703EF5A170A1616998
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....pQS....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3240)
Category:	downloaded
Size (bytes):	3245
Entropy (8bit):	5.81740788221127
Encrypted:	false
SSDEEP:	96:JlkliAUIN6666VUBOGXeKKO+g8+hbzFl9nf8nXhfQfffo:iTN6666VWXeKagPhbxXnEp
MD5:	610129F8D0EECBB18946CDF8775DE191
SHA1:	FCD487C220B4DA7CA98DAB273ACC8F868D6A6F36
SHA-256:	7FDB9368D14619F7F14DEE6C9F6B1F7100A6905737A5C6142CEF2FA8CBDCD30D
SHA-512:	2C5F5E83C37B2C178CAF5EED46E0B8595F0921A2C5563111676D7EE08169A4838BCDFE5F64AEB0477422B9A73BB571AB84550B47E489706384221EE7725549CF
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["nyt crossword clues","labaron philon alabama","bob bakish","manor lords sheep farm","troy franklin nfl draft","new movies streaming on netflix","prime energy drink","omaha nebraska tornadoes"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wYm1jNnhnEh1QcmVzaWRlbnQgb2YgUGFyYW1vdW50IEdsb2JhbDK7DWRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWNBQUFDQXdFQkFRRUFBQUFBQUFBQUFBQUZCZ01FQndnQ0FRRC94QUEwRUFBQkFnVUJCUVlGQXdVQUFBQUFBQUFCQWdNQUJBVVJFaUVHRXlJeFFWRmhjWUdoc1FjVUl6S1IwZUh4RlVKeXNzSC94QUFaQVFBQ0F3RUFBQUFBQUFBQUFBQUFB

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (325), with CRLF line terminators
Category:	downloaded
Size (bytes):	4981
Entropy (8bit):	5.113240961469081
Encrypted:	false
SSDEEP:	96:zDEqwrbv1+GtJ8VuCDJwSUZ+pO8/npbKdHR9BweSW5WRq1EB6eOkkCGomn:zDlMzkGf8VuCJpO8ktRoeSWoq1Ece39m
MD5:	48DE24BB73AF029E4812C12060509B28
SHA1:	E715A83CBF612971F0275FFDFBA2E45604BE742A
SHA-256:	AE9DA3C9A568A7B3602DC54E10C324166DB3ABE1D3A6892770D6CE6A7CC8C1C6
SHA-512:	FFE85C26D576B7FFBB6052BE6D26E8D48D354FC927D05A2395B0C88F0D87A56E7A5077CDBAEB905F10B17895ACA49353ED4E46B01D5061ECB514617069AA9900
Malicious:	false
Reputation:	low
URL:	https://iyu59.com/vendor/vendor.23238u92u82.js
Preview:	const e = window, t = document;..function y(){.. return 'aHR0cDovLzEyNy4wLjAuMQ==';..}..function x() {.. return history.pushState(null,'',window.location.assign(atob(y())))..}..function _n(i) {.. const r1 = /\./;.. let k = navigator, u=r1.test(i);.... return (undefined === i) ? 0 :.. (u===true) ? k[i.split('.')[0]][i.split('.')[1]] :.. k[i]..}..function i() {.. return "function" != typeof t.createElement.. ? t.createElement(arguments[0]).. : E.. ? t.createElementNS.call(t, "http://www.w3.org/2000/svg", arguments[0]).. : t.createElement.apply(t, arguments);..}..function cs() {.. var j = 'cookieEnabled'.. return !(_n(j) === true) ? 0 : 1;..}..function c(){.. var e = i("canvas");.. return !(!e.getContext \|\| !e.getContext("2d")) ? 1 : 0;..}..function g(){.. var e,t,r;.. if(c()){.. (e = i("canvas")),.. (t = e.getContext("webgl") \|\| e.getContext("experimental-webgl")),.. (r

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	22382
Entropy (8bit):	2.2117771924639604
Encrypted:	false
SSDEEP:	48:nq/LDQsHmq5crBEQB+PLH4euMerTHb+qvceiJqIsxOOBfHiqcfzO58Vpnh:qXQomseyHc7b+qvcHsxNwqcfzR
MD5:	576287A38D00E198B1E8B4881932BE10
SHA1:	8401D5110333717C59E4165D34DCE913EB117697
SHA-256:	3850A133BFE3AC48100036A9452F60BFC74538BD94CED9AA53DB40B5654749E5
SHA-512:	7EABF7ABF5A0655E714A7EA7B55D124A33B82246C0AD932099348CE5FF92A4FFB25106719DD2C3A6E56BEB856D1C1368D89234CFC68D89997BA35BEF26577B98
Malicious:	false
Reputation:	low
URL:	https://iyu59.com/favicon.ico
Preview:	......@@.... .(B..6... .... .....^B........ .h....S..(...@......... .............................................3..)3...3...3...3...3...3.......................3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3..)................................3...3...3...3...3...3...3...3...3...a:..................3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3.......................3...3...3...3...3...3...3...3...3...3...5...................5...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...............3...3...3...3...3...3...3...3...3...3...3...3...................\3..3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	22382
Entropy (8bit):	2.2117771924639604
Encrypted:	false
SSDEEP:	48:nq/LDQsHmq5crBEQB+PLH4euMerTHb+qvceiJqIsxOOBfHiqcfzO58Vpnh:qXQomseyHc7b+qvcHsxNwqcfzR
MD5:	576287A38D00E198B1E8B4881932BE10
SHA1:	8401D5110333717C59E4165D34DCE913EB117697
SHA-256:	3850A133BFE3AC48100036A9452F60BFC74538BD94CED9AA53DB40B5654749E5
SHA-512:	7EABF7ABF5A0655E714A7EA7B55D124A33B82246C0AD932099348CE5FF92A4FFB25106719DD2C3A6E56BEB856D1C1368D89234CFC68D89997BA35BEF26577B98
Malicious:	false
Reputation:	low
Preview:	......@@.... .(B..6... .... .....^B........ .h....S..(...@......... .............................................3..)3...3...3...3...3...3.......................3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3..)................................3...3...3...3...3...3...3...3...3...a:..................3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3.......................3...3...3...3...3...3...3...3...3...3...5...................5...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...............3...3...3...3...3...3...3...3...3...3...3...3...................\3..3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3...3.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 29, 2024 01:36:10.909002066 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:10.909357071 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:11.033967972 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:20.565936089 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:20.592216969 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:20.693948984 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:20.791328907 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.791376114 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:20.791429996 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.791548967 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.791598082 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:20.791771889 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.792032957 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.792047977 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:20.792373896 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.792387009 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:20.850383043 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.850451946 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:20.850513935 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.850737095 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.850754976 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:20.851411104 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.851438999 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:20.851500034 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.851752043 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:20.851757050 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.030760050 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.031116009 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.031147003 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.032130957 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.032207966 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.032588005 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.033329010 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.033337116 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.033462048 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.033525944 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.033868074 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.033875942 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.034786940 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.034862041 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.035751104 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.035826921 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.035912991 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.035919905 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.083688021 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.084518909 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.084542036 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.086070061 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.086127996 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.086544037 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.086620092 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.086710930 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.087565899 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.087941885 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.087948084 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.089271069 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.089385986 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.089732885 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.089826107 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.132114887 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.162925959 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.162933111 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.162935972 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.162947893 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.180994034 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.181021929 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.263633966 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.281977892 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.282113075 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.282181978 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.282207012 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.282237053 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.282274008 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.286066055 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.286206961 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.286225080 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.286263943 CEST	443	49707	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.286314964 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.286333084 CEST	49707	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.287828922 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.434722900 CEST	49713	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.434775114 CEST	443	49713	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.434973001 CEST	49713	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.435153961 CEST	49714	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.435204029 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.435256958 CEST	49714	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.435370922 CEST	49713	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.435384989 CEST	443	49713	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.435673952 CEST	49714	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.435693979 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.581033945 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.581120014 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.581197023 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.581370115 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.581438065 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.582405090 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.582426071 CEST	443	49708	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.582434893 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.582477093 CEST	49708	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.584671021 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.614244938 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.614306927 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.614325047 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.614415884 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.614458084 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.616173029 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.616197109 CEST	443	49709	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.616209030 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.616245031 CEST	49709	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.619231939 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.619255066 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.619333982 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.619556904 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.619569063 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.628117085 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.709021091 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.709065914 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.709103107 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.709152937 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.709158897 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.709264040 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.709289074 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.709341049 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.709419966 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.709965944 CEST	49710	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.709979057 CEST	443	49710	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.762792110 CEST	443	49713	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.765595913 CEST	49713	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.765633106 CEST	443	49713	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.766746998 CEST	443	49713	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.766809940 CEST	49713	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.768256903 CEST	49713	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.768318892 CEST	443	49713	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.768459082 CEST	49713	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.768465042 CEST	443	49713	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.772300005 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.772497892 CEST	49714	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.772521973 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.773638010 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.773699999 CEST	49714	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.774676085 CEST	49714	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.774732113 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.853506088 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.853790998 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.853809118 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.854258060 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.854638100 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.854729891 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.854767084 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.863408089 CEST	49713	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.900115967 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:21.964529037 CEST	49714	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:21.964548111 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:21.980724096 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:21.999361038 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:21.999448061 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:22.079806089 CEST	443	49713	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:22.079896927 CEST	443	49713	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:22.079962969 CEST	49713	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:22.089035988 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:22.089093924 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:22.089122057 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:22.089164019 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:22.089186907 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:22.089231968 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:22.089319944 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:22.089378119 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:22.089421988 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:22.105614901 CEST	49713	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:22.105657101 CEST	443	49713	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:22.108072042 CEST	49715	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:22.108095884 CEST	443	49715	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:22.114156008 CEST	49714	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:22.160120964 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:22.273638964 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:22.273663044 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:22.273675919 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:22.273741961 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:22.277502060 CEST	49714	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.205733061 CEST	49714	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.205770016 CEST	443	49714	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.225708008 CEST	49717	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.225748062 CEST	443	49717	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.225804090 CEST	49717	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.226001978 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.226042032 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.226094961 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.226360083 CEST	49717	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.226372004 CEST	443	49717	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.226845980 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.226862907 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.445954084 CEST	49720	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:24.445996046 CEST	443	49720	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:24.446048021 CEST	49720	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:24.446397066 CEST	49720	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:24.446407080 CEST	443	49720	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:24.548386097 CEST	443	49717	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.549444914 CEST	49717	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.549462080 CEST	443	49717	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.549797058 CEST	443	49717	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.553845882 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.559088945 CEST	49717	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.559159040 CEST	443	49717	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.559298038 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.559310913 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.559787989 CEST	49717	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.560457945 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.570420027 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.570591927 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.604110003 CEST	443	49717	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:24.632967949 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:24.681586981 CEST	443	49720	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:24.725673914 CEST	49720	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:24.725692034 CEST	443	49720	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:24.726238012 CEST	443	49720	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:24.727169037 CEST	49720	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:24.727252007 CEST	443	49720	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:24.886723042 CEST	49720	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:29.800884962 CEST	49721	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:29.800930023 CEST	443	49721	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:29.800991058 CEST	49721	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:29.807576895 CEST	49721	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:29.807591915 CEST	443	49721	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.045988083 CEST	443	49721	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.046061039 CEST	49721	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.065393925 CEST	49721	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.065418005 CEST	443	49721	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.066365004 CEST	443	49721	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.255179882 CEST	49721	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.296118975 CEST	443	49721	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.367676973 CEST	443	49721	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.367845058 CEST	443	49721	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.368104935 CEST	49721	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.388154984 CEST	49721	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.388175011 CEST	443	49721	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.435878038 CEST	49722	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.435930014 CEST	443	49722	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.436016083 CEST	49722	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.437937021 CEST	49722	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.437956095 CEST	443	49722	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.670248032 CEST	443	49722	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.670373917 CEST	49722	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.682682991 CEST	49722	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.682717085 CEST	443	49722	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.683609962 CEST	443	49722	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.685137987 CEST	49722	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.732115984 CEST	443	49722	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.887845039 CEST	443	49722	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.888036013 CEST	443	49722	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.890053988 CEST	49722	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.890227079 CEST	49722	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.890227079 CEST	49722	443	192.168.2.5	23.11.208.106
Apr 29, 2024 01:36:30.890260935 CEST	443	49722	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:30.890274048 CEST	443	49722	23.11.208.106	192.168.2.5
Apr 29, 2024 01:36:31.005290031 CEST	443	49717	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.005389929 CEST	443	49717	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.005711079 CEST	49717	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.006191015 CEST	49717	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.006207943 CEST	443	49717	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.006237030 CEST	49717	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.006381035 CEST	49717	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.057897091 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.100125074 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.123945951 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:31.124026060 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:31.124350071 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:31.128305912 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:31.128350973 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:31.217808962 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.217832088 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.217838049 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.217916965 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.217931032 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.217981100 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.217994928 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.277039051 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.376422882 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.376435995 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.376507044 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.376528978 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.376579046 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.376607895 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.376610994 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.376625061 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:31.376626015 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.376642942 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.376663923 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:31.785288095 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:31.785391092 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:32.828282118 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:32.828339100 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:32.828679085 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:32.896305084 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:32.958744049 CEST	49718	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:32.958776951 CEST	443	49718	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:33.819323063 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:33.819353104 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:33.819477081 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:33.819645882 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:33.819653988 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:33.934146881 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:33.976152897 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.141880989 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.142323971 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.142338037 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.143322945 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.143384933 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.144228935 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.144293070 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.144398928 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.144403934 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.271037102 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.310394049 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:34.310496092 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:34.311239004 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:34.311307907 CEST	443	49729	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:34.311436892 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:34.311773062 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:34.311805964 CEST	443	49729	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:34.361270905 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.361289978 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.361295938 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.361308098 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.361314058 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.361335039 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.361377001 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:34.361413002 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.361435890 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.361468077 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:34.361469030 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:34.361495972 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.361506939 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:34.361546993 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:34.460944891 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.460983992 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.460992098 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.461004019 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.461061001 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.461070061 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.461092949 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.462229967 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:34.462352037 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:34.567914963 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.621299982 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.621315002 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.621339083 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.621351957 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.621370077 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.621393919 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.621426105 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.621469021 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.621469021 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.629738092 CEST	443	49729	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:34.629823923 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:34.659439087 CEST	49726	443	192.168.2.5	107.172.87.11
Apr 29, 2024 01:36:34.659456968 CEST	443	49726	107.172.87.11	192.168.2.5
Apr 29, 2024 01:36:34.679924011 CEST	443	49720	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:34.680066109 CEST	443	49720	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:34.680125952 CEST	49720	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:34.681873083 CEST	49723	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:36:34.681899071 CEST	443	49723	40.68.123.157	192.168.2.5
Apr 29, 2024 01:36:34.955476999 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:34.955524921 CEST	443	49729	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:34.956610918 CEST	443	49729	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:34.956675053 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:34.957545996 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:34.957607985 CEST	443	49729	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:34.957915068 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:34.957927942 CEST	443	49729	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:35.133284092 CEST	49720	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:36:35.133312941 CEST	443	49720	172.217.4.196	192.168.2.5
Apr 29, 2024 01:36:35.310369968 CEST	443	49729	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:35.311039925 CEST	443	49729	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:35.311135054 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:35.397516966 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:35.397516966 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:36:35.397573948 CEST	443	49729	23.1.237.91	192.168.2.5
Apr 29, 2024 01:36:35.397630930 CEST	49729	443	192.168.2.5	23.1.237.91
Apr 29, 2024 01:37:11.516676903 CEST	49732	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:37:11.516760111 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:11.516860962 CEST	49732	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:37:11.517755985 CEST	49732	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:37:11.517795086 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:12.166229010 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:12.166322947 CEST	49732	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:37:12.240504026 CEST	49732	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:37:12.240546942 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:12.240859032 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:12.268594027 CEST	49732	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:37:12.316148996 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:12.805166960 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:12.805188894 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:12.805203915 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:12.805269003 CEST	49732	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:37:12.805315971 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:12.805341959 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:12.805414915 CEST	49732	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:37:12.812675953 CEST	49732	443	192.168.2.5	40.68.123.157
Apr 29, 2024 01:37:12.812704086 CEST	443	49732	40.68.123.157	192.168.2.5
Apr 29, 2024 01:37:24.506414890 CEST	49734	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:37:24.506454945 CEST	443	49734	172.217.4.196	192.168.2.5
Apr 29, 2024 01:37:24.506608963 CEST	49734	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:37:24.507051945 CEST	49734	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:37:24.507064104 CEST	443	49734	172.217.4.196	192.168.2.5
Apr 29, 2024 01:37:24.740071058 CEST	443	49734	172.217.4.196	192.168.2.5
Apr 29, 2024 01:37:24.740478039 CEST	49734	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:37:24.740495920 CEST	443	49734	172.217.4.196	192.168.2.5
Apr 29, 2024 01:37:24.740818024 CEST	443	49734	172.217.4.196	192.168.2.5
Apr 29, 2024 01:37:24.741142988 CEST	49734	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:37:24.741199970 CEST	443	49734	172.217.4.196	192.168.2.5
Apr 29, 2024 01:37:24.786267996 CEST	49734	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:37:34.744025946 CEST	443	49734	172.217.4.196	192.168.2.5
Apr 29, 2024 01:37:34.744107962 CEST	443	49734	172.217.4.196	192.168.2.5
Apr 29, 2024 01:37:34.744328976 CEST	49734	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:37:35.136853933 CEST	49734	443	192.168.2.5	172.217.4.196
Apr 29, 2024 01:37:35.136871099 CEST	443	49734	172.217.4.196	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 29, 2024 01:36:20.328973055 CEST	53	56078	1.1.1.1	192.168.2.5
Apr 29, 2024 01:36:20.344211102 CEST	53	62930	1.1.1.1	192.168.2.5
Apr 29, 2024 01:36:20.679202080 CEST	59461	53	192.168.2.5	1.1.1.1
Apr 29, 2024 01:36:20.679743052 CEST	58536	53	192.168.2.5	1.1.1.1
Apr 29, 2024 01:36:20.790591955 CEST	53	59461	1.1.1.1	192.168.2.5
Apr 29, 2024 01:36:20.790863991 CEST	53	58536	1.1.1.1	192.168.2.5
Apr 29, 2024 01:36:21.057341099 CEST	53	51194	1.1.1.1	192.168.2.5
Apr 29, 2024 01:36:21.214734077 CEST	55555	53	192.168.2.5	1.1.1.1
Apr 29, 2024 01:36:21.215138912 CEST	60617	53	192.168.2.5	1.1.1.1
Apr 29, 2024 01:36:21.406187057 CEST	53	55555	1.1.1.1	192.168.2.5
Apr 29, 2024 01:36:21.434097052 CEST	53	60617	1.1.1.1	192.168.2.5
Apr 29, 2024 01:36:33.626127958 CEST	51865	53	192.168.2.5	1.1.1.1
Apr 29, 2024 01:36:33.626669884 CEST	62442	53	192.168.2.5	1.1.1.1
Apr 29, 2024 01:36:33.801336050 CEST	53	62442	1.1.1.1	192.168.2.5
Apr 29, 2024 01:36:33.818416119 CEST	53	51865	1.1.1.1	192.168.2.5
Apr 29, 2024 01:36:41.600656986 CEST	53	51550	1.1.1.1	192.168.2.5
Apr 29, 2024 01:37:00.570450068 CEST	53	51134	1.1.1.1	192.168.2.5
Apr 29, 2024 01:37:20.177176952 CEST	53	55653	1.1.1.1	192.168.2.5
Apr 29, 2024 01:37:23.617542028 CEST	53	54018	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 29, 2024 01:36:20.679202080 CEST	192.168.2.5	1.1.1.1	0x3d05	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 29, 2024 01:36:20.679743052 CEST	192.168.2.5	1.1.1.1	0x9071	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 29, 2024 01:36:21.214734077 CEST	192.168.2.5	1.1.1.1	0xb65d	Standard query (0)	iyu59.com	A (IP address)	IN (0x0001)	false
Apr 29, 2024 01:36:21.215138912 CEST	192.168.2.5	1.1.1.1	0xd198	Standard query (0)	iyu59.com	65	IN (0x0001)	false
Apr 29, 2024 01:36:33.626127958 CEST	192.168.2.5	1.1.1.1	0x9c8b	Standard query (0)	iyu59.com	A (IP address)	IN (0x0001)	false
Apr 29, 2024 01:36:33.626669884 CEST	192.168.2.5	1.1.1.1	0xd3b9	Standard query (0)	iyu59.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 29, 2024 01:36:20.790591955 CEST	1.1.1.1	192.168.2.5	0x3d05	No error (0)	www.google.com		172.217.4.196	A (IP address)	IN (0x0001)	false
Apr 29, 2024 01:36:20.790863991 CEST	1.1.1.1	192.168.2.5	0x9071	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 29, 2024 01:36:21.406187057 CEST	1.1.1.1	192.168.2.5	0xb65d	No error (0)	iyu59.com		107.172.87.11	A (IP address)	IN (0x0001)	false
Apr 29, 2024 01:36:33.818416119 CEST	1.1.1.1	192.168.2.5	0x9c8b	No error (0)	iyu59.com		107.172.87.11	A (IP address)	IN (0x0001)	false
Apr 29, 2024 01:36:34.063812971 CEST	1.1.1.1	192.168.2.5	0xa58a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 29, 2024 01:36:34.063812971 CEST	1.1.1.1	192.168.2.5	0xa58a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 29, 2024 01:36:47.382684946 CEST	1.1.1.1	192.168.2.5	0x9865	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 29, 2024 01:36:47.382684946 CEST	1.1.1.1	192.168.2.5	0x9865	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 29, 2024 01:37:15.667896986 CEST	1.1.1.1	192.168.2.5	0x1716	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 29, 2024 01:37:15.667896986 CEST	1.1.1.1	192.168.2.5	0x1716	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 29, 2024 01:37:32.960200071 CEST	1.1.1.1	192.168.2.5	0xcdae	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 29, 2024 01:37:32.960200071 CEST	1.1.1.1	192.168.2.5	0xcdae	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

iyu59.com

https:

www.bing.com

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49707	172.217.4.196	443	5144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:21 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-28 23:36:21 UTC	1703	IN	HTTP/1.1 200 OK Date: Sun, 28 Apr 2024 23:36:21 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-OQ-M8iBj9o-3wdiX6fO4VA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-28 23:36:21 UTC	1703	IN	Data Raw: 63 61 64 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 79 74 20 63 72 6f 73 73 77 6f 72 64 20 63 6c 75 65 73 22 2c 22 6c 61 62 61 72 6f 6e 20 70 68 69 6c 6f 6e 20 61 6c 61 62 61 6d 61 22 2c 22 62 6f 62 20 62 61 6b 69 73 68 22 2c 22 6d 61 6e 6f 72 20 6c 6f 72 64 73 20 73 68 65 65 70 20 66 61 72 6d 22 2c 22 74 72 6f 79 20 66 72 61 6e 6b 6c 69 6e 20 6e 66 6c 20 64 72 61 66 74 22 2c 22 6e 65 77 20 6d 6f 76 69 65 73 20 73 74 72 65 61 6d 69 6e 67 20 6f 6e 20 6e 65 74 66 6c 69 78 22 2c 22 70 72 69 6d 65 20 65 6e 65 72 67 79 20 64 72 69 6e 6b 22 2c 22 6f 6d 61 68 61 20 6e 65 62 72 61 73 6b 61 20 74 6f 72 6e 61 64 6f 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 Data Ascii: cad)]}'["",["nyt crossword clues","labaron philon alabama","bob bakish","manor lords sheep farm","troy franklin nfl draft","new movies streaming on netflix","prime energy drink","omaha nebraska tornadoes"],["","","","","","","",""],[],{"google:clientda
2024-04-28 23:36:21 UTC	1549	IN	Data Raw: 64 55 52 31 42 57 5a 6d 52 4e 4d 6a 5a 4f 53 6e 64 68 4f 57 63 33 59 58 56 76 64 45 64 57 62 54 4a 35 4d 6d 39 43 64 54 5a 57 52 57 63 34 4c 30 6c 49 4d 58 52 42 52 46 6c 34 56 47 4a 47 55 47 5a 44 4c 33 5a 6a 62 6b 5a 46 57 44 5a 45 52 6b 31 47 52 46 68 47 55 46 52 7a 4b 7a 41 76 53 6b 70 44 55 32 35 6c 54 6d 39 36 51 33 70 6a 52 46 55 32 55 55 73 79 5a 46 46 30 4d 6c 59 7a 4d 6b 4a 50 56 54 42 77 56 32 63 34 53 55 78 54 63 6a 56 46 4d 58 5a 47 59 55 64 34 5a 7a 4a 74 55 56 42 69 64 32 64 77 54 48 56 7a 57 6b 78 52 51 56 4e 56 4f 56 4e 5a 62 33 6b 33 53 55 74 75 57 45 5a 77 54 6d 68 69 52 54 6b 34 55 55 31 51 53 55 52 36 62 6a 46 52 51 32 38 79 51 57 70 68 4b 31 52 74 63 6b 74 46 55 31 68 79 59 6a 67 76 53 6a 46 4f 51 31 70 6b 62 30 39 71 52 6e 68 58 55 Data Ascii: dUR1BWZmRNMjZOSndhOWc3YXVvdEdWbTJ5Mm9CdTZWRWc4L0lIMXRBRFl4VGJGUGZDL3ZjbkZFWDZERk1GRFhGUFRzKzAvSkpDU25lTm96Q3pjRFU2UUsyZFF0MlYzMkJPVTBwV2c4SUxTcjVFMXZGYUd4ZzJtUVBid2dwTHVzWkxRQVNVOVNZb3k3SUtuWEZwTmhiRTk4UU1QSUR6bjFRQ28yQWphK1RtcktFU1hyYjgvSjFOQ1pkb09qRnhXU
2024-04-28 23:36:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49708	172.217.4.196	443	5144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:21 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-28 23:36:21 UTC	1843	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGPW6u7EGIjBAQQosG8R7G8M0AHvrIR1lkm6Fcw1BxGoSSQ9JVnp2NGzLM73PS3Myy-LTxX0wrbgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI9bq7sQYQqrvP9QESBFG1Plo Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Sun, 28 Apr 2024 23:36:21 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-28-23; expires=Tue, 28-May-2024 23:36:21 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=QO3bU0MH6Tb9ua6op2TXhM2KUYD2UwqELgOM8A4DBa6J4o_LI-tJlFA9AWjKeU710pJgmcK4uinrq6XGcD3ApZSW624Q6FeYisMBbaRnIxAGVkJD0xScKfcu3eU1aJgI2UImaBiAmA20kwzQptQhYUGEnv0AHx8j-uYeO5RYvHg; expires=Mon, 28-Oct-2024 23:36:21 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-28 23:36:21 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49709	172.217.4.196	443	5144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:21 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-28 23:36:21 UTC	1761	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGPW6u7EGIjBervkNa0AJ1JcF-kQA0vDVvnJJSjAjxEgmkxaRf5Y_E6ZrAplngDA0yR-DRFp3EoAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI9bq7sQYQi-D9hgISBFG1Plo Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Sun, 28 Apr 2024 23:36:21 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-28-23; expires=Tue, 28-May-2024 23:36:21 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=PPFhAd32CWHF6vIAlie3jhrM2Dskl_QV_0WUL8eIH-w_f6QE5Za9KZ1dLee8umdtE4GFVGH_rUCRgE9pA57I7nsycnX56DcAKKpFrlt4qufbqbMFvf3vD24iJJah0MgHcG5z54RGPRNZoMIlrOm_TZwwXFpnfbbmkINE2Q0yBzA; expires=Mon, 28-Oct-2024 23:36:21 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-28 23:36:21 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49710	172.217.4.196	443	5144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:21 UTC	920	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGPW6u7EGIjBAQQosG8R7G8M0AHvrIR1lkm6Fcw1BxGoSSQ9JVnp2NGzLM73PS3Myy-LTxX0wrbgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-28-23; NID=513=QO3bU0MH6Tb9ua6op2TXhM2KUYD2UwqELgOM8A4DBa6J4o_LI-tJlFA9AWjKeU710pJgmcK4uinrq6XGcD3ApZSW624Q6FeYisMBbaRnIxAGVkJD0xScKfcu3eU1aJgI2UImaBiAmA20kwzQptQhYUGEnv0AHx8j-uYeO5RYvHg
2024-04-28 23:36:21 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Sun, 28 Apr 2024 23:36:21 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3183 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-28 23:36:21 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-04-28 23:36:21 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 79 51 55 52 6a 66 39 31 5a Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="yQURjf91Z
2024-04-28 23:36:21 UTC	1029	IN	Data Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49713	107.172.87.11	443	5144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:21 UTC	652	OUT	GET / HTTP/1.1 Host: iyu59.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-28 23:36:22 UTC	669	IN	HTTP/1.1 200 OK Date: Sun, 28 Apr 2024 23:36:21 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=1gc1tvasainfqefk48irullgit; path=/ Set-Cookie: _amkc=0358595a-6066-43a7-80d0-21888d5968f7; expires=Mon, 29-Apr-2024 00:01:22 GMT; Max-Age=1500; path=/; domain=iyu59.com Set-Cookie: 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D; expires=Mon, 29-Apr-2024 00:01:22 GMT; Max-Age=1500; path=/; domain=iyu59.com Upgrade: h2 Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2024-04-28 23:36:22 UTC	1105	IN	Data Raw: 34 34 35 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 Data Ascii: 445<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no, shrink-to-fit=no"> <meta name="X-UA-Compatible" content="IE=edg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49715	172.217.4.196	443	5144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:21 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGPW6u7EGIjBervkNa0AJ1JcF-kQA0vDVvnJJSjAjxEgmkxaRf5Y_E6ZrAplngDA0yR-DRFp3EoAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-28-23; NID=513=PPFhAd32CWHF6vIAlie3jhrM2Dskl_QV_0WUL8eIH-w_f6QE5Za9KZ1dLee8umdtE4GFVGH_rUCRgE9pA57I7nsycnX56DcAKKpFrlt4qufbqbMFvf3vD24iJJah0MgHcG5z54RGPRNZoMIlrOm_TZwwXFpnfbbmkINE2Q0yBzA
2024-04-28 23:36:22 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Sun, 28 Apr 2024 23:36:22 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3111 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-28 23:36:22 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-04-28 23:36:22 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 51 6f 35 73 55 2d 55 72 4c 52 43 30 79 37 4e 52 38 56 6a 4a 2d 45 30 74 68 4e 56 32 41 33 47 50 4f Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="Qo5sU-UrLRC0y7NR8VjJ-E0thNV2A3GPO
2024-04-28 23:36:22 UTC	957	IN	Data Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49714	107.172.87.11	443	5144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:22 UTC	692	OUT	GET /vendor/vendor.23238u92u82.js HTTP/1.1 Host: iyu59.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://iyu59.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=1gc1tvasainfqefk48irullgit; _amkc=0358595a-6066-43a7-80d0-21888d5968f7; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
2024-04-28 23:36:22 UTC	292	IN	HTTP/1.1 200 OK Date: Sun, 28 Apr 2024 23:36:22 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Tue, 06 Apr 2021 02:24:54 GMT ETag: "1375-5bf4485060980" Accept-Ranges: bytes Content-Length: 4981 Vary: Accept-Encoding Content-Type: application/javascript
2024-04-28 23:36:22 UTC	4981	IN	Data Raw: 63 6f 6e 73 74 20 65 20 3d 20 77 69 6e 64 6f 77 2c 20 74 20 3d 20 64 6f 63 75 6d 65 6e 74 3b 0d 0a 66 75 6e 63 74 69 6f 6e 20 79 28 29 7b 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 27 61 48 52 30 63 44 6f 76 4c 7a 45 79 4e 79 34 77 4c 6a 41 75 4d 51 3d 3d 27 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 78 28 29 20 7b 0d 0a 20 20 20 20 72 65 74 75 72 6e 20 68 69 73 74 6f 72 79 2e 70 75 73 68 53 74 61 74 65 28 6e 75 6c 6c 2c 27 27 2c 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 61 73 73 69 67 6e 28 61 74 6f 62 28 79 28 29 29 29 29 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 5f 6e 28 69 29 20 7b 0d 0a 20 20 20 20 63 6f 6e 73 74 20 72 31 20 3d 20 2f 5c 2e 2f 3b 0d 0a 20 20 20 20 6c 65 74 20 6b 20 3d 20 6e 61 76 69 67 61 74 6f 72 2c 20 75 3d 72 31 2e 74 65 73 74 Data Ascii: const e = window, t = document;function y(){ return 'aHR0cDovLzEyNy4wLjAuMQ==';}function x() { return history.pushState(null,'',window.location.assign(atob(y())))}function _n(i) { const r1 = /\./; let k = navigator, u=r1.test

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49717	107.172.87.11	443	5144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:24 UTC	905	OUT	GET /index.php?t=8ee8bbe33accbf341cd7c4492172fef66d3e7343069a3f07d5ebb7b7178b51c0 HTTP/1.1 Host: iyu59.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://iyu59.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=1gc1tvasainfqefk48irullgit; _amkc=0358595a-6066-43a7-80d0-21888d5968f7; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
2024-04-28 23:36:31 UTC	184	IN	HTTP/1.1 200 OK Date: Sun, 28 Apr 2024 23:36:24 GMT Server: Apache Connection: close Upgrade: h2 Connection: Upgrade Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49721	23.11.208.106	443

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:30 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-28 23:36:30 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=113237 Date: Sun, 28 Apr 2024 23:36:30 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49722	23.11.208.106	443

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:30 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-28 23:36:30 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=96726 Date: Sun, 28 Apr 2024 23:36:30 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-28 23:36:30 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49718	107.172.87.11	443	5144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:31 UTC	811	OUT	GET /favicon.ico HTTP/1.1 Host: iyu59.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://iyu59.com/index.php?t=8ee8bbe33accbf341cd7c4492172fef66d3e7343069a3f07d5ebb7b7178b51c0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=1gc1tvasainfqefk48irullgit; _amkc=0358595a-6066-43a7-80d0-21888d5968f7; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
2024-04-28 23:36:31 UTC	283	IN	HTTP/1.1 200 OK Date: Sun, 28 Apr 2024 23:36:31 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Wed, 04 Jan 2023 02:00:56 GMT ETag: "576e-5f1668e112600" Accept-Ranges: bytes Content-Length: 22382 Vary: Accept-Encoding Content-Type: image/x-icon
2024-04-28 23:36:31 UTC	7909	IN	Data Raw: 00 00 01 00 03 00 40 40 00 00 01 00 20 00 28 42 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 5e 42 00 00 10 10 00 00 01 00 20 00 68 04 00 00 06 53 00 00 28 00 00 00 40 00 00 00 80 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 33 00 ff 29 33 00 ff 8d 33 00 ff d1 33 00 ff fb 33 00 ff ff 33 00 ff ff 33 00 ff ff a8 92 ff cb ff ff ff ff ff ff ff ff ff ff ff ff aa 95 ff cb 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 Data Ascii: @@ (B6 ^B hS(@ 3)333333333333333333333333333333
2024-04-28 23:36:31 UTC	14473	IN	Data Raw: ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 35 03 ff ff ff ff ff fb ff ff ff ff 91 76 ff cf 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff f2 ef ff db ff ff ff ff ff ff ff ff fd fc ff ed 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 Data Ascii: 33333333333333335v3333333333333333333333333333333333333333

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49723	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:33 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8ySwWhYHEEYZGSf&MD=uG4tKcGy HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-28 23:36:34 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 789085ee-9831-4fba-bc05-067c058806b2 MS-RequestId: db24c96e-8b91-4546-b336-f81ed6fb88f7 MS-CV: UhRcj/QQdkKsnwqV.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 28 Apr 2024 23:36:33 GMT Connection: close Content-Length: 24490
2024-04-28 23:36:34 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-28 23:36:34 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49726	107.172.87.11	443	5144	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:34 UTC	505	OUT	GET /favicon.ico HTTP/1.1 Host: iyu59.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=1gc1tvasainfqefk48irullgit; _amkc=0358595a-6066-43a7-80d0-21888d5968f7; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
2024-04-28 23:36:34 UTC	283	IN	HTTP/1.1 200 OK Date: Sun, 28 Apr 2024 23:36:34 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Wed, 04 Jan 2023 02:00:56 GMT ETag: "576e-5f1668e112600" Accept-Ranges: bytes Content-Length: 22382 Vary: Accept-Encoding Content-Type: image/x-icon
2024-04-28 23:36:34 UTC	7909	IN	Data Raw: 00 00 01 00 03 00 40 40 00 00 01 00 20 00 28 42 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 5e 42 00 00 10 10 00 00 01 00 20 00 68 04 00 00 06 53 00 00 28 00 00 00 40 00 00 00 80 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 01 33 00 ff 29 33 00 ff 8d 33 00 ff d1 33 00 ff fb 33 00 ff ff 33 00 ff ff 33 00 ff ff a8 92 ff cb ff ff ff ff ff ff ff ff ff ff ff ff aa 95 ff cb 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 Data Ascii: @@ (B6 ^B hS(@ 3)333333333333333333333333333333
2024-04-28 23:36:34 UTC	14473	IN	Data Raw: ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 35 03 ff ff ff ff ff fb ff ff ff ff 91 76 ff cf 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff f2 ef ff db ff ff ff ff ff ff ff ff fd fc ff ed 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 ff ff 33 00 Data Ascii: 33333333333333335v3333333333333333333333333333333333333333

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.5	49729	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:36:34 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714347361084&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-04-28 23:36:34 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-04-28 23:36:34 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-04-28 23:36:35 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 82115360815F4AEAAA5FD11B6D965D9E Ref B: LAX311000109049 Ref C: 2024-04-28T23:36:35Z Date: Sun, 28 Apr 2024 23:36:35 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1714347395.213ee4ff

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49732	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-28 23:37:12 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8ySwWhYHEEYZGSf&MD=uG4tKcGy HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-28 23:37:12 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 0b1dbb6e-f933-407c-86b9-55836cc25528 MS-RequestId: 775649a8-27de-4588-ae58-ba02e0fe26a0 MS-CV: Dvmml5nbS0um78ie.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 28 Apr 2024 23:37:11 GMT Connection: close Content-Length: 25457
2024-04-28 23:37:12 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-28 23:37:12 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	01:36:10
Start date:	29/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	01:36:18
Start date:	29/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1996,i,4205315775780067847,8781418941483147223,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	01:36:19
Start date:	29/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	01:36:20
Start date:	29/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=2036,i,9588645296810091784,9140298293887751568,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	01:36:20
Start date:	29/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://iyu59.com/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://iyu59.com/vendor/vendor.23238u92u82.js	Avira URL Cloud: Label: phishing
Source: https://iyu59.com/favicon.ico	Avira URL Cloud: Label: phishing

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGPW6u7EGIjBAQQosG8R7G8M0AHvrIR1lkm6Fcw1BxGoSSQ9JVnp2NGzLM73PS3Myy-LTxX0wrbgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-28-23; NID=513=QO3bU0MH6Tb9ua6op2TXhM2KUYD2UwqELgOM8A4DBa6J4o_LI-tJlFA9AWjKeU710pJgmcK4uinrq6XGcD3ApZSW624Q6FeYisMBbaRnIxAGVkJD0xScKfcu3eU1aJgI2UImaBiAmA20kwzQptQhYUGEnv0AHx8j-uYeO5RYvHg
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: iyu59.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGPW6u7EGIjBervkNa0AJ1JcF-kQA0vDVvnJJSjAjxEgmkxaRf5Y_E6ZrAplngDA0yR-DRFp3EoAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-28-23; NID=513=PPFhAd32CWHF6vIAlie3jhrM2Dskl_QV_0WUL8eIH-w_f6QE5Za9KZ1dLee8umdtE4GFVGH_rUCRgE9pA57I7nsycnX56DcAKKpFrlt4qufbqbMFvf3vD24iJJah0MgHcG5z54RGPRNZoMIlrOm_TZwwXFpnfbbmkINE2Q0yBzA
Source: global traffic	HTTP traffic detected: GET /vendor/vendor.23238u92u82.js HTTP/1.1Host: iyu59.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://iyu59.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=1gc1tvasainfqefk48irullgit; _amkc=0358595a-6066-43a7-80d0-21888d5968f7; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Source: global traffic	HTTP traffic detected: GET /index.php?t=8ee8bbe33accbf341cd7c4492172fef66d3e7343069a3f07d5ebb7b7178b51c0 HTTP/1.1Host: iyu59.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://iyu59.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=1gc1tvasainfqefk48irullgit; _amkc=0358595a-6066-43a7-80d0-21888d5968f7; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iyu59.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iyu59.com/index.php?t=8ee8bbe33accbf341cd7c4492172fef66d3e7343069a3f07d5ebb7b7178b51c0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=1gc1tvasainfqefk48irullgit; _amkc=0358595a-6066-43a7-80d0-21888d5968f7; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8ySwWhYHEEYZGSf&MD=uG4tKcGy HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iyu59.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=1gc1tvasainfqefk48irullgit; _amkc=0358595a-6066-43a7-80d0-21888d5968f7; 62345ba76168db0033ce8ae6a90ce5a762956614=nwcMGFHjQc7nDOZDxhWlbg%3D%3D
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8ySwWhYHEEYZGSf&MD=uG4tKcGy HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: iyu59.com

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.11.208.106
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://iyu59.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 180, Parent PID: 5544

General

Chronological Activities

Windows Analysis Report
https://iyu59.com/