Edit tour

Windows Analysis Report
https://gist.github.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m

Overview

General Information

Sample URL:	https://gist.github.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m
Analysis ID:	1432169
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Found suspicious QR code URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4248 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2236,i,11054285937259490056,7033709406176175706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1952,i,1702136743850697031,13245467354693393187,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(%05)/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=860 --field-trial-handle=2008,i,12349818873830694159,1268196577353770583,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gist.github.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 14Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandboxStrict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 1; mode=blockContent-Type: text/plain; charset=utf-8X-GitHub-Request-Id: 316E:1AE214:125200:147244:662BB68AAccept-Ranges: bytesDate: Fri, 26 Apr 2024 14:13:32 GMTVia: 1.1 varnishX-Served-By: cache-gnv1820032-GNVX-Cache: MISSX-Cache-Hits: 0X-Timer: S1714140812.107839,VS0,VE138Vary: Authorization,Accept-Encoding,OriginAccess-Control-Allow-Origin: *Cross-Origin-Resource-Policy: cross-originX-Fastly-Request-ID: 083587746d6a1f67b2c4f3623b6df242835afb08Expires: Fri, 26 Apr 2024 14:18:32 GMTSource-Age: 0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: classification engine

Classification label: sus20.phis.win@29/4@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(%05)/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2236,i,11054285937259490056,7033709406176175706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1952,i,1702136743850697031,13245467354693393187,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=860 --field-trial-handle=2008,i,12349818873830694159,1268196577353770583,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gist.github.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2236,i,11054285937259490056,7033709406176175706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1952,i,1702136743850697031,13245467354693393187,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=860 --field-trial-handle=2008,i,12349818873830694159,1268196577353770583,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://gist.github.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
github.com	140.82.112.3	true	false	high
gist.githubusercontent.com	185.199.111.133	true	false	unknown
www.google.com	142.250.64.196	true	false	high
gist.github.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://gist.github.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGPTsrrEGIjBd9SG8FF89M4CzXW8hr1o5SgUmmE-vgqWz72M58Lh6C8lHO1J9fpw1Y1Plc3PmvtkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGPTsrrEGIjBdNSeLOI1TVNN_UZn_ZHFDIclR065SREe8jhoSetoCwaswoMREl_RX-g7mAscwCu4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://gist.githubusercontent.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.64.196	www.google.com	United States	15169	GOOGLEUS	false
140.82.112.3	github.com	United States	36459	GITHUBUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.199.111.133	gist.githubusercontent.com	Netherlands	54113	FASTLYUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432169
Start date and time:	2024-04-26 16:12:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://gist.github.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus20.phis.win@29/4@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.178.50.67, 142.250.217.174, 142.251.107.84, 34.104.35.123, 199.232.214.172, 192.229.211.108, 142.250.217.195, 142.250.64.142
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Source	URL
Screenshot	http://
Screenshot	http://<FNC1>()

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5296)
Category:	downloaded
Size (bytes):	5301
Entropy (8bit):	5.784292316524993
Encrypted:	false
SSDEEP:	96:zmlliRHIN6666XIIqLFwkh4Z6SH66662x/jahYSx1WDUDzfffQX:zaTN6666XIZLFwkGMSH66660xSx1WDkC
MD5:	148466A3C9A8C8805488F1D4473C7A52
SHA1:	2E6C8F768284495F7AEACF2AE3D1AE381381A9D1
SHA-256:	B32F3B0989488DCD3C7C664E5EAE51ECEFF0E75B3A02EC50D0C090384076633F
SHA-512:	929E2E2D2D4CC3A5657960689C61BB3AFE44FF58DA06009ECDE20410ABE049AD5F41D256FBB208580C8EB5FC7A77E55B11121E006CB105768A5ED5B16F44BA9E
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["nintendo garry mod","stock markets","general hospital nicholas chavez","nasa mars spiders","stetson bennett","home depot halloween skeleton dog","another crab treasure","espn nfl draft coverage"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWc5cWRjcTN3EhRGb290YmFsbCBxdWFydGVyYmFjazKHC2RhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBQzRBUUFNQklnQUNFUUVERVFIL3hBQWFBQUFDQXdFQkFBQUFBQUFBQUFBQUFBQUFCd1VHQ0FNRS84UUFMaEFBQVFNRUFBUUVCUVVCQUFBQUFBQUFBUUlEQkFBRkJoRVNJVEdCRTBGaG9RZENVWEdSTWxKeXNjRWkvOFFBR1FFQUFnTUJBQUFBQUFBQUF

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	14
Entropy (8bit):	3.3787834934861767
Encrypted:	false
SSDEEP:	3:eRbn:eRbn
MD5:	3BE7B8B182CCD96E48989B4E57311193
SHA1:	78FB38F212FA49029AFF24C669A39648D9B4E68B
SHA-256:	D5558CD419C8D46BDC958064CB97F963D1EA793866414C025906EC15033512ED
SHA-512:	F3781CBB4E9E190DF38C3FE7FA80BA69BF6F9DBAFB158E0426DD4604F2F1BA794450679005A38D0F9F1DAD0696E2F22B8B086B2D7D08A0F99BB4FD3B0F7ED5D8
Malicious:	false
Reputation:	low
URL:	https://gist.githubusercontent.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m
Preview:	404: Not Found

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 16:12:51.658008099 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 16:12:51.704978943 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 26, 2024 16:13:01.267378092 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 26, 2024 16:13:07.588893890 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.588932037 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.588987112 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.589032888 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.589054108 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.589102983 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.589274883 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.589303017 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.589359045 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.589418888 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.589472055 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.589539051 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.589698076 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.589724064 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.589778900 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.599920988 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.599941015 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.600250959 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.600261927 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.600644112 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.600666046 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.601387978 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.601424932 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.601653099 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.601667881 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.652492046 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.652517080 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.652576923 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.654685020 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.654712915 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.992871046 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.993164062 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.993175030 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.994704008 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.994790077 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.995148897 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.995723009 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.995848894 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.995857954 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.995985985 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.996129036 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.996156931 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.996177912 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.996362925 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.996370077 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.997051001 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.997126102 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.997683048 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.997776985 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.997934103 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.997940063 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.999322891 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:07.999612093 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:07.999636889 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.000096083 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.000195026 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.000293970 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.000617981 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.000713110 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.000894070 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.000900984 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.001025915 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.001038074 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.001848936 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.001914978 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.002307892 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.002391100 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.002518892 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.002579927 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.002993107 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.003073931 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.041178942 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.041630983 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.041671038 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.043119907 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.043209076 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.043739080 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.043817997 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.078906059 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.078922033 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.078931093 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.078932047 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.078960896 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.188307047 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.188313961 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.188323021 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.188335896 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.282128096 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.282407045 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.378875971 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.401927948 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.401981115 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.402010918 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.402064085 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.402086973 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.402173996 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.408723116 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.414630890 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.414680004 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.414686918 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.420883894 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.421087980 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.421483040 CEST	49736	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.421495914 CEST	443	49736	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.452147007 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.631191969 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.631329060 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.631416082 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.631467104 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.631489038 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.631536961 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.643645048 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.643712044 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.643729925 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.649641037 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.649723053 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.649821997 CEST	49737	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.649852037 CEST	443	49737	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.707861900 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.707950115 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.707958937 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.708364010 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.708416939 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.709712029 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.709712029 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.709728956 CEST	443	49735	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.709786892 CEST	49735	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.712349892 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.737139940 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.737204075 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.737234116 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.737485886 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.737762928 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.749670982 CEST	49734	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.749701023 CEST	443	49734	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.753122091 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.756144047 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.796159983 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.912635088 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.912744999 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.912873030 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.912940025 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.912962914 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.913227081 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.913980961 CEST	443	49738	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.914005041 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.914052963 CEST	49738	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.956155062 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.956279039 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.956347942 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.956367016 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.956537962 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:08.956593990 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.962023973 CEST	49739	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:13:08.962035894 CEST	443	49739	142.250.64.196	192.168.2.4
Apr 26, 2024 16:13:14.742990971 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:14.743020058 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:14.743093967 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:14.745002031 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:14.745013952 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:15.463628054 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:15.463831902 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:15.467807055 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:15.467830896 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:15.468070030 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:15.579519033 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.102394104 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.144118071 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.257837057 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.257873058 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.257973909 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.259572983 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.259588957 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.523976088 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.524081945 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.527080059 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.527108908 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.527461052 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.571649075 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.571674109 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.571687937 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.571748972 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.571758986 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.571796894 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.571820021 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.571849108 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.571863890 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.571863890 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.571873903 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.571903944 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.572160959 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.572169065 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.572221041 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.572226048 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.572246075 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.572293043 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.640722990 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.684120893 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.768032074 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.768151045 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.768274069 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.782954931 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.783016920 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.783055067 CEST	49747	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.783071995 CEST	443	49747	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.950407028 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.950445890 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.950462103 CEST	49744	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:16.950468063 CEST	443	49744	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:16.995512009 CEST	49750	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.995572090 CEST	443	49750	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:16.995760918 CEST	49750	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.996313095 CEST	49750	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:16.996335983 CEST	443	49750	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:17.252464056 CEST	443	49750	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:17.252573967 CEST	49750	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:17.254190922 CEST	49750	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:17.254214048 CEST	443	49750	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:17.254455090 CEST	443	49750	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:17.258727074 CEST	49750	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:17.300124884 CEST	443	49750	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:17.504153967 CEST	443	49750	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:17.504224062 CEST	443	49750	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:17.504278898 CEST	49750	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:17.505239964 CEST	49750	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:17.505264997 CEST	443	49750	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:17.505280018 CEST	49750	443	192.168.2.4	23.204.76.112
Apr 26, 2024 16:13:17.505285978 CEST	443	49750	23.204.76.112	192.168.2.4
Apr 26, 2024 16:13:30.832742929 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:30.832824945 CEST	443	49752	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:30.832925081 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:30.847152948 CEST	49753	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:30.847176075 CEST	443	49753	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:30.847244024 CEST	49753	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:30.847524881 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:30.847567081 CEST	443	49752	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:30.847815037 CEST	49753	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:30.847822905 CEST	443	49753	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.169755936 CEST	443	49753	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.175328016 CEST	443	49752	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.179480076 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.179492950 CEST	443	49752	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.179696083 CEST	49753	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.179712057 CEST	443	49753	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.181181908 CEST	443	49752	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.181266069 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.182481050 CEST	443	49753	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.182569981 CEST	49753	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.187046051 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.187139988 CEST	443	49752	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.189647913 CEST	49753	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.189870119 CEST	443	49753	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.189898014 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.189905882 CEST	443	49752	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.235953093 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.332518101 CEST	49753	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.332530975 CEST	443	49753	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.469902039 CEST	443	49752	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.470065117 CEST	443	49752	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.470460892 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.470601082 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.470613956 CEST	443	49752	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:31.470628023 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.470659971 CEST	49752	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.501455069 CEST	49753	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:31.630409956 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:31.630460024 CEST	443	49754	185.199.111.133	192.168.2.4
Apr 26, 2024 16:13:31.630568027 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:31.630850077 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:31.630865097 CEST	443	49754	185.199.111.133	192.168.2.4
Apr 26, 2024 16:13:31.917118073 CEST	443	49754	185.199.111.133	192.168.2.4
Apr 26, 2024 16:13:31.917557955 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:31.917577028 CEST	443	49754	185.199.111.133	192.168.2.4
Apr 26, 2024 16:13:31.919315100 CEST	443	49754	185.199.111.133	192.168.2.4
Apr 26, 2024 16:13:31.919392109 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:31.921443939 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:31.921571970 CEST	443	49754	185.199.111.133	192.168.2.4
Apr 26, 2024 16:13:31.921684027 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:31.962352037 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:31.962368965 CEST	443	49754	185.199.111.133	192.168.2.4
Apr 26, 2024 16:13:32.003423929 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:32.312710047 CEST	443	49754	185.199.111.133	192.168.2.4
Apr 26, 2024 16:13:32.313005924 CEST	443	49754	185.199.111.133	192.168.2.4
Apr 26, 2024 16:13:32.313076973 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:33.399951935 CEST	49754	443	192.168.2.4	185.199.111.133
Apr 26, 2024 16:13:33.399986029 CEST	443	49754	185.199.111.133	192.168.2.4
Apr 26, 2024 16:13:36.311362028 CEST	443	49753	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:36.311594963 CEST	443	49753	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:36.311661005 CEST	49753	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:38.081919909 CEST	49753	443	192.168.2.4	140.82.112.3
Apr 26, 2024 16:13:38.081960917 CEST	443	49753	140.82.112.3	192.168.2.4
Apr 26, 2024 16:13:53.963583946 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:53.963680029 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:53.963773966 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:53.964823961 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:53.964855909 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:54.678307056 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:54.678399086 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:54.682813883 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:54.682852030 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:54.683106899 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:54.704966068 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:54.752151966 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:55.382391930 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:55.382417917 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:55.382464886 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:55.382507086 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:55.382591009 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:55.382621050 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:55.382630110 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:55.382656097 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:55.382682085 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:55.382682085 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:55.382702112 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:55.382721901 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:55.382725954 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:55.382762909 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:55.399748087 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:55.399805069 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:13:55.399841070 CEST	49756	443	192.168.2.4	40.68.123.157
Apr 26, 2024 16:13:55.399856091 CEST	443	49756	40.68.123.157	192.168.2.4
Apr 26, 2024 16:14:08.752433062 CEST	49758	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:14:08.752476931 CEST	443	49758	142.250.64.196	192.168.2.4
Apr 26, 2024 16:14:08.752674103 CEST	49758	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:14:08.752877951 CEST	49758	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:14:08.752897978 CEST	443	49758	142.250.64.196	192.168.2.4
Apr 26, 2024 16:14:09.081659079 CEST	443	49758	142.250.64.196	192.168.2.4
Apr 26, 2024 16:14:09.082262993 CEST	49758	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:14:09.082302094 CEST	443	49758	142.250.64.196	192.168.2.4
Apr 26, 2024 16:14:09.082652092 CEST	443	49758	142.250.64.196	192.168.2.4
Apr 26, 2024 16:14:09.083100080 CEST	49758	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:14:09.083184958 CEST	443	49758	142.250.64.196	192.168.2.4
Apr 26, 2024 16:14:09.126108885 CEST	49758	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:14:10.657675982 CEST	49723	80	192.168.2.4	23.45.182.86
Apr 26, 2024 16:14:10.657749891 CEST	49724	80	192.168.2.4	23.45.182.86
Apr 26, 2024 16:14:10.782917976 CEST	80	49724	23.45.182.86	192.168.2.4
Apr 26, 2024 16:14:10.782989979 CEST	49724	80	192.168.2.4	23.45.182.86
Apr 26, 2024 16:14:10.782994032 CEST	80	49723	23.45.182.86	192.168.2.4
Apr 26, 2024 16:14:10.783132076 CEST	49723	80	192.168.2.4	23.45.182.86
Apr 26, 2024 16:14:19.079497099 CEST	443	49758	142.250.64.196	192.168.2.4
Apr 26, 2024 16:14:19.079570055 CEST	443	49758	142.250.64.196	192.168.2.4
Apr 26, 2024 16:14:19.079621077 CEST	49758	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:14:19.783540964 CEST	49758	443	192.168.2.4	142.250.64.196
Apr 26, 2024 16:14:19.783560991 CEST	443	49758	142.250.64.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 16:13:04.812438011 CEST	53	53136	1.1.1.1	192.168.2.4
Apr 26, 2024 16:13:05.425847054 CEST	53	63780	1.1.1.1	192.168.2.4
Apr 26, 2024 16:13:05.433634996 CEST	53956	53	192.168.2.4	1.1.1.1
Apr 26, 2024 16:13:05.433995008 CEST	63328	53	192.168.2.4	1.1.1.1
Apr 26, 2024 16:13:05.559226990 CEST	53	53956	1.1.1.1	192.168.2.4
Apr 26, 2024 16:13:05.559812069 CEST	53	63328	1.1.1.1	192.168.2.4
Apr 26, 2024 16:13:08.043745995 CEST	53	55867	1.1.1.1	192.168.2.4
Apr 26, 2024 16:13:23.566518068 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2024 16:13:30.684501886 CEST	52296	53	192.168.2.4	1.1.1.1
Apr 26, 2024 16:13:30.684896946 CEST	53138	53	192.168.2.4	1.1.1.1
Apr 26, 2024 16:13:30.811311007 CEST	53	53138	1.1.1.1	192.168.2.4
Apr 26, 2024 16:13:30.811880112 CEST	53	55078	1.1.1.1	192.168.2.4
Apr 26, 2024 16:13:30.828152895 CEST	53	52296	1.1.1.1	192.168.2.4
Apr 26, 2024 16:13:31.473246098 CEST	57049	53	192.168.2.4	1.1.1.1
Apr 26, 2024 16:13:31.473412037 CEST	53251	53	192.168.2.4	1.1.1.1
Apr 26, 2024 16:13:31.629720926 CEST	53	57049	1.1.1.1	192.168.2.4
Apr 26, 2024 16:13:31.629739046 CEST	53	53251	1.1.1.1	192.168.2.4
Apr 26, 2024 16:13:53.731909990 CEST	53	53597	1.1.1.1	192.168.2.4
Apr 26, 2024 16:14:04.458777905 CEST	53	57942	1.1.1.1	192.168.2.4
Apr 26, 2024 16:14:20.020648003 CEST	53	61103	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 16:13:05.433634996 CEST	192.168.2.4	1.1.1.1	0x20cc	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 16:13:05.433995008 CEST	192.168.2.4	1.1.1.1	0xfc7d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 16:13:30.684501886 CEST	192.168.2.4	1.1.1.1	0xffa	Standard query (0)	gist.github.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 16:13:30.684896946 CEST	192.168.2.4	1.1.1.1	0xef2b	Standard query (0)	gist.github.com	65	IN (0x0001)	false
Apr 26, 2024 16:13:31.473246098 CEST	192.168.2.4	1.1.1.1	0xfa57	Standard query (0)	gist.githubusercontent.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 16:13:31.473412037 CEST	192.168.2.4	1.1.1.1	0xca0e	Standard query (0)	gist.githubusercontent.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 16:13:05.559226990 CEST	1.1.1.1	192.168.2.4	0x20cc	No error (0)	www.google.com		142.250.64.196	A (IP address)	IN (0x0001)	false
Apr 26, 2024 16:13:05.559812069 CEST	1.1.1.1	192.168.2.4	0xfc7d	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 16:13:30.811311007 CEST	1.1.1.1	192.168.2.4	0xef2b	No error (0)	gist.github.com	github.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 16:13:30.828152895 CEST	1.1.1.1	192.168.2.4	0xffa	No error (0)	gist.github.com	github.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 16:13:30.828152895 CEST	1.1.1.1	192.168.2.4	0xffa	No error (0)	github.com		140.82.112.3	A (IP address)	IN (0x0001)	false
Apr 26, 2024 16:13:31.629720926 CEST	1.1.1.1	192.168.2.4	0xfa57	No error (0)	gist.githubusercontent.com		185.199.111.133	A (IP address)	IN (0x0001)	false
Apr 26, 2024 16:13:31.629720926 CEST	1.1.1.1	192.168.2.4	0xfa57	No error (0)	gist.githubusercontent.com		185.199.108.133	A (IP address)	IN (0x0001)	false
Apr 26, 2024 16:13:31.629720926 CEST	1.1.1.1	192.168.2.4	0xfa57	No error (0)	gist.githubusercontent.com		185.199.110.133	A (IP address)	IN (0x0001)	false
Apr 26, 2024 16:13:31.629720926 CEST	1.1.1.1	192.168.2.4	0xfa57	No error (0)	gist.githubusercontent.com		185.199.109.133	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

slscr.update.microsoft.com

fs.microsoft.com

gist.github.com

gist.githubusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	142.250.64.196	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:07 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 14:13:08 UTC	1843	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGPTsrrEGIjBd9SG8FF89M4CzXW8hr1o5SgUmmE-vgqWz72M58Lh6C8lHO1J9fpw1Y1Plc3PmvtkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI9OyusQYQsM7zngISBGaBmNw Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 14:13:08 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-14; expires=Sun, 26-May-2024 14:13:08 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=EfORLjInWglWF0qd9Ite87P1jeAdyf8bIXpAJIq3Yx-iNv3rHO1MEts3awvUlPnY-ToBfxryMENUpWV9liPRJfNv7iwbxTTlYY2nHimcqCEpAFIsNLss1aBioLWJYD0qYVsGSthRgZjfCz2jQ6QKUpzJ5hZlSpz3iHflCG9BLPo; expires=Sat, 26-Oct-2024 14:13:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 14:13:08 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	142.250.64.196	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:07 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 14:13:08 UTC	1703	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 14:13:08 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-nbTB3pICzLdKo5ECE2j-IA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-26 14:13:08 UTC	1703	IN	Data Raw: 31 34 62 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 69 6e 74 65 6e 64 6f 20 67 61 72 72 79 20 6d 6f 64 22 2c 22 73 74 6f 63 6b 20 6d 61 72 6b 65 74 73 22 2c 22 67 65 6e 65 72 61 6c 20 68 6f 73 70 69 74 61 6c 20 6e 69 63 68 6f 6c 61 73 20 63 68 61 76 65 7a 22 2c 22 6e 61 73 61 20 6d 61 72 73 20 73 70 69 64 65 72 73 22 2c 22 73 74 65 74 73 6f 6e 20 62 65 6e 6e 65 74 74 22 2c 22 68 6f 6d 65 20 64 65 70 6f 74 20 68 61 6c 6c 6f 77 65 65 6e 20 73 6b 65 6c 65 74 6f 6e 20 64 6f 67 22 2c 22 61 6e 6f 74 68 65 72 20 63 72 61 62 20 74 72 65 61 73 75 72 65 22 2c 22 65 73 70 6e 20 6e 66 6c 20 64 72 61 66 74 20 63 6f 76 65 72 61 67 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 Data Ascii: 14b5)]}'["",["nintendo garry mod","stock markets","general hospital nicholas chavez","nasa mars spiders","stetson bennett","home depot halloween skeleton dog","another crab treasure","espn nfl draft coverage"],["","","","","","","",""],[],{"google:clie
2024-04-26 14:13:08 UTC	1703	IN	Data Raw: 4e 32 74 49 59 6d 78 44 61 57 6c 70 63 48 42 58 61 46 5a 4a 65 58 49 30 61 31 46 6a 59 33 5a 53 64 48 4a 7a 52 31 4a 4b 53 31 56 4b 56 7a 52 30 63 46 4e 53 64 32 73 33 4e 57 46 51 56 54 59 78 4b 32 46 31 61 6e 70 6e 59 56 70 58 4e 46 4a 7a 53 56 4e 57 59 53 73 78 57 6e 42 35 65 56 4d 31 53 33 56 46 5a 56 68 4a 54 7a 4e 61 54 56 5a 45 65 6d 68 49 4e 32 78 47 55 6b 35 58 63 30 64 31 64 54 4e 4a 56 33 56 36 57 54 59 35 53 6b 5a 6c 65 6b 70 58 56 31 64 55 5a 56 51 76 52 58 45 72 57 48 52 54 4d 6c 6c 4c 4d 56 64 31 53 6a 56 4b 57 56 64 6d 52 6c 59 76 53 6d 59 72 52 46 68 6c 63 47 31 35 63 32 6c 55 52 47 4a 72 55 6d 30 72 53 6d 78 33 51 6d 46 4f 5a 46 56 78 4f 48 67 72 5a 44 42 30 52 54 6c 4f 5a 7a 46 68 63 30 5a 35 54 6a 49 77 65 6a 42 52 4d 31 56 73 4d 6b 68 Data Ascii: N2tIYmxDaWlpcHBXaFZJeXI0a1FjY3ZSdHJzR1JKS1VKVzR0cFNSd2s3NWFQVTYxK2F1anpnYVpXNFJzSVNWYSsxWnB5eVM1S3VFZVhJTzNaTVZEemhIN2xGUk5Xc0d1dTNJV3V6WTY5SkZlekpXV1dUZVQvRXErWHRTMllLMVd1SjVKWVdmRlYvSmYrRFhlcG15c2lURGJrUm0rSmx3QmFOZFVxOHgrZDB0RTlOZzFhc0Z5TjIwejBRM1VsMkh
2024-04-26 14:13:08 UTC	1703	IN	Data Raw: 6c 56 52 59 58 52 72 62 47 39 50 4d 57 39 4d 59 56 64 49 55 32 6c 4c 52 47 74 75 62 6a 42 77 5a 58 6c 77 63 56 42 42 4d 55 64 34 54 48 41 77 54 69 74 49 61 30 56 46 54 56 68 72 57 45 68 70 53 46 68 75 51 69 74 75 64 33 46 6a 65 55 35 52 57 48 70 4f 53 6c 64 7a 51 31 4a 4b 52 7a 4a 52 62 31 5a 6a 4e 7a 68 42 56 58 4e 6d 65 45 51 79 55 6b 5a 4f 4c 30 31 32 62 45 70 45 5a 6e 52 57 62 55 68 34 51 58 68 54 4e 33 46 61 53 48 6c 68 4f 55 70 61 62 79 74 30 53 33 56 76 5a 55 34 34 59 6c 6c 43 64 32 46 51 53 47 51 79 4d 54 6c 42 57 6b 78 54 4e 46 4e 57 54 33 46 49 61 6a 45 32 56 58 42 6b 54 6b 68 45 51 58 6c 7a 4d 6c 64 6a 59 6b 46 57 57 44 42 43 63 56 49 31 63 54 56 4c 53 33 46 78 63 54 52 52 4e 7a 55 79 59 6e 42 34 4e 6b 46 57 61 55 56 76 52 44 52 6f 5a 7a 42 59 Data Ascii: lVRYXRrbG9PMW9MYVdIU2lLRGtubjBwZXlwcVBBMUd4THAwTitIa0VFTVhrWEhpSFhuQitud3FjeU5RWHpOSldzQ1JKRzJRb1ZjNzhBVXNmeEQyUkZOL012bEpEZnRWbUh4QXhTN3FaSHlhOUpabyt0S3VvZU44YllCd2FQSGQyMTlBWkxTNFNWT3FIajE2VXBkTkhEQXlzMldjYkFWWDBCcVI1cTVLS3FxcTRRNzUyYnB4NkFWaUVvRDRoZzBY
2024-04-26 14:13:08 UTC	200	IN	Data Raw: 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: subtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","ENTITY","QUERY","ENTITY","QUERY"]}]
2024-04-26 14:13:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49734	142.250.64.196	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:07 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 14:13:08 UTC	1761	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGPTsrrEGIjBdNSeLOI1TVNN_UZn_ZHFDIclR065SREe8jhoSetoCwaswoMREl_RX-g7mAscwCu4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI9OyusQYQsb6BrAISBGaBmNw Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 14:13:08 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-14; expires=Sun, 26-May-2024 14:13:08 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=TUHqVqa0dwakUAfQYYBixKpYfhdsaPCAELnB6OXgrS6MXufvjN_a8YiSv60hFblZAgJnv_TRgoZc7oNGeOYeQsXXiwuJezXuSub2jtLjxHTk205psPLFAFkPeykD5qpQ9kby_kft2onqj0qKPEAfhYpV-9-5rE_PZAZc5WVK5DA; expires=Sat, 26-Oct-2024 14:13:08 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 14:13:08 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49737	142.250.64.196	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:08 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 14:13:08 UTC	1703	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 14:13:08 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-mGfZ_BGCeEeom7quUm4EjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-26 14:13:08 UTC	1703	IN	Data Raw: 31 34 62 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 69 6e 74 65 6e 64 6f 20 67 61 72 72 79 20 6d 6f 64 22 2c 22 73 74 6f 63 6b 20 6d 61 72 6b 65 74 73 22 2c 22 67 65 6e 65 72 61 6c 20 68 6f 73 70 69 74 61 6c 20 6e 69 63 68 6f 6c 61 73 20 63 68 61 76 65 7a 22 2c 22 6e 61 73 61 20 6d 61 72 73 20 73 70 69 64 65 72 73 22 2c 22 73 74 65 74 73 6f 6e 20 62 65 6e 6e 65 74 74 22 2c 22 68 6f 6d 65 20 64 65 70 6f 74 20 68 61 6c 6c 6f 77 65 65 6e 20 73 6b 65 6c 65 74 6f 6e 20 64 6f 67 22 2c 22 61 6e 6f 74 68 65 72 20 63 72 61 62 20 74 72 65 61 73 75 72 65 22 2c 22 65 73 70 6e 20 6e 66 6c 20 64 72 61 66 74 20 63 6f 76 65 72 61 67 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 Data Ascii: 14b5)]}'["",["nintendo garry mod","stock markets","general hospital nicholas chavez","nasa mars spiders","stetson bennett","home depot halloween skeleton dog","another crab treasure","espn nfl draft coverage"],["","","","","","","",""],[],{"google:clie
2024-04-26 14:13:08 UTC	1703	IN	Data Raw: 4e 32 74 49 59 6d 78 44 61 57 6c 70 63 48 42 58 61 46 5a 4a 65 58 49 30 61 31 46 6a 59 33 5a 53 64 48 4a 7a 52 31 4a 4b 53 31 56 4b 56 7a 52 30 63 46 4e 53 64 32 73 33 4e 57 46 51 56 54 59 78 4b 32 46 31 61 6e 70 6e 59 56 70 58 4e 46 4a 7a 53 56 4e 57 59 53 73 78 57 6e 42 35 65 56 4d 31 53 33 56 46 5a 56 68 4a 54 7a 4e 61 54 56 5a 45 65 6d 68 49 4e 32 78 47 55 6b 35 58 63 30 64 31 64 54 4e 4a 56 33 56 36 57 54 59 35 53 6b 5a 6c 65 6b 70 58 56 31 64 55 5a 56 51 76 52 58 45 72 57 48 52 54 4d 6c 6c 4c 4d 56 64 31 53 6a 56 4b 57 56 64 6d 52 6c 59 76 53 6d 59 72 52 46 68 6c 63 47 31 35 63 32 6c 55 52 47 4a 72 55 6d 30 72 53 6d 78 33 51 6d 46 4f 5a 46 56 78 4f 48 67 72 5a 44 42 30 52 54 6c 4f 5a 7a 46 68 63 30 5a 35 54 6a 49 77 65 6a 42 52 4d 31 56 73 4d 6b 68 Data Ascii: N2tIYmxDaWlpcHBXaFZJeXI0a1FjY3ZSdHJzR1JKS1VKVzR0cFNSd2s3NWFQVTYxK2F1anpnYVpXNFJzSVNWYSsxWnB5eVM1S3VFZVhJTzNaTVZEemhIN2xGUk5Xc0d1dTNJV3V6WTY5SkZlekpXV1dUZVQvRXErWHRTMllLMVd1SjVKWVdmRlYvSmYrRFhlcG15c2lURGJrUm0rSmx3QmFOZFVxOHgrZDB0RTlOZzFhc0Z5TjIwejBRM1VsMkh
2024-04-26 14:13:08 UTC	1703	IN	Data Raw: 6c 56 52 59 58 52 72 62 47 39 50 4d 57 39 4d 59 56 64 49 55 32 6c 4c 52 47 74 75 62 6a 42 77 5a 58 6c 77 63 56 42 42 4d 55 64 34 54 48 41 77 54 69 74 49 61 30 56 46 54 56 68 72 57 45 68 70 53 46 68 75 51 69 74 75 64 33 46 6a 65 55 35 52 57 48 70 4f 53 6c 64 7a 51 31 4a 4b 52 7a 4a 52 62 31 5a 6a 4e 7a 68 42 56 58 4e 6d 65 45 51 79 55 6b 5a 4f 4c 30 31 32 62 45 70 45 5a 6e 52 57 62 55 68 34 51 58 68 54 4e 33 46 61 53 48 6c 68 4f 55 70 61 62 79 74 30 53 33 56 76 5a 55 34 34 59 6c 6c 43 64 32 46 51 53 47 51 79 4d 54 6c 42 57 6b 78 54 4e 46 4e 57 54 33 46 49 61 6a 45 32 56 58 42 6b 54 6b 68 45 51 58 6c 7a 4d 6c 64 6a 59 6b 46 57 57 44 42 43 63 56 49 31 63 54 56 4c 53 33 46 78 63 54 52 52 4e 7a 55 79 59 6e 42 34 4e 6b 46 57 61 55 56 76 52 44 52 6f 5a 7a 42 59 Data Ascii: lVRYXRrbG9PMW9MYVdIU2lLRGtubjBwZXlwcVBBMUd4THAwTitIa0VFTVhrWEhpSFhuQitud3FjeU5RWHpOSldzQ1JKRzJRb1ZjNzhBVXNmeEQyUkZOL012bEpEZnRWbUh4QXhTN3FaSHlhOUpabyt0S3VvZU44YllCd2FQSGQyMTlBWkxTNFNWT3FIajE2VXBkTkhEQXlzMldjYkFWWDBCcVI1cTVLS3FxcTRRNzUyYnB4NkFWaUVvRDRoZzBY
2024-04-26 14:13:08 UTC	200	IN	Data Raw: 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: subtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","ENTITY","QUERY","ENTITY","QUERY"]}]
2024-04-26 14:13:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49738	142.250.64.196	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:08 UTC	912	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGPTsrrEGIjBd9SG8FF89M4CzXW8hr1o5SgUmmE-vgqWz72M58Lh6C8lHO1J9fpw1Y1Plc3PmvtkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-14; NID=513=EfORLjInWglWF0qd9Ite87P1jeAdyf8bIXpAJIq3Yx-iNv3rHO1MEts3awvUlPnY-ToBfxryMENUpWV9liPRJfNv7iwbxTTlYY2nHimcqCEpAFIsNLss1aBioLWJYD0qYVsGSthRgZjfCz2jQ6QKUpzJ5hZlSpz3iHflCG9BLPo
2024-04-26 14:13:08 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 14:13:08 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3186 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 14:13:08 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-04-26 14:13:08 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 57 6c 4a 63 5a 7a 32 69 48 Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="WlJcZz2iH
2024-04-26 14:13:08 UTC	1032	IN	Data Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49739	142.250.64.196	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:08 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGPTsrrEGIjBdNSeLOI1TVNN_UZn_ZHFDIclR065SREe8jhoSetoCwaswoMREl_RX-g7mAscwCu4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-14; NID=513=TUHqVqa0dwakUAfQYYBixKpYfhdsaPCAELnB6OXgrS6MXufvjN_a8YiSv60hFblZAgJnv_TRgoZc7oNGeOYeQsXXiwuJezXuSub2jtLjxHTk205psPLFAFkPeykD5qpQ9kby_kft2onqj0qKPEAfhYpV-9-5rE_PZAZc5WVK5DA
2024-04-26 14:13:08 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 14:13:08 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3114 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 14:13:08 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-04-26 14:13:08 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 6d 68 46 42 74 68 2d 30 39 65 6d 6e 63 32 42 76 6e 39 39 68 69 57 35 71 65 5a 4d 4a 30 77 59 50 62 Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="mhFBth-09emnc2Bvn99hiW5qeZMJ0wYPb
2024-04-26 14:13:08 UTC	960	IN	Data Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:16 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OpWnBnAlDhSbror&MD=bG3CEWts HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 14:13:16 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: d36f50fc-899b-4da0-843d-773c7b7f82d8 MS-RequestId: 37064ad7-9bc3-4ca7-a685-bd47d5f857e9 MS-CV: WfD7lgrsa0ui1xDZ.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 14:13:15 GMT Connection: close Content-Length: 24490
2024-04-26 14:13:16 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-26 14:13:16 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:16 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 14:13:16 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=60629 Date: Fri, 26 Apr 2024 14:13:16 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49750	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:17 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 14:13:17 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=60622 Date: Fri, 26 Apr 2024 14:13:17 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 14:13:17 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49752	140.82.112.3	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:31 UTC	756	OUT	GET /Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m HTTP/1.1 Host: gist.github.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 14:13:31 UTC	217	IN	HTTP/1.1 301 Moved Permanently Content-Length: 0 Location: https://gist.githubusercontent.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49754	185.199.111.133	443	4504	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:31 UTC	767	OUT	GET /Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m HTTP/1.1 Host: gist.githubusercontent.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 14:13:32 UTC	799	IN	HTTP/1.1 404 Not Found Connection: close Content-Length: 14 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block Content-Type: text/plain; charset=utf-8 X-GitHub-Request-Id: 316E:1AE214:125200:147244:662BB68A Accept-Ranges: bytes Date: Fri, 26 Apr 2024 14:13:32 GMT Via: 1.1 varnish X-Served-By: cache-gnv1820032-GNV X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1714140812.107839,VS0,VE138 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin X-Fastly-Request-ID: 083587746d6a1f67b2c4f3623b6df242835afb08 Expires: Fri, 26 Apr 2024 14:18:32 GMT Source-Age: 0
2024-04-26 14:13:32 UTC	14	IN	Data Raw: 34 30 34 3a 20 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: 404: Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49756	40.68.123.157	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 14:13:54 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OpWnBnAlDhSbror&MD=bG3CEWts HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 14:13:55 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: deb286ad-d1e4-4f45-986f-71946ad67da2 MS-RequestId: b132a881-e279-4ec3-9740-9c4e0bbcfa9f MS-CV: dbivCDUXMEuIjNuz.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 14:13:54 GMT Connection: close Content-Length: 25457
2024-04-26 14:13:55 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-26 14:13:55 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	16:12:55
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	16:13:02
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	16:13:02
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(%05)/
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	16:13:02
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2236,i,11054285937259490056,7033709406176175706,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	16:13:03
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1952,i,1702136743850697031,13245467354693393187,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	16:13:06
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=860 --field-trial-handle=2008,i,12349818873830694159,1268196577353770583,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	16:13:29
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gist.github.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: QR Code extractor	URL: http://
Source: QR Code extractor	URL: http://
Source: QR Code extractor	URL: http://<FNC1>()
Source: QR Code extractor	URL: http://<FNC1>()

Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGPTsrrEGIjBd9SG8FF89M4CzXW8hr1o5SgUmmE-vgqWz72M58Lh6C8lHO1J9fpw1Y1Plc3PmvtkyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-14; NID=513=EfORLjInWglWF0qd9Ite87P1jeAdyf8bIXpAJIq3Yx-iNv3rHO1MEts3awvUlPnY-ToBfxryMENUpWV9liPRJfNv7iwbxTTlYY2nHimcqCEpAFIsNLss1aBioLWJYD0qYVsGSthRgZjfCz2jQ6QKUpzJ5hZlSpz3iHflCG9BLPo
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGPTsrrEGIjBdNSeLOI1TVNN_UZn_ZHFDIclR065SREe8jhoSetoCwaswoMREl_RX-g7mAscwCu4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-14; NID=513=TUHqVqa0dwakUAfQYYBixKpYfhdsaPCAELnB6OXgrS6MXufvjN_a8YiSv60hFblZAgJnv_TRgoZc7oNGeOYeQsXXiwuJezXuSub2jtLjxHTk205psPLFAFkPeykD5qpQ9kby_kft2onqj0qKPEAfhYpV-9-5rE_PZAZc5WVK5DA
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OpWnBnAlDhSbror&MD=bG3CEWts HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m HTTP/1.1Host: gist.github.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m HTTP/1.1Host: gist.githubusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OpWnBnAlDhSbror&MD=bG3CEWts HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: gist.github.com
Source: global traffic	DNS traffic detected: DNS query: gist.githubusercontent.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://gist.github.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4248, Parent PID: 3732

General

Chronological Activities

Analysis Process: chrome.exePID: 3020, Parent PID: 1984

General

Chronological Activities

Analysis Process: chrome.exePID: 3512, Parent PID: 1984

General

Chronological Activities

Analysis Process: chrome.exePID: 4504, Parent PID: 4248

General

Chronological Activities

Analysis Process: chrome.exePID: 6196, Parent PID: 3020

Windows Analysis Report
https://gist.github.com/Tantalor93/6c5baab344acf237e72b231d50408f4a/raw/%207aa875ebcd3819772d0f1d36100c19fe3c786cd7/top-1m