Edit tour

Windows Analysis Report
http://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png

Overview

General Information

Sample URL:	http://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png
Analysis ID:	1432322
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,18241772392003969691,3527340219954677512,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://249208506065339175713065343682620339232232032338309340364496680261609853560675097851030655341200131817362917853377759200390001605154889513680026748787630195/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,12591886284558329287,1258321193834005041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714158956054&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 19:16:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FFsMXtRv0veEm1TQ7lAltYBPOFAivbZAeQLYpQMxm%2FTJ97X3GfZcB%2FNsEATHY3C8aBOihaF4F%2BYMwT5Z7Jrd1ooJqy9OuO%2FnQTBJKNKE%2B5d7SkMRs2TbSG5881T%2BraOqouc0t9qrsJhpxdo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 87a8e8b35e39743c-MIAalt-svc: h3=":443"; ma=86400

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49732 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@24/12@8/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,18241772392003969691,3527340219954677512,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://249208506065339175713065343682620339232232032338309340364496680261609853560675097851030655341200131817362917853377759200390001605154889513680026748787630195/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,12591886284558329287,1258321193834005041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,18241772392003969691,3527340219954677512,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,12591886284558329287,1258321193834005041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://publicmedia.springidx.com/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
publicmedia.springidx.com	172.67.71.192	true	false	unknown
www.google.com	142.250.217.228	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/async/newtab_promos	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGIH7r7EGIjDZ2PRBpv3E04Gu2DNLJ0x_ZM9z12-ltueYm_ZonjvWi0WXzIs9w7P_Trh0Lq7ZJ2oyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGIT7r7EGIjCIMBCX2du1l-W7a4jtwavOloLdvLYaGroV0LUejCmgGY4qiwkWix_G9JaqDpCYDW4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://a.nel.cloudflare.com/report/v4?s=%2FFsMXtRv0veEm1TQ7lAltYBPOFAivbZAeQLYpQMxm%2FTJ97X3GfZcB%2FNsEATHY3C8aBOihaF4F%2BYMwT5Z7Jrd1ooJqy9OuO%2FnQTBJKNKE%2B5d7SkMRs2TbSG5881T%2BraOqouc0t9qrsJhpxdo%3D	false		high
https://publicmedia.springidx.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.8.246	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.217.228	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432322
Start date and time:	2024-04-26 21:15:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@24/12@8/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.64.195, 142.250.189.142, 74.125.26.84, 34.104.35.123, 23.45.182.84, 192.229.211.108, 142.250.64.227, 72.21.81.240, 142.250.64.142
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:16:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9793262960641265
Encrypted:	false
SSDEEP:	48:8rdTjTvjKfHMidAKZdA19ehwiZUklqehyy+3:81Xpdy
MD5:	6F525AB7257D958D5758ECD41066224C
SHA1:	80036685DEEAFEE2C5E36E01953AAD543A2BBA6E
SHA-256:	9377B27AC654FDC34DADB7CB97C1E6C712CC8901C007B39AD107962FB790CF67
SHA-512:	06FC5B043762D01A996A215F251DA77FE520E24A890A473BCA8D0FB8843870B1B7DE2AF2CF75E86DBA53B1EF3984E396D687C124547B34727379DAC2634F2347
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....{.6....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\|._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:16:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9924422379498634
Encrypted:	false
SSDEEP:	48:82dTjTvjKfHMidAKZdA1weh/iZUkAQkqehNy+2:8eX79Qoy
MD5:	5D66A2B973B83894D2905BD6B79A3289
SHA1:	2AD70AC7188331A35885784467E5DF2A54C7D639
SHA-256:	6E07FEBE1CB7A3482C9D509D9E845FCE870AEE6A2103D55AF38120D4F0B05ABC
SHA-512:	20914B97F24425366A997D32D32BD45A62FFADF4351521EF76F41E5073B0F00B90DEE31D4E4E3AC225A6D2939019D4BAC352D8EEF4BC78E64E1F60376E2B3A63
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....s..6....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\|._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.003817439836035
Encrypted:	false
SSDEEP:	48:8x8dTjTvjsHMidAKZdA14tseh7sFiZUkmgqeh7sDy+BX:8x8XJn5y
MD5:	4D29C514DF3CE27D2DA71FBAFB1AE4C4
SHA1:	B1C4F904EE5F2E05D655FF94290775122D778CE1
SHA-256:	83DEC0E4489672A501EA06320B9C680C7A9FB00F2887F8AB5B66E6D0C11825C6
SHA-512:	B1492ACC09A645ACEBF0EAAF5C0140B68FC1EF1C69580C8F77CD768C9ED6D71C714B1B9FDB45C0B0F9587081F02C46027F785F524C3362C74761AC18851E4B3C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\|._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:16:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.991576284703845
Encrypted:	false
SSDEEP:	48:8ErAdTjTvjKfHMidAKZdA1vehDiZUkwqehBy+R:8NXYLy
MD5:	008383E2E4817C86024DF751B02FA176
SHA1:	E2A764C8221867969F9A52EDA167625A14522C65
SHA-256:	45D5D8E66D81CD2F8653D65C6AFC5B1B64AE6AB5E15EEA26361FCC870A38E1F5
SHA-512:	50BE981719A0B284A1BC1730DF59C17AA47F3D8BF16D1C9EEA6FAEBD1BC1F81C4AE44AF59FF4281FEDF9B3F1EC24F50A77F046E0806547D3B50485DBFD841352
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......~6....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\|._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:16:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9792201190653014
Encrypted:	false
SSDEEP:	48:8bdTjTvjKfHMidAKZdA1hehBiZUk1W1qeh/y+C:8FXI9fy
MD5:	C3763694DAADB9083CFB7F3DDFB73297
SHA1:	0D152CD4419B4CA6007ED6777142FCA59D97DA12
SHA-256:	C6BF2BB80157A4DD7824F27E9B3769D036FE14117D3B47635572E181FDD9B6B5
SHA-512:	9EC93B2E13B69915AA74CBE5986ECE524223A330E479EBD9BA5F1F9849F461AA7889EDAB8AE08B3BE9465DA12FFD33E64E1BE3FEA12B94E859AF3B927E4B5BEE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....t.6....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\|._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 18:16:17 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9886406612593865
Encrypted:	false
SSDEEP:	48:8gm8dTjTvjKfHMidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb5y+yT+:8gm8XmT/TbxWOvTb5y7T
MD5:	660B2A7271ADD687C94FA0D6CFDB8DF8
SHA1:	A312FD5057CC1DDAE026068A9BFDD196244E7056
SHA-256:	C72EA4D08224FA2A8F93C7271A9DF07036567AF70C1325356F60681483CAE1EB
SHA-512:	DA01B7D937F972A53CC638D98588569621BBD82A9E4B78C6ED0F9CDEA1FE13E1D2799C501AE8B3AC82BFF227DF20A9074BFF9863D7F2F726EE73978DA4C372D2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Ap6....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............\|._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (777)
Category:	downloaded
Size (bytes):	782
Entropy (8bit):	5.155629531981397
Encrypted:	false
SSDEEP:	24:wORDEhRpHRBHslgT9lCuABuoB7HHHHHHHYqmffffffo:wORmHRKlgZ01BuSEqmffffffo
MD5:	3A1F39A33FF1428EAAB39AEC25A86887
SHA1:	B53FCDC745EE124E21171FDDF46966FE1A3B2028
SHA-256:	84EEFBAE983BAFC59953E1D4BCEC6950B22D1032978FC46247FDB34647AC8987
SHA-512:	4E9941C0C607F4982E982DBE61FF8E1E53EDEC057DCC2754A7F52AEC77881E8E1CDD16CF2A1C822118CBF40E0D3C4B2EDD49BEB781834BA3658A3EE65A9314D2
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["jackson state coach tomekia reed","blizzard canceled blizzcon","layoffs bristol myers squibb","million dollar baby lyrics tommy richman","usc graduation ceremony","bucs draft picks","stellar blade ign","laguardia airport"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	555
Entropy (8bit):	4.733706330938003
Encrypted:	false
SSDEEP:	12:TjeRHVIdtklI5rJNGlTF5TF5TF5TF5TF5TFK:neRH68tTPTPTPTPTPTc
MD5:	8E2475714A8C50E73E39C173696FAEF5
SHA1:	01507B60A7B2C6B31357D61A5DFA2A8C13A6BBCF
SHA-256:	5F0CD11054B3A7149BCF5541743D54CC51C1635F7765D5E0727A0DF210768232
SHA-512:	7059BE1A2C36F14B30577ED6A8EFEEB45A3D7C5AF7077CFD435AB5B2E4293094DD54AC7C8DC6A2EECC322084AF0C9B2014C9F4E20B32427248F80B8EAC3789E4
Malicious:	false
Reputation:	low
URL:	https://publicmedia.springidx.com/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.19.4</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 70, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	4742
Entropy (8bit):	7.843868673322944
Encrypted:	false
SSDEEP:	96:v8TLPX0nn+4vxyGHeW1pQ45tySQ3+ZdRzKoD+kuisdQ+TYBox2ZsdGy:EXXinVym1pQ8yoZd1KoCTcWx2GMy
MD5:	695E485FA1A565694D9FE9A2E779258C
SHA1:	228992F89CACD34682B0BF7A9179537001DAFA4B
SHA-256:	2E07B326FA2BD7999032C62CD8376800FD7B49216FE20E39811864678C4E6867
SHA-512:	8C779982CD2FAAF21C64D58DC1CBB625E60B5DDEC408DD2DAAEF95C395B5E5F4578F827BF8B5B2448311AE7D858A9B7766EC3AFC31916AF44ABA023D01F01F4F
Malicious:	false
Reputation:	low
URL:	https://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png
Preview:	.PNG........IHDR...@...F......R......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b........3002.%.r0#.. +@.....7.._........g.bf.c...@,@g31B...........`h.y.......l,. ......h.{. ......h.{. ......h.{. ......h.{. ......h.{. .......4...P..i.j%.p..".............33.=.4..?....,.... .<........../.........#...."..?..qN..........&n>Fv....@..>..>.`.......F.....N..$.\.y...Tt.YX....../.a.....q.....',..?...8....1..........=.......YY...O .......Y..~....@..6..q....K~.<....*...'.N.......lE..R2.L.{6..q....K.\;..aV1if~aP...?......#...@D.....U........}.......3p.lr.<..<....j.LL.0#:B....0.5..d.....7gg..'N...J+..8..)j.b..w....1..@.=..+0.....K.=~..KXP`.=...@sP.../..+.{...=3..._?....6.'......g.....={..Y\L..C....~.BI..\&.<n.\f.....~....k.9?@..NB.....c+W...'....3c}]%%../_.>}.....zp..U........4...0}....?...+.V..2\|.%...776..........QS...o.=.......d.......f.. &..K...P.d..g._.y..........@o`.....3j..Z.jM.v..0..J..V..'.."lLE`.9.....'.^.z...[^^.......n._..4..es./.....`.M

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 21:16:06.218545914 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:06.218550920 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:06.312298059 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:15.907077074 CEST	49675	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:15.907077074 CEST	49674	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:16.117850065 CEST	49673	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:16.655008078 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:16.655076027 CEST	443	49710	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:16.655215025 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:16.656155109 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:16.656182051 CEST	443	49710	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:16.953425884 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:16.953484058 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:16.953814030 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:16.953823090 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:16.953911066 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:16.953969955 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:16.954530001 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:16.954545021 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:16.954895020 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:16.954912901 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.285689116 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.285976887 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.286005974 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.287030935 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.287091970 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.288254023 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.288315058 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.288505077 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.288513899 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.352891922 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.353171110 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.353183985 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.356527090 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.356580019 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.357089043 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.357167959 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.357353926 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.357364893 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.395600080 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:17.395692110 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:17.403234005 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.403259993 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.633600950 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.633629084 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.633699894 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.633774996 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.635441065 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:17.635495901 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.636123896 CEST	49711	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:17.636141062 CEST	443	49711	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:18.109662056 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:18.109766960 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:18.109827995 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:18.110013962 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:18.110066891 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:18.151087046 CEST	443	49710	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:18.171050072 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:18.171127081 CEST	443	49710	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:18.174729109 CEST	443	49710	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:18.174817085 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.010946989 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.011357069 CEST	443	49710	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.012144089 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.012192965 CEST	443	49710	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.058640003 CEST	49712	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.058703899 CEST	443	49712	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.065452099 CEST	49714	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.065485954 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.065540075 CEST	49714	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.066404104 CEST	49714	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.066416025 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.107618093 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.456052065 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.461133003 CEST	49714	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.461143970 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.461663008 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.469589949 CEST	49714	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.469688892 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.470035076 CEST	49714	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.512131929 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.557058096 CEST	443	49710	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.557146072 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.557734013 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.557820082 CEST	443	49710	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.557936907 CEST	49710	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.845885038 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.845953941 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.845979929 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.846010923 CEST	49714	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.846021891 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.846072912 CEST	49714	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.846524000 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.846611977 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.847881079 CEST	49714	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.848858118 CEST	49714	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.848877907 CEST	443	49714	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.935683012 CEST	49716	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.935710907 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:20.935836077 CEST	49716	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.936355114 CEST	49716	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:20.936369896 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:21.328793049 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:21.329134941 CEST	49716	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:21.329152107 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:21.329471111 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:21.330296040 CEST	49716	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:21.330358982 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:21.330687046 CEST	49716	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:21.376112938 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:21.720689058 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:21.720820904 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:21.720880032 CEST	49716	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:21.720899105 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:21.721172094 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:21.721224070 CEST	49716	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:25.571408033 CEST	49716	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:16:25.571434975 CEST	443	49716	142.250.217.228	192.168.2.5
Apr 26, 2024 21:16:25.926919937 CEST	49717	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:25.926959991 CEST	443	49717	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:25.927023888 CEST	49717	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:25.928874016 CEST	49717	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:25.928889036 CEST	443	49717	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.200556040 CEST	443	49717	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.200668097 CEST	49717	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.248506069 CEST	49717	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.248531103 CEST	443	49717	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.249687910 CEST	443	49717	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.360889912 CEST	49717	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.389172077 CEST	49717	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.436115980 CEST	443	49717	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.516904116 CEST	443	49717	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.517043114 CEST	443	49717	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.517249107 CEST	49717	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.529556036 CEST	49717	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.529556036 CEST	49717	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.529586077 CEST	443	49717	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.529602051 CEST	443	49717	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.585820913 CEST	49718	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.585850000 CEST	443	49718	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.588922977 CEST	49718	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.589190006 CEST	49718	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.589204073 CEST	443	49718	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.677617073 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:26.677647114 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:26.677894115 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:26.681780100 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:26.681792974 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:26.852440119 CEST	443	49718	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.852716923 CEST	49718	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.865786076 CEST	49718	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.865801096 CEST	443	49718	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.866852045 CEST	443	49718	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:26.871088028 CEST	49718	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:26.916124105 CEST	443	49718	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:27.098932028 CEST	443	49718	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:27.099132061 CEST	443	49718	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:27.099518061 CEST	49718	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:27.099746943 CEST	49718	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:27.099746943 CEST	49718	443	192.168.2.5	23.204.76.112
Apr 26, 2024 21:16:27.099761963 CEST	443	49718	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:27.099771023 CEST	443	49718	23.204.76.112	192.168.2.5
Apr 26, 2024 21:16:27.304404020 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:27.304611921 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:27.308799028 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:27.308813095 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:27.309300900 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:27.495528936 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:27.735150099 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:27.780163050 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.063971996 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:28.064270973 CEST	49703	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:28.067538977 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:28.067578077 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:28.067648888 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:28.068435907 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:28.068451881 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:28.139493942 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.139516115 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.139523983 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.139574051 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.139581919 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:28.139619112 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.139663935 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.139689922 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:28.139689922 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:28.139697075 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.139719963 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:28.139744043 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:28.140383005 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.140391111 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.140427113 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:28.140451908 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:28.140456915 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.140491009 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.140532017 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:28.269607067 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:28.269727945 CEST	443	49703	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:28.527180910 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:28.527206898 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.527218103 CEST	49719	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:16:28.527224064 CEST	443	49719	20.114.59.183	192.168.2.5
Apr 26, 2024 21:16:28.548788071 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:28.548860073 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:28.576039076 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:28.576060057 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:28.576591969 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:28.576659918 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:28.577231884 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:28.577263117 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:28.577538967 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:28.577548027 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:29.043349028 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:29.043499947 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:29.043638945 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:29.043684006 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:29.043715000 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:16:29.043770075 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:42.348467112 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.348504066 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.348556042 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.349139929 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.349148989 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.610156059 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.610583067 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.610601902 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.611799002 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.611861944 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.616214037 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.616282940 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.616513014 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.616523981 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.756336927 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.976841927 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.976996899 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.977047920 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.977073908 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.977160931 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.977221966 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.977229118 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.977392912 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:42.977443933 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.978132963 CEST	49727	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:42.978146076 CEST	443	49727	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:43.085942984 CEST	49728	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:43.086002111 CEST	443	49728	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:43.086144924 CEST	49728	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:43.086374044 CEST	49728	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:43.086388111 CEST	443	49728	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:43.344156027 CEST	443	49728	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:43.348180056 CEST	49728	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:43.348200083 CEST	443	49728	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:43.348705053 CEST	443	49728	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:43.405774117 CEST	49728	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:44.630301952 CEST	49728	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:44.630635977 CEST	443	49728	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:44.630964994 CEST	49728	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:44.676120996 CEST	443	49728	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:44.833074093 CEST	443	49728	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:44.833337069 CEST	443	49728	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:44.833394051 CEST	49728	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:44.965173006 CEST	49728	443	192.168.2.5	104.26.8.246
Apr 26, 2024 21:16:44.965193987 CEST	443	49728	104.26.8.246	192.168.2.5
Apr 26, 2024 21:16:45.039571047 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.039657116 CEST	443	49729	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.039747000 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.043620110 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.043656111 CEST	443	49729	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.374334097 CEST	443	49729	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.374670982 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.374692917 CEST	443	49729	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.375670910 CEST	443	49729	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.375726938 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.377399921 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.377446890 CEST	443	49729	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.377846956 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.377855062 CEST	443	49729	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.431317091 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.748070002 CEST	443	49729	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.748344898 CEST	443	49729	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.748414993 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.748482943 CEST	443	49729	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.748522043 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.748558044 CEST	49729	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.749131918 CEST	49731	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.749167919 CEST	443	49731	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:45.749305010 CEST	49731	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.749532938 CEST	49731	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:45.749555111 CEST	443	49731	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:46.076189995 CEST	443	49731	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:46.076742887 CEST	49731	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:46.076776028 CEST	443	49731	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:46.077094078 CEST	443	49731	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:46.078368902 CEST	49731	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:46.078459978 CEST	443	49731	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:46.078949928 CEST	49731	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:46.120120049 CEST	443	49731	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:46.419773102 CEST	443	49731	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:46.419858932 CEST	443	49731	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:46.419925928 CEST	49731	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:46.420677900 CEST	49731	443	192.168.2.5	35.190.80.1
Apr 26, 2024 21:16:46.420694113 CEST	443	49731	35.190.80.1	192.168.2.5
Apr 26, 2024 21:16:56.932486057 CEST	49724	443	192.168.2.5	23.1.237.91
Apr 26, 2024 21:16:56.932531118 CEST	443	49724	23.1.237.91	192.168.2.5
Apr 26, 2024 21:17:05.320462942 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:05.320559025 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:05.320633888 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:05.321191072 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:05.321225882 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:05.945935011 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:05.946135998 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:05.956562042 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:05.956608057 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:05.957494974 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:05.980530977 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:06.028121948 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:06.550376892 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:06.550431013 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:06.550470114 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:06.550504923 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:06.550564051 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:06.550600052 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:06.550622940 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:06.550633907 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:06.550662041 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:06.550693035 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:06.550723076 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:06.550723076 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:06.550748110 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:06.550842047 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:06.550892115 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:06.557373047 CEST	49732	443	192.168.2.5	20.114.59.183
Apr 26, 2024 21:17:06.557403088 CEST	443	49732	20.114.59.183	192.168.2.5
Apr 26, 2024 21:17:19.974055052 CEST	49734	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:17:19.974114895 CEST	443	49734	142.250.217.228	192.168.2.5
Apr 26, 2024 21:17:19.974488974 CEST	49734	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:17:19.976135969 CEST	49734	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:17:19.976155043 CEST	443	49734	142.250.217.228	192.168.2.5
Apr 26, 2024 21:17:20.364723921 CEST	443	49734	142.250.217.228	192.168.2.5
Apr 26, 2024 21:17:20.365099907 CEST	49734	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:17:20.365128040 CEST	443	49734	142.250.217.228	192.168.2.5
Apr 26, 2024 21:17:20.365478992 CEST	443	49734	142.250.217.228	192.168.2.5
Apr 26, 2024 21:17:20.365914106 CEST	49734	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:17:20.365994930 CEST	443	49734	142.250.217.228	192.168.2.5
Apr 26, 2024 21:17:20.418885946 CEST	49734	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:17:30.350323915 CEST	443	49734	142.250.217.228	192.168.2.5
Apr 26, 2024 21:17:30.350400925 CEST	443	49734	142.250.217.228	192.168.2.5
Apr 26, 2024 21:17:30.350529909 CEST	49734	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:17:30.875605106 CEST	49734	443	192.168.2.5	142.250.217.228
Apr 26, 2024 21:17:30.875638008 CEST	443	49734	142.250.217.228	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 21:16:15.639082909 CEST	53	53493	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:15.726773024 CEST	53	61912	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:16.526176929 CEST	50290	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:16:16.526309967 CEST	57340	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:16:16.654220104 CEST	53	57340	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:16.654284000 CEST	53	50290	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:17.177047968 CEST	53	58124	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:37.596498966 CEST	53	52334	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:41.953505039 CEST	65254	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:16:41.953828096 CEST	53627	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:16:42.083709955 CEST	53	53627	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:42.148026943 CEST	53	65254	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:42.219892979 CEST	61239	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:16:42.220277071 CEST	57090	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:16:42.347207069 CEST	53	57090	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:42.347305059 CEST	53	61239	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:44.880721092 CEST	58106	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:16:44.884310007 CEST	63064	53	192.168.2.5	1.1.1.1
Apr 26, 2024 21:16:45.005871058 CEST	53	58106	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:45.009578943 CEST	53	63064	1.1.1.1	192.168.2.5
Apr 26, 2024 21:16:56.585778952 CEST	53	62475	1.1.1.1	192.168.2.5
Apr 26, 2024 21:17:15.569386959 CEST	53	54719	1.1.1.1	192.168.2.5
Apr 26, 2024 21:17:18.982989073 CEST	53	64704	1.1.1.1	192.168.2.5
Apr 26, 2024 21:17:43.891333103 CEST	53	60912	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 21:16:16.526176929 CEST	192.168.2.5	1.1.1.1	0x39b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:16.526309967 CEST	192.168.2.5	1.1.1.1	0xcd3d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2024 21:16:41.953505039 CEST	192.168.2.5	1.1.1.1	0x71d7	Standard query (0)	publicmedia.springidx.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:41.953828096 CEST	192.168.2.5	1.1.1.1	0x90	Standard query (0)	publicmedia.springidx.com	65	IN (0x0001)	false
Apr 26, 2024 21:16:42.219892979 CEST	192.168.2.5	1.1.1.1	0x3c11	Standard query (0)	publicmedia.springidx.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:42.220277071 CEST	192.168.2.5	1.1.1.1	0x10da	Standard query (0)	publicmedia.springidx.com	65	IN (0x0001)	false
Apr 26, 2024 21:16:44.880721092 CEST	192.168.2.5	1.1.1.1	0x1ab1	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:44.884310007 CEST	192.168.2.5	1.1.1.1	0x512d	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 21:16:16.654220104 CEST	1.1.1.1	192.168.2.5	0xcd3d	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 26, 2024 21:16:16.654284000 CEST	1.1.1.1	192.168.2.5	0x39b	No error (0)	www.google.com	142.250.217.228	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:42.083709955 CEST	1.1.1.1	192.168.2.5	0x90	No error (0)	publicmedia.springidx.com		65	IN (0x0001)	false
Apr 26, 2024 21:16:42.148026943 CEST	1.1.1.1	192.168.2.5	0x71d7	No error (0)	publicmedia.springidx.com	172.67.71.192	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:42.148026943 CEST	1.1.1.1	192.168.2.5	0x71d7	No error (0)	publicmedia.springidx.com	104.26.9.246	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:42.148026943 CEST	1.1.1.1	192.168.2.5	0x71d7	No error (0)	publicmedia.springidx.com	104.26.8.246	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:42.347207069 CEST	1.1.1.1	192.168.2.5	0x10da	No error (0)	publicmedia.springidx.com		65	IN (0x0001)	false
Apr 26, 2024 21:16:42.347305059 CEST	1.1.1.1	192.168.2.5	0x3c11	No error (0)	publicmedia.springidx.com	104.26.8.246	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:42.347305059 CEST	1.1.1.1	192.168.2.5	0x3c11	No error (0)	publicmedia.springidx.com	104.26.9.246	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:42.347305059 CEST	1.1.1.1	192.168.2.5	0x3c11	No error (0)	publicmedia.springidx.com	172.67.71.192	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:16:45.005871058 CEST	1.1.1.1	192.168.2.5	0x1ab1	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

fs.microsoft.com

slscr.update.microsoft.com

https:

www.bing.com

publicmedia.springidx.com

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49711	142.250.217.228	443	6520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:17 UTC	623	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:16:17 UTC	1703	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 19:16:17 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-srwB5iqIRfmFmEawU04dpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-26 19:16:17 UTC	789	IN	Data Raw: 33 30 65 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6a 61 63 6b 73 6f 6e 20 73 74 61 74 65 20 63 6f 61 63 68 20 74 6f 6d 65 6b 69 61 20 72 65 65 64 22 2c 22 62 6c 69 7a 7a 61 72 64 20 63 61 6e 63 65 6c 65 64 20 62 6c 69 7a 7a 63 6f 6e 22 2c 22 6c 61 79 6f 66 66 73 20 62 72 69 73 74 6f 6c 20 6d 79 65 72 73 20 73 71 75 69 62 62 22 2c 22 6d 69 6c 6c 69 6f 6e 20 64 6f 6c 6c 61 72 20 62 61 62 79 20 6c 79 72 69 63 73 20 74 6f 6d 6d 79 20 72 69 63 68 6d 61 6e 22 2c 22 75 73 63 20 67 72 61 64 75 61 74 69 6f 6e 20 63 65 72 65 6d 6f 6e 79 22 2c 22 62 75 63 73 20 64 72 61 66 74 20 70 69 63 6b 73 22 2c 22 73 74 65 6c 6c 61 72 20 62 6c 61 64 65 20 69 67 6e 22 2c 22 6c 61 67 75 61 72 64 69 61 20 61 69 72 70 6f 72 74 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c Data Ascii: 30e)]}'["",["jackson state coach tomekia reed","blizzard canceled blizzcon","layoffs bristol myers squibb","million dollar baby lyrics tommy richman","usc graduation ceremony","bucs draft picks","stellar blade ign","laguardia airport"],["","","","","",
2024-04-26 19:16:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49712	142.250.217.228	443	6520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:17 UTC	526	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:16:18 UTC	1840	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGIH7r7EGIjDZ2PRBpv3E04Gu2DNLJ0x_ZM9z12-ltueYm_ZonjvWi0WXzIs9w7P_Trh0Lq7ZJ2oyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgoIgvuvsQYQnthLEgRmgZjc Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 19:16:18 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-19; expires=Sun, 26-May-2024 19:16:18 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=Rn4v3Blr6GMPeq0swbGqQemmhnpC3lWzgkYv9EdsuI0MtOr-iY0E2t-cT_eBUzAsR_tLfCizRtjU7kR-rpvow9_7Mszd2ASjT27ZYHeTh3FlKzYfK2r215MgtTaHLp4MCeMYX0Pyf8geH3xmKXn3tWKdTKHAnC2DF9TNq8kBv9E; expires=Sat, 26-Oct-2024 19:16:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 19:16:18 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49710	142.250.217.228	443	6520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:20 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:16:20 UTC	1761	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGIT7r7EGIjCIMBCX2du1l-W7a4jtwavOloLdvLYaGroV0LUejCmgGY4qiwkWix_G9JaqDpCYDW4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIhPuvsQYQopqc5gESBGaBmNw Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Fri, 26 Apr 2024 19:16:20 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-26-19; expires=Sun, 26-May-2024 19:16:20 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=adoHbYfAc54wbYcHPPKHcwh84jT3UxlW_p_eOCqBjwErJkMFrOfhNQrD24USWGO091wNg1M6wisuTGnRQ-FFtzZzqlGmvuTUIsR3B6VeRFBlDf_nw0W5mO6zOV9hm3fPneu-7qktVkjfWd4f-VGBGwbHabIuBcaC1_pk7oTR2Z4; expires=Sat, 26-Oct-2024 19:16:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49714	142.250.217.228	443	6520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:20 UTC	928	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGIH7r7EGIjDZ2PRBpv3E04Gu2DNLJ0x_ZM9z12-ltueYm_ZonjvWi0WXzIs9w7P_Trh0Lq7ZJ2oyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-19; NID=513=Rn4v3Blr6GMPeq0swbGqQemmhnpC3lWzgkYv9EdsuI0MtOr-iY0E2t-cT_eBUzAsR_tLfCizRtjU7kR-rpvow9_7Mszd2ASjT27ZYHeTh3FlKzYfK2r215MgtTaHLp4MCeMYX0Pyf8geH3xmKXn3tWKdTKHAnC2DF9TNq8kBv9E
2024-04-26 19:16:20 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 19:16:20 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3186 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 19:16:20 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-04-26 19:16:20 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 38 43 43 69 4e 79 4a 51 62 Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="8CCiNyJQb
2024-04-26 19:16:20 UTC	1032	IN	Data Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49716	142.250.217.228	443	6520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:21 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGIT7r7EGIjCIMBCX2du1l-W7a4jtwavOloLdvLYaGroV0LUejCmgGY4qiwkWix_G9JaqDpCYDW4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-26-19; NID=513=adoHbYfAc54wbYcHPPKHcwh84jT3UxlW_p_eOCqBjwErJkMFrOfhNQrD24USWGO091wNg1M6wisuTGnRQ-FFtzZzqlGmvuTUIsR3B6VeRFBlDf_nw0W5mO6zOV9hm3fPneu-7qktVkjfWd4f-VGBGwbHabIuBcaC1_pk7oTR2Z4
2024-04-26 19:16:21 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 26 Apr 2024 19:16:21 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3114 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 19:16:21 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-04-26 19:16:21 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 42 38 68 38 50 76 74 33 67 54 6c 4e 47 73 36 35 4e 30 59 4e 49 79 54 4f 49 72 2d 70 56 5a 73 64 58 Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="B8h8Pvt3gTlNGs65N0YNIyTOIr-pVZsdX
2024-04-26 19:16:21 UTC	960	IN	Data Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49717	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:26 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 19:16:26 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=42439 Date: Fri, 26 Apr 2024 19:16:26 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49718	23.204.76.112	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:26 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 19:16:27 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=42432 Date: Fri, 26 Apr 2024 19:16:27 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 19:16:27 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49719	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:27 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=apS6b9TCC5glpOb&MD=+oHyYF+M HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 19:16:28 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: eb9e01ac-491b-4279-84fb-0efb57352238 MS-RequestId: 670311bf-7c94-4f0d-b248-d93c3bfb8ce5 MS-CV: ky+bjX61AkKXJTXT.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 19:16:27 GMT Connection: close Content-Length: 24490
2024-04-26 19:16:28 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-26 19:16:28 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.5	49724	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:28 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714158956054&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-04-26 19:16:28 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-04-26 19:16:28 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-04-26 19:16:29 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 3FAFAB54989F4DC0AC56BB8487A62E47 Ref B: LAX311000110017 Ref C: 2024-04-26T19:16:28Z Date: Fri, 26 Apr 2024 19:16:28 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1714158988.12d83ba5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49727	104.26.8.246	443	6520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:42 UTC	707	OUT	GET /media/custom_media/mibor/mibor-logo.png HTTP/1.1 Host: publicmedia.springidx.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:16:42 UTC	621	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 19:16:42 GMT Transfer-Encoding: chunked Connection: close x-proxy-cache: MISS Last-Modified: Fri, 26 Apr 2024 13:52:17 GMT CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yOP36%2F5XIxrpmtbNYh892eyHoJPZ74oHJW6%2F08oFXWFTi%2F%2BLyw0ixS04FpOzRhomrhIO3RSqf6PrlnS%2FWnwE7rb63rnNzHT5z1Z%2F0EUT8bRcOUlLWGhO4tben9VSACvnV%2BleeE9Pj1rn7W8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87a8e8a7b8fcdb21-MIA alt-svc: h3=":443"; ma=86400
2024-04-26 19:16:42 UTC	748	IN	Data Raw: 31 32 38 36 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 46 08 02 00 00 00 f3 52 05 94 00 00 00 04 67 41 4d 41 00 00 af c8 37 05 8a e9 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 12 18 49 44 41 54 78 da 62 fc f4 fb df c9 f7 bf ff 33 30 30 32 0c 25 00 72 30 23 83 b5 20 2b 40 00 b1 dc ff f6 37 ed d2 97 5f ff 18 98 87 94 0f fe fe 67 e0 62 66 dc 63 c9 0f 10 40 2c 40 67 33 31 42 d1 d0 8a 01 88 83 01 02 88 05 88 99 60 68 88 79 00 cc 00 08 a0 a1 e5 6c 2c 00 20 80 86 bc 07 00 02 68 c8 7b 00 20 80 86 bc 07 00 02 68 c8 7b 00 20 80 86 bc 07 00 02 68 c8 7b 00 20 80 86 bc 07 00 02 68 c8 7b 00 20 80 86 bc 07 00 02 68 c8 7b 00 20 80 86 bc 07 00 02 88 34 0f 00 9b 50 ff Data Ascii: 1286PNGIHDR@FRgAMA7tEXtSoftwareAdobe ImageReadyqe<IDATxb3002%r0# +@7_gbfc@,@g31B`hyl, h{ h{ h{ h{ h{ 4P
2024-04-26 19:16:42 UTC	1369	IN	Data Raw: 6e 91 5c 66 2e cc 02 c2 7f 7e fd e2 fc f7 6b 87 39 3f 40 00 11 4e 42 df fe fe f7 14 63 2b 57 e1 02 b2 27 cd 9c ff f8 e9 33 63 7d 5d 25 25 a5 97 2f 5f 9e 3e 7d 1a c5 ab bf 7f fd 7a 70 fd cb 9e 55 df 8f ef f8 f7 f9 03 b3 a8 34 b3 90 18 30 7d fd 07 f9 f3 3f ae c4 e3 2b ce 56 ac 0c 32 7c da bc 25 b7 ee de 37 37 36 90 97 97 ff f8 f1 e3 f1 e3 c7 51 53 fd 9f df 8f 6f 7f 3d b0 fe eb e1 cd 7f df bd 64 16 16 e7 10 96 8c 95 66 03 08 20 26 82 d9 4b 80 85 a9 50 09 64 c1 d1 93 67 2e 5f bf 79 f4 c4 99 db f7 ee 03 b9 d5 d5 d5 40 6f 60 d5 f5 f3 ce e5 b7 33 6a 9e a4 5a bf 6a 4d f9 76 f6 00 30 f9 82 4a 15 16 56 b4 c1 27 a0 e1 22 6c 4c 45 60 d7 9f 39 7f e9 fc a5 ab 27 cf 5e b8 7a fd 16 90 5b 5e 5e ae a9 a9 89 d5 f0 df 8f 6e bd 5f d0 fe 34 c5 ee 65 73 e2 bf 2f 1f 01 02 88 89 Data Ascii: n\f.~k9?@NBc+W'3c}]%%/_>}zpU40}?+V2\|%776QSo=df &KPdg._y@o`3jZjMv0JV'"lLE`9'^z[^^n_4es/
2024-04-26 19:16:42 UTC	1369	IN	Data Raw: 60 78 48 48 48 64 64 24 b2 08 40 00 31 21 f2 ae 08 5b 98 14 28 91 6c d8 b6 eb 35 28 7b b1 40 b2 97 a7 8b 83 8c 94 24 f1 76 00 53 1a 30 21 01 2b 07 64 c1 84 84 04 77 77 90 43 37 ed dc 03 6c 3b 40 0a 7b 60 2a 72 75 b0 51 82 b5 4a 88 04 c0 48 00 b6 23 e1 5c 80 00 62 82 e5 5d 46 48 de bd 7c ed c6 a1 63 a7 20 c9 1d 92 bd 3c 9c ed 49 ed 22 02 63 00 18 0f 70 ae b4 b4 34 30 f9 02 19 37 ef dc db 77 e8 18 24 ef 02 6b 31 19 29 09 6f 37 27 52 0d 57 56 56 86 98 f6 0f dc c3 04 08 20 26 48 f0 c7 80 f3 2e b0 b0 07 16 9d bf 7f ff 61 62 02 e5 5d 60 ce 00 96 cd dc 5c 9c 64 74 73 81 0d 24 2d 2d 2d 08 1b d8 b8 57 50 50 00 b6 c0 81 86 03 ab 76 48 de 05 72 fd bd dd f8 f9 78 c9 30 3c 2d 2d cd c5 c5 05 d2 65 03 08 20 a6 9f ff 18 80 f5 6e 96 22 27 38 ef 1e bb 72 fd 16 2b 1b 2b d0 Data Ascii: `xHHHdd$@1![(l5({@$vS0!+dwwC7l;@{`*ruQJH#\b]FH\|c <I"cp407w$k1)o7'RWVV &H.ab]`\dts$---WPPvHrx0<--e n"'8r++
2024-04-26 19:16:42 UTC	1264	IN	Data Raw: 43 93 2e 22 11 61 66 6b 00 3b 69 5c 79 b7 0f fd 73 76 03 a6 f9 2e 02 0a fd 83 63 77 f3 3a 44 d8 f0 b3 a1 47 00 31 a1 65 38 60 fd d2 d4 d4 04 64 df bf 0f 9a 04 98 3c 79 32 30 fd 10 5b ab b3 b0 00 6d 05 3a 14 98 41 81 95 14 b0 c9 0e 69 51 03 53 f3 f9 f3 e7 81 e9 0d 52 83 9e 3d 7b 16 8f 21 c0 8a 12 12 63 2a 2a 2a 10 87 41 c8 ce ce 4e 60 c9 0b a9 9b 91 a7 0e 00 02 88 09 eb 10 15 30 2b 03 19 c0 b2 1f 5e e8 92 07 80 59 08 e8 68 60 56 06 16 0c c0 24 0a 71 c1 8a 15 2b 80 d9 1d 97 96 a5 4b 97 02 6b 06 60 cc 03 fd 8f 9c 84 80 91 09 2c 64 81 61 04 cc 42 40 17 c2 a5 00 02 08 7b 63 0e e8 dd be be 3e 48 e5 45 09 00 a6 28 48 da 03 a6 01 20 99 95 95 05 24 81 75 16 30 92 b1 aa 07 a6 3a 60 51 0b 64 04 07 07 eb e8 e8 a0 0c 78 fe f8 61 6f 6f 0f cc 09 90 3a 17 98 c8 21 e2 00 Data Ascii: C."afk;i\ysv.cw:DG1e8`d<y20[m:AiQSR={!c***AN`0+^Yh`V$q+Kk`,daB@{c>HE(H $u0:`Qdxaoo:!
2024-04-26 19:16:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49728	104.26.8.246	443	6520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:44 UTC	645	OUT	GET /favicon.ico HTTP/1.1 Host: publicmedia.springidx.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:16:44 UTC	601	IN	HTTP/1.1 404 Not Found Date: Fri, 26 Apr 2024 19:16:44 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FFsMXtRv0veEm1TQ7lAltYBPOFAivbZAeQLYpQMxm%2FTJ97X3GfZcB%2FNsEATHY3C8aBOihaF4F%2BYMwT5Z7Jrd1ooJqy9OuO%2FnQTBJKNKE%2B5d7SkMRs2TbSG5881T%2BraOqouc0t9qrsJhpxdo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87a8e8b35e39743c-MIA alt-svc: h3=":443"; ma=86400
2024-04-26 19:16:44 UTC	562	IN	Data Raw: 32 32 62 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 Data Ascii: 22b<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.19.4</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE
2024-04-26 19:16:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49729	35.190.80.1	443	6520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:45 UTC	566	OUT	OPTIONS /report/v4?s=%2FFsMXtRv0veEm1TQ7lAltYBPOFAivbZAeQLYpQMxm%2FTJ97X3GfZcB%2FNsEATHY3C8aBOihaF4F%2BYMwT5Z7Jrd1ooJqy9OuO%2FnQTBJKNKE%2B5d7SkMRs2TbSG5881T%2BraOqouc0t9qrsJhpxdo%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://publicmedia.springidx.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:16:45 UTC	336	IN	HTTP/1.1 200 OK content-length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Fri, 26 Apr 2024 19:16:45 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49731	35.190.80.1	443	6520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:16:46 UTC	498	OUT	POST /report/v4?s=%2FFsMXtRv0veEm1TQ7lAltYBPOFAivbZAeQLYpQMxm%2FTJ97X3GfZcB%2FNsEATHY3C8aBOihaF4F%2BYMwT5Z7Jrd1ooJqy9OuO%2FnQTBJKNKE%2B5d7SkMRs2TbSG5881T%2BraOqouc0t9qrsJhpxdo%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 479 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:16:46 UTC	479	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 33 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 37 38 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 70 75 62 6c 69 63 6d 65 64 69 61 2e 73 70 72 69 6e 67 69 64 78 2e 63 6f 6d 2f 6d 65 64 69 61 2f 63 75 73 74 6f 6d 5f 6d 65 64 69 61 2f 6d 69 62 6f 72 2f 6d 69 62 6f 72 2d 6c 6f 67 6f 2e 70 6e 67 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 36 2e 38 2e 32 34 36 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 Data Ascii: [{"age":3,"body":{"elapsed_time":1787,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png","sampling_fraction":1.0,"server_ip":"104.26.8.246","status_code":404,"t
2024-04-26 19:16:46 UTC	168	IN	HTTP/1.1 200 OK content-length: 0 date: Fri, 26 Apr 2024 19:16:46 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49732	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:17:05 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=apS6b9TCC5glpOb&MD=+oHyYF+M HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 19:17:06 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 71697c97-4e25-43fa-9c51-5f0484be6c1c MS-RequestId: 04bb71bc-83da-489d-9603-c057f6f92923 MS-CV: pSK/K/lRFU6YvNrb.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 19:17:06 GMT Connection: close Content-Length: 25457
2024-04-26 19:17:06 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-26 19:17:06 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	21:16:06
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	21:16:14
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,18241772392003969691,3527340219954677512,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	21:16:15
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://249208506065339175713065343682620339232232032338309340364496680261609853560675097851030655341200131817362917853377759200390001605154889513680026748787630195/
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	21:16:15
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2032,i,12591886284558329287,1258321193834005041,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	21:16:40
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGIH7r7EGIjDZ2PRBpv3E04Gu2DNLJ0x_ZM9z12-ltueYm_ZonjvWi0WXzIs9w7P_Trh0Lq7ZJ2oyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-19; NID=513=Rn4v3Blr6GMPeq0swbGqQemmhnpC3lWzgkYv9EdsuI0MtOr-iY0E2t-cT_eBUzAsR_tLfCizRtjU7kR-rpvow9_7Mszd2ASjT27ZYHeTh3FlKzYfK2r215MgtTaHLp4MCeMYX0Pyf8geH3xmKXn3tWKdTKHAnC2DF9TNq8kBv9E
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGIT7r7EGIjCIMBCX2du1l-W7a4jtwavOloLdvLYaGroV0LUejCmgGY4qiwkWix_G9JaqDpCYDW4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-19; NID=513=adoHbYfAc54wbYcHPPKHcwh84jT3UxlW_p_eOCqBjwErJkMFrOfhNQrD24USWGO091wNg1M6wisuTGnRQ-FFtzZzqlGmvuTUIsR3B6VeRFBlDf_nw0W5mO6zOV9hm3fPneu-7qktVkjfWd4f-VGBGwbHabIuBcaC1_pk7oTR2Z4
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=apS6b9TCC5glpOb&MD=+oHyYF+M HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /media/custom_media/mibor/mibor-logo.png HTTP/1.1Host: publicmedia.springidx.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: publicmedia.springidx.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.pngAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=apS6b9TCC5glpOb&MD=+oHyYF+M HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: publicmedia.springidx.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6284, Parent PID: 5680

General

Chronological Activities

Analysis Process: chrome.exePID: 6520, Parent PID: 6284

General

Chronological Activities

Windows Analysis Report
http://publicmedia.springidx.com/media/custom_media/mibor/mibor-logo.png