Edit tour

Windows Analysis Report
https://ir.shareaholic.com/e?a=1&u=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1

Overview

General Information

Sample URL:	https://ir.shareaholic.com/e?a=1&u=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1
Analysis ID:	1396998
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Form action URLs do not match main URL

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Classification

×

Process Tree

System is w10x64native

chrome.exe (PID: 2544 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 464953824E644F10FFDC9E093FD18F94)

chrome.exe (PID: 3360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1656,4161156890332825623,16311060440526564371,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)

chrome.exe (PID: 8064 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ir.shareaholic.com/e?a=1&u=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1 MD5: 464953824E644F10FFDC9E093FD18F94)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site detected (based on favicon image match)

Source: https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork

Matcher: Template: microsoft matched with high similarity

Source: https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork

HTTP Parser: Form action: https://login.microsoftonline.com/common/login sso microsoftonline

Source: https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

Source: https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork

HTTP Parser: Number of links: 0

Source: https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork

HTTP Parser: Title: Loading... does not match URL

Source: https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork

HTTP Parser: No <meta name="author".. found

Source: https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork

HTTP Parser: No <meta name="copyright".. found

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=94.0.4606.61&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-94.0.4606.61Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /e?a=1&u=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1 HTTP/1.1Host: ir.shareaholic.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork HTTP/1.1Host: sso.collegeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sso.college/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"Origin: https://sso.collegesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://sso.college/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"Origin: https://sso.collegesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://sso.college/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://sso.college/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"Origin: https://sso.collegesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://sso.college/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sso.college/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-xml.php?url=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork HTTP/1.1Host: acrobatsign.replit.appConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sso.college/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20= HTTP/1.1Host: adobesign.acrobat.collegeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://sso.college/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20= HTTP/1.1Host: adobesign.acrobat.collegeConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://adobesign.acrobat.college/?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: KvE9vW="ZWI2YTdkODYtYjRiMS00NWMxLTlkMTAtMGVlNzhiODczMjNmOmM5ZTQ0Yjc3LTE2MjgtNDU4My05ZTU4LTRiMmJmODFlMGE5ZA=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"Origin: https://login.microsoftonline.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.microsoftonline.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979

Source: global traffic	TCP traffic: 192.168.11.20:61460 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:61460 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:61460 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:61460 -> 239.255.255.250:1900

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 29409Cache-Control: max-age=3600Content-Type: text/html; charset=utf-8Etag: "42dda7675ddda56a0527d93e7dba7aaefd4c233525d3ecf2c4d0385868259067"Last-Modified: Sun, 28 Jan 2024 22:12:18 GMTStrict-Transport-Security: max-age=31556926Accept-Ranges: bytesDate: Thu, 22 Feb 2024 14:20:14 GMTX-Served-By: cache-lax-kwhp1940099-LAXX-Cache: MISSX-Cache-Hits: 0X-Timer: S1708611615.593293,VS0,VE110Vary: x-fh-requested-host, accept-encodingalt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57725
Source: unknown	Network traffic detected: HTTP traffic on port 62082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50253
Source: unknown	Network traffic detected: HTTP traffic on port 57725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63579 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63807
Source: unknown	Network traffic detected: HTTP traffic on port 58622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 64422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59756
Source: unknown	Network traffic detected: HTTP traffic on port 51970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58622
Source: unknown	Network traffic detected: HTTP traffic on port 59335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59640
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64422
Source: unknown	Network traffic detected: HTTP traffic on port 63807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63579
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56813
Source: unknown	Network traffic detected: HTTP traffic on port 63667 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56344
Source: unknown	Network traffic detected: HTTP traffic on port 62536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63667
Source: unknown	Network traffic detected: HTTP traffic on port 61013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51970
Source: unknown	Network traffic detected: HTTP traffic on port 56344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55416
Source: unknown	Network traffic detected: HTTP traffic on port 57796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62866
Source: unknown	Network traffic detected: HTTP traffic on port 56813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61013
Source: unknown	Network traffic detected: HTTP traffic on port 59756 -> 443

Source: classification engine

Classification label: mal48.phis.win@29/0@11/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1656,4161156890332825623,16311060440526564371,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ir.shareaholic.com/e?a=1&u=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1656,4161156890332825623,16311060440526564371,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	1 Network Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://ir.shareaholic.com/e?a=1&u=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://adobesign.acrobat.college/?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20=	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css	0%	Virustotal		Browse
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js	0%	Virustotal		Browse
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js	0%	Virustotal		Browse
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	0%	Virustotal		Browse
https://acrobatsign.replit.app/wp-xml.php?url=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js	0%	Virustotal		Browse
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js	0%	Virustotal		Browse

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cs1100.wpc.omegacdn.net	152.199.4.44	true	false		unknown
accounts.google.com	142.251.2.84	true	false		high
part-0041.t-0009.t-msedge.net	13.107.246.69	true	false		unknown
acrobatsign.replit.app	34.117.33.233	true	false		unknown
www.google.com	142.250.189.4	true	false		high
ir.shareaholic.com	44.212.226.113	true	false		high
adobesign.acrobat.college	109.61.95.11	true	false		unknown
clients.l.google.com	142.250.68.14	true	false		high
sso.college	199.36.158.100	true	false		unknown
clients2.google.com	unknown	unknown	false		high
aadcdn.msftauth.net	unknown	unknown	false		unknown
login.microsoftonline.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork	true		unknown
https://adobesign.acrobat.college/?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20=#/63?document=hytzrggjnjjqwut-63-&doc=97-48-hytzrggjnjjqwut	false		unknown
https://ir.shareaholic.com/e?a=1&u=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1	false		high
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/jsdisabled#/63?document=hytzrggjnjjqwut-63-&doc=97-48-hytzrggjnjjqwut	false		high
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://adobesign.acrobat.college/?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20=	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=94.0.4606.61&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://acrobatsign.replit.app/wp-xml.php?url=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.189.4	www.google.com	United States		15169	GOOGLEUS	false
13.107.246.69	part-0041.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
109.61.95.11	adobesign.acrobat.college	Hungary		197248	DRAVANET-ASHU	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
44.212.226.113	ir.shareaholic.com	United States		14618	AMAZON-AESUS	false
142.251.2.84	accounts.google.com	United States		15169	GOOGLEUS	false
142.250.68.14	clients.l.google.com	United States		15169	GOOGLEUS	false
199.36.158.100	sso.college	United States		15169	GOOGLEUS	false
34.117.33.233	acrobatsign.replit.app	United States		139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
239.255.255.250	unknown	Reserved		unknown	unknown	false

Private

IP
192.168.11.20

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1396998
Start date and time:	2024-02-22 15:18:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ir.shareaholic.com/e?a=1&u=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@29/0@11/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, CompPkgSrv.exe, backgroundTaskHost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.68.35, 34.104.35.123, 40.126.62.130, 20.190.190.129, 40.126.62.129, 20.190.190.194, 40.126.62.132, 20.190.190.196, 20.190.190.132, 40.126.62.131, 23.36.118.31, 20.190.190.131, 20.190.190.195, 20.190.190.193, 20.190.151.7, 20.190.151.68, 20.190.151.6, 20.190.151.9, 20.190.151.131, 20.190.151.70, 20.190.151.134, 20.190.151.132, 142.250.189.3, 142.250.188.227, 142.250.217.131
Excluded domains from analysis (whitelisted): www.tm.ak.prd.aadg.trafficmanager.net, prdv4a.aadg.msidentity.com, aadcdnoriginwus2.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, www.tm.ak.prd.aadg.akadns.net, e13678.dscb.akamaiedge.net, clientservices.googleapis.com, aadcdn.msauth.net, ak.privatelink.msidentity.com, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, www.microsoft.com-c-3.edgekey.net, edgedl.me.gvt1.com, login.live.com, privacy.microsoft.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, login.mso.msidentity.com, privacy.microsoft.com.edgekey.net, www.gstatic.com, www.microsoft.com, e13678.dspb.akamaiedge.net, www.tm.lg.prod.aadmsa.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 464
• 1900 undefined
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 22, 2024 15:20:10.729088068 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:10.729108095 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:10.729327917 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:10.729329109 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:10.729362965 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:10.729470968 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:10.800906897 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:10.800988913 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:10.801107883 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:10.801170111 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.210400105 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.210771084 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:11.210782051 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.211374998 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.211648941 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:11.212173939 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:11.212416887 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.212599039 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:11.212702990 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:11.212713957 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:11.214076996 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:11.214248896 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:11.229075909 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:11.229181051 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:11.229249001 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:11.229343891 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:11.229434013 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:11.229444027 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.229470968 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.272569895 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:11.284832001 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:11.284840107 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:11.284842968 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:11.284852982 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.331671953 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:11.331671953 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:11.554976940 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.555156946 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.555355072 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:11.556019068 CET	52708	443	192.168.11.20	142.250.68.14
Feb 22, 2024 15:20:11.556045055 CET	443	52708	142.250.68.14	192.168.11.20
Feb 22, 2024 15:20:11.605669975 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:11.605860949 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:11.605988026 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:11.606452942 CET	61013	443	192.168.11.20	142.251.2.84
Feb 22, 2024 15:20:11.606462002 CET	443	61013	142.251.2.84	192.168.11.20
Feb 22, 2024 15:20:12.750484943 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:12.750576019 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:12.750663042 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:12.750744104 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:12.750814915 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:12.750894070 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:12.750926971 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:12.750935078 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:12.751005888 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:12.751039982 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.224682093 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.225091934 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.225101948 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.226001978 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.226281881 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.228456974 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.228785038 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.228795052 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.229744911 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.229974031 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.383305073 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.383430958 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.383431911 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.384321928 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.384424925 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.428600073 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.438227892 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.438241005 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.438256025 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.438282967 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.486083984 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.487185955 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.674314976 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.674420118 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.674622059 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.675836086 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.675836086 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:13.675848961 CET	443	61776	44.212.226.113	192.168.11.20
Feb 22, 2024 15:20:13.676059008 CET	61776	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:14.012772083 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.012789965 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.012983084 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.013185024 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.013195038 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.353014946 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.353373051 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.353383064 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.353797913 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.354073048 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.354350090 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.354552031 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.449783087 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.449892044 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.449892044 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.492623091 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.508002996 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.508014917 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.552936077 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.788451910 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.788594007 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.788805962 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.788902044 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.788913012 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.789072990 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.794020891 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.799515963 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.799623966 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.799767017 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.799777031 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.800031900 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.805075884 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.810473919 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.810647964 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.810658932 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.816032887 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.816287041 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.816296101 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.821557999 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.821763039 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.821774960 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.827182055 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.827481985 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.827491045 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.832520962 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.832669973 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.832681894 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.838058949 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.838207960 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.838221073 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.843590021 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.843652010 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.843848944 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.843981028 CET	64160	443	192.168.11.20	199.36.158.100
Feb 22, 2024 15:20:14.843998909 CET	443	64160	199.36.158.100	192.168.11.20
Feb 22, 2024 15:20:14.971565008 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.971580029 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:14.971662998 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.971672058 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:14.971746922 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.971760988 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.971765995 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:14.971858978 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.971880913 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.971899033 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:14.971939087 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.971954107 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:14.972014904 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.972038031 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.972043991 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:14.972064972 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.972070932 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.972135067 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.972141981 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:14.972201109 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.972213030 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:14.972311020 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.972325087 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:14.972384930 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:14.972398043 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.487107992 CET	59335	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.487123966 CET	443	59335	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.487255096 CET	59335	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.487288952 CET	55416	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.487322092 CET	443	55416	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.487401962 CET	59335	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.487410069 CET	443	59335	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.487457037 CET	55416	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.487550974 CET	55416	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.487565041 CET	443	55416	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.552601099 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.552978992 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.552993059 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.554184914 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.554389954 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.555613041 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.555722952 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.555730104 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.555736065 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.564402103 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.564865112 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.564884901 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.564893007 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.565169096 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.565181971 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.566273928 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.566363096 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.566478968 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.566479921 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.566662073 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.566701889 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.566859007 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.566868067 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.567069054 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.567078114 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.567610979 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.567663908 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.567697048 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.567749023 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.567763090 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.567812920 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.568416119 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.568552017 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.568572998 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.568850994 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.568891048 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.568991899 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.569144964 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.569216013 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.569225073 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.569259882 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.569267035 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.599841118 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.599854946 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.608607054 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.608611107 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.612567902 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.615674973 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.615684986 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.615705013 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.615705013 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.615720034 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.617623091 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.617631912 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.646593094 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.662583113 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.662583113 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.662585020 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.839320898 CET	443	55416	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.839710951 CET	55416	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.839721918 CET	443	55416	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.840694904 CET	443	55416	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.840877056 CET	55416	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.841942072 CET	55416	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.842036009 CET	443	55416	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.843352079 CET	443	59335	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.843668938 CET	59335	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.843676090 CET	443	59335	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.843693972 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.844144106 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.844146967 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.844208956 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.844214916 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.844218016 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.844321966 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.844332933 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.844336033 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.844438076 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.844501972 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.844538927 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.844542980 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.844549894 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.844800949 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.845350981 CET	443	59335	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.845722914 CET	59335	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.846539021 CET	59335	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.846657991 CET	443	59335	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.850241899 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.850588083 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.850594044 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.850775003 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.850785017 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.850788116 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.850837946 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.850841045 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.850981951 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.851089954 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.851089954 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.851099014 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.851280928 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.851286888 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.851290941 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.851471901 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.851476908 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.851665020 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.851665020 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.851856947 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.852453947 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.852807999 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.852813959 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.852891922 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.852897882 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.852901936 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.853063107 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.853071928 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.853075027 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.853112936 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.853203058 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.853205919 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.853401899 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.853406906 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.853458881 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.853563070 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.856515884 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.856909990 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.856914997 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.856981039 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.857062101 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.857073069 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.857098103 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.857234955 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.857409000 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.857456923 CET	62082	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.857466936 CET	443	62082	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.862637997 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863034010 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863038063 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863100052 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863105059 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863107920 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863179922 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.863188982 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863250017 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.863254070 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863326073 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.863521099 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.863565922 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863576889 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863689899 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.863883972 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.863888025 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:15.863926888 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.882205009 CET	55416	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.882216930 CET	443	55416	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.896996975 CET	59335	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.897001982 CET	443	59335	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:15.911940098 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:15.927872896 CET	55416	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:15.943823099 CET	59335	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:16.008626938 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.008641958 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.008814096 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.008814096 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.008891106 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.008891106 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.008891106 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.008903027 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.009114027 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.009146929 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.009167910 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.009310007 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.009449959 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.009464025 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.009474039 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.009526968 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.009592056 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.009597063 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.009696960 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.009696960 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.009824991 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.009891033 CET	63667	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.009901047 CET	443	63667	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.015016079 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.015034914 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.015355110 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.015355110 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.015364885 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.015414953 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.015549898 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.015638113 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.015738010 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.015746117 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.015786886 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.015968084 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.017462015 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.017474890 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.017625093 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.017690897 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.017697096 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.017821074 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.017865896 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.017978907 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.017978907 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.017987013 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.018076897 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.018079042 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.018090963 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.018224001 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.018227100 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.018357992 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.027056932 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.027060986 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.027124882 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.027132034 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.027221918 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.027318001 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.027427912 CET	49826	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.027436972 CET	443	49826	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.048911095 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.048932076 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.049211025 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.049221992 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.053004026 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.053029060 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.053143978 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.053241968 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.053248882 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.053442001 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.100454092 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.179440022 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.179459095 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.179687023 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.179699898 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.179750919 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.179847956 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.179857969 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.180023909 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.180032015 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.180093050 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.180120945 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.180136919 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.180419922 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.180444956 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.180454969 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.180664062 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.180664062 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.180855036 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.181757927 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.181849957 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.181863070 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.181967020 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.182117939 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.182286978 CET	59756	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.182295084 CET	443	59756	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.213011980 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.213037968 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.213385105 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.213385105 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.213397026 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.213430882 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.213579893 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.213768959 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.213768959 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.213777065 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.213816881 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.213816881 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.255990982 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.334893942 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.334908009 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.335055113 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.335100889 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.335236073 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.335236073 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.335249901 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.335424900 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.335665941 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.337076902 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.337086916 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.337296963 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.337316036 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.337326050 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.337332964 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.337560892 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.337560892 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.337563038 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.337611914 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.337620974 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.337744951 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.337852001 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.337863922 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.338027000 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.338037014 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.338129997 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.338217974 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.338218927 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.338232040 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.338388920 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.338397980 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.338570118 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.338579893 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.338762045 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.338772058 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.338953972 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.338953972 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.338962078 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.338970900 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.339023113 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.339402914 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.369158983 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.369169950 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.369370937 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.369379044 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.369533062 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.369549990 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.369561911 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.369772911 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.369879007 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.369890928 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.370069027 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.370260000 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.490736008 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.490747929 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.490904093 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.490979910 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.491130114 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.491130114 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.491321087 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.491513014 CET	56332	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.491529942 CET	443	56332	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.500158072 CET	63579	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.500179052 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.500324965 CET	63579	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.500387907 CET	63579	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.500396967 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.978750944 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.979098082 CET	63579	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.979108095 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.979595900 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.980092049 CET	63579	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.980165958 CET	63579	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:16.980174065 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:16.980196953 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.031039000 CET	63579	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.294091940 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.294220924 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.294281960 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.294404984 CET	63579	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.294404984 CET	63579	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.294886112 CET	63579	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.294897079 CET	443	63579	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.296840906 CET	62536	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.296859026 CET	443	62536	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.297090054 CET	62536	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.297276974 CET	62536	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.297286987 CET	443	62536	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.499294996 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.499311924 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.499433994 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.499449015 CET	443	57725	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.499463081 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.499569893 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.499581099 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.499605894 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.499749899 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.499772072 CET	443	57725	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.773426056 CET	443	62536	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.773834944 CET	62536	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.773847103 CET	443	62536	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.774355888 CET	443	62536	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.774822950 CET	62536	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.774893045 CET	62536	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.774914026 CET	443	62536	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:17.819154024 CET	62536	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:17.833034039 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.833465099 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.833476067 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.834479094 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.834793091 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.836076021 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.836179972 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.836215019 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.842245102 CET	443	57725	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.842643976 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.842654943 CET	443	57725	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.843559027 CET	443	57725	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.843758106 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.844119072 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.844189882 CET	443	57725	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.876569033 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.881427050 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.881438971 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.897247076 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.897258043 CET	443	57725	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:17.928991079 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:17.945045948 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:18.103857040 CET	443	62536	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:18.103945017 CET	443	62536	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:18.104059935 CET	443	62536	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:18.104113102 CET	62536	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:18.104180098 CET	62536	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:18.104717970 CET	62536	443	192.168.11.20	152.199.4.44
Feb 22, 2024 15:20:18.104743004 CET	443	62536	152.199.4.44	192.168.11.20
Feb 22, 2024 15:20:18.222634077 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:18.222759962 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:18.222945929 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:18.223297119 CET	56813	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:20:18.223318100 CET	443	56813	34.117.33.233	192.168.11.20
Feb 22, 2024 15:20:18.583168983 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:18.583187103 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:18.583414078 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:18.583560944 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:18.583569050 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:19.208245993 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:19.208632946 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:19.208643913 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:19.209781885 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:19.210015059 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:19.211020947 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:19.211105108 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:19.211113930 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:19.252613068 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:19.259341955 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:19.259394884 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:19.307168961 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.289052963 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.289086103 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.289091110 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.289264917 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.289278984 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.289309025 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.289450884 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.595478058 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.595495939 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.595670938 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.595705986 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.595710993 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.595767975 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.595877886 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.595916986 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.596045017 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.596124887 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.596281052 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.901211977 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.901242018 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.901406050 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.901446104 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.901519060 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.901546955 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.901562929 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.901695967 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:20.901702881 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:20.901839018 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.178941011 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.178956032 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.179198980 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.179207087 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.179250956 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.179410934 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.207257032 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.207274914 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.207458019 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.207536936 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.207566023 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.207575083 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.207643986 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.207773924 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.207900047 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.208151102 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.208158970 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.208213091 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.208416939 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.208429098 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.208477974 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.208496094 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.208767891 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.208767891 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.208776951 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.208950996 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.208950996 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.485420942 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.485455990 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.485663891 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.485697031 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.485729933 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.485960007 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.485997915 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.486016035 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.486032009 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.486114025 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.486114025 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.486162901 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.486258030 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.513513088 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.513546944 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.513772964 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.513809919 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.513883114 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.513961077 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.514100075 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.514132023 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.514251947 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.514301062 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.514301062 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.514327049 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.514352083 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.514448881 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.514545918 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.514698029 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.514733076 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.514869928 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.514918089 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.514938116 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.515023947 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.515208006 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.515285015 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.515317917 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.515492916 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.515516043 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.515547037 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.515713930 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.515830994 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.515858889 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.516015053 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.516208887 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.516230106 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.516410112 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.516449928 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.516494989 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.516520023 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.516591072 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.516664028 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.516756058 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.516817093 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.516906977 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.516978025 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.517024994 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.517035961 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.517107010 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.517235994 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.517332077 CET	56344	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.517359018 CET	443	56344	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.936518908 CET	50253	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.936538935 CET	443	50253	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.936621904 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.936638117 CET	443	59640	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.936723948 CET	50253	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.936808109 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.936870098 CET	50253	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.936877966 CET	443	50253	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:21.936955929 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:21.936968088 CET	443	59640	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:22.573820114 CET	443	50253	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:22.574130058 CET	50253	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:22.574141026 CET	443	50253	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:22.574542046 CET	443	50253	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:22.574712038 CET	443	59640	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:22.574982882 CET	50253	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:22.575042009 CET	443	50253	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:22.575099945 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:22.575115919 CET	443	59640	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:22.575166941 CET	50253	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:22.575201035 CET	50253	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:22.575210094 CET	443	50253	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:22.575694084 CET	443	59640	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:22.576066971 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:22.576147079 CET	443	59640	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:22.625365973 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:22.625395060 CET	50253	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:23.366498947 CET	443	50253	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:23.366599083 CET	443	50253	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:23.366729975 CET	50253	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:23.367305994 CET	50253	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:23.367316008 CET	443	50253	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:23.368328094 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:23.412565947 CET	443	59640	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:24.382272005 CET	443	59640	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:24.382617950 CET	443	59640	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:24.382797003 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:24.382977009 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:24.382977009 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:24.382991076 CET	443	59640	109.61.95.11	192.168.11.20
Feb 22, 2024 15:20:24.383214951 CET	59640	443	192.168.11.20	109.61.95.11
Feb 22, 2024 15:20:25.435182095 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.435199976 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.435448885 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.435625076 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.435635090 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.450279951 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.450299978 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.450562000 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.450700998 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.450714111 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.825787067 CET	443	55416	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:25.825833082 CET	443	55416	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:25.825951099 CET	55416	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:25.837505102 CET	443	59335	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:25.837584972 CET	443	59335	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:25.837795973 CET	59335	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:25.955183983 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.955508947 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.955537081 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.957161903 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.957473040 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.957495928 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.958478928 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.958745003 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.959860086 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.960320950 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.967094898 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.967124939 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.967292070 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.967305899 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:25.967312098 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.967322111 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:25.967328072 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.008568048 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.012145996 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.012145996 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.012156010 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.012157917 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.059962988 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.059976101 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.140712976 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.140949011 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.141155958 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.141433001 CET	49733	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.141444921 CET	443	49733	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.142998934 CET	59335	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:26.143001080 CET	55416	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:20:26.143007040 CET	443	59335	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:26.143013000 CET	443	55416	142.250.189.4	192.168.11.20
Feb 22, 2024 15:20:26.143246889 CET	64422	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.143266916 CET	443	64422	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.143446922 CET	64422	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.143673897 CET	64422	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.143685102 CET	443	64422	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.301392078 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.301414967 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.301419020 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.301553965 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.301563978 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.301590919 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.301606894 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.301702023 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.301785946 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.301799059 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.301800966 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.302050114 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.302463055 CET	58622	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.302475929 CET	443	58622	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.334994078 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.335009098 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.335238934 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.335484028 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.335489988 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.645411015 CET	443	64422	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.645864964 CET	64422	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.645879030 CET	443	64422	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.646336079 CET	443	64422	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.646780014 CET	64422	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.646866083 CET	64422	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.646881104 CET	443	64422	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.691071033 CET	64422	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.813888073 CET	443	64422	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.814167976 CET	443	64422	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.814389944 CET	64422	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.814912081 CET	64422	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.814965963 CET	443	64422	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.837713957 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.838099957 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.838105917 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.838529110 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.838951111 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.839027882 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:26.839032888 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.839050055 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:26.891798973 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.178347111 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.178365946 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.178370953 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.178436995 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.178443909 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.178461075 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.178607941 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.178621054 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.178675890 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.178834915 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.178973913 CET	63807	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.178982973 CET	443	63807	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.180588961 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.180607080 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.180830956 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.180978060 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.180983067 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.684293032 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.684678078 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.684686899 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.685271978 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.685661077 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.685734034 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:27.685750961 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:27.738765955 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:28.017316103 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:28.017349958 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:28.017371893 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:28.017448902 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:28.017457008 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:28.017462015 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:28.017509937 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:28.017510891 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:28.017539978 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:28.017576933 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:28.017608881 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:28.017656088 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:28.017802954 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:28.018112898 CET	57796	443	192.168.11.20	13.107.246.69
Feb 22, 2024 15:20:28.018121958 CET	443	57796	13.107.246.69	192.168.11.20
Feb 22, 2024 15:20:58.451126099 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:20:58.451139927 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:21:02.903316021 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:21:02.903342962 CET	443	57725	34.117.33.233	192.168.11.20
Feb 22, 2024 15:21:13.220779896 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:21:13.220870972 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:21:13.221050978 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:21:14.390559912 CET	51970	443	192.168.11.20	44.212.226.113
Feb 22, 2024 15:21:14.390577078 CET	443	51970	44.212.226.113	192.168.11.20
Feb 22, 2024 15:21:15.374125004 CET	62866	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.374147892 CET	443	62866	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.374283075 CET	49829	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.374298096 CET	443	49829	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.374437094 CET	62866	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.374521971 CET	49829	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.374602079 CET	62866	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.374614954 CET	443	62866	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.374645948 CET	49829	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.374651909 CET	443	49829	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.725594044 CET	443	62866	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.726002932 CET	62866	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.726012945 CET	443	62866	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.726650953 CET	443	62866	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.727123022 CET	62866	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.727199078 CET	443	62866	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.728271008 CET	443	49829	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.728590965 CET	49829	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.728615046 CET	443	49829	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.729095936 CET	443	49829	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.729541063 CET	49829	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.729624987 CET	443	49829	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:15.779606104 CET	49829	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:15.779607058 CET	62866	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:18.389646053 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:21:18.389703989 CET	443	57725	34.117.33.233	192.168.11.20
Feb 22, 2024 15:21:18.389866114 CET	57725	443	192.168.11.20	34.117.33.233
Feb 22, 2024 15:21:25.713628054 CET	443	62866	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:25.713692904 CET	443	62866	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:25.713907003 CET	62866	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:25.731436014 CET	443	49829	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:25.731504917 CET	443	49829	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:25.731625080 CET	49829	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:26.707051992 CET	62866	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:26.707067966 CET	443	62866	142.250.189.4	192.168.11.20
Feb 22, 2024 15:21:26.707075119 CET	49829	443	192.168.11.20	142.250.189.4
Feb 22, 2024 15:21:26.707079887 CET	443	49829	142.250.189.4	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 22, 2024 15:20:10.534516096 CET	55085	53	192.168.11.20	1.1.1.1
Feb 22, 2024 15:20:10.548382044 CET	61459	53	192.168.11.20	1.1.1.1
Feb 22, 2024 15:20:10.579353094 CET	61460	1900	192.168.11.20	239.255.255.250
Feb 22, 2024 15:20:10.699640989 CET	53	55085	1.1.1.1	192.168.11.20
Feb 22, 2024 15:20:10.713423967 CET	53	61459	1.1.1.1	192.168.11.20
Feb 22, 2024 15:20:11.581701994 CET	61460	1900	192.168.11.20	239.255.255.250
Feb 22, 2024 15:20:12.581984043 CET	61460	1900	192.168.11.20	239.255.255.250
Feb 22, 2024 15:20:12.582565069 CET	51852	53	192.168.11.20	1.1.1.1
Feb 22, 2024 15:20:12.749658108 CET	53	51852	1.1.1.1	192.168.11.20
Feb 22, 2024 15:20:13.582895994 CET	61460	1900	192.168.11.20	239.255.255.250
Feb 22, 2024 15:20:13.676661968 CET	56405	53	192.168.11.20	1.1.1.1
Feb 22, 2024 15:20:14.011909008 CET	53	56405	1.1.1.1	192.168.11.20
Feb 22, 2024 15:20:14.089735031 CET	137	137	192.168.11.20	192.168.11.255
Feb 22, 2024 15:20:14.805615902 CET	53962	53	192.168.11.20	1.1.1.1
Feb 22, 2024 15:20:14.854202986 CET	137	137	192.168.11.20	192.168.11.255
Feb 22, 2024 15:20:14.970742941 CET	53	53962	1.1.1.1	192.168.11.20
Feb 22, 2024 15:20:15.321201086 CET	61453	53	192.168.11.20	1.1.1.1
Feb 22, 2024 15:20:15.486108065 CET	53	61453	1.1.1.1	192.168.11.20
Feb 22, 2024 15:20:15.615721941 CET	137	137	192.168.11.20	192.168.11.255
Feb 22, 2024 15:20:17.300514936 CET	58280	53	192.168.11.20	1.1.1.1
Feb 22, 2024 15:20:17.498332024 CET	53	58280	1.1.1.1	192.168.11.20
Feb 22, 2024 15:20:18.224607944 CET	58332	53	192.168.11.20	1.1.1.1
Feb 22, 2024 15:20:18.582534075 CET	53	58332	1.1.1.1	192.168.11.20
Feb 22, 2024 15:20:24.384809017 CET	53594	53	192.168.11.20	1.1.1.1
Feb 22, 2024 15:20:37.615395069 CET	63667	53	192.168.11.20	1.1.1.1
Feb 22, 2024 15:20:53.367130995 CET	57670	53	192.168.11.20	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 22, 2024 15:20:10.534516096 CET	192.168.11.20	1.1.1.1	0x6e30	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:10.548382044 CET	192.168.11.20	1.1.1.1	0x1b1a	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:12.582565069 CET	192.168.11.20	1.1.1.1	0xb7ae	Standard query (0)	ir.shareaholic.com	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:13.676661968 CET	192.168.11.20	1.1.1.1	0xba3e	Standard query (0)	sso.college	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:14.805615902 CET	192.168.11.20	1.1.1.1	0xaee0	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:15.321201086 CET	192.168.11.20	1.1.1.1	0x2b8e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:17.300514936 CET	192.168.11.20	1.1.1.1	0xc94	Standard query (0)	acrobatsign.replit.app	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:18.224607944 CET	192.168.11.20	1.1.1.1	0xd221	Standard query (0)	adobesign.acrobat.college	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:24.384809017 CET	192.168.11.20	1.1.1.1	0x3a3e	Standard query (0)	login.microsoftonline.com	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:37.615395069 CET	192.168.11.20	1.1.1.1	0xc9b1	Standard query (0)	login.microsoftonline.com	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:53.367130995 CET	192.168.11.20	1.1.1.1	0x58ee	Standard query (0)	login.microsoftonline.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 22, 2024 15:20:10.699640989 CET	1.1.1.1	192.168.11.20	0x6e30	No error (0)	accounts.google.com		142.251.2.84	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:10.713423967 CET	1.1.1.1	192.168.11.20	0x1b1a	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 22, 2024 15:20:10.713423967 CET	1.1.1.1	192.168.11.20	0x1b1a	No error (0)	clients.l.google.com		142.250.68.14	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:12.749658108 CET	1.1.1.1	192.168.11.20	0xb7ae	No error (0)	ir.shareaholic.com		44.212.226.113	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:12.749658108 CET	1.1.1.1	192.168.11.20	0xb7ae	No error (0)	ir.shareaholic.com		54.90.97.202	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:14.011909008 CET	1.1.1.1	192.168.11.20	0xba3e	No error (0)	sso.college		199.36.158.100	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:14.970742941 CET	1.1.1.1	192.168.11.20	0xaee0	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 22, 2024 15:20:14.970742941 CET	1.1.1.1	192.168.11.20	0xaee0	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:14.984469891 CET	1.1.1.1	192.168.11.20	0x69c6	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 22, 2024 15:20:14.984469891 CET	1.1.1.1	192.168.11.20	0x69c6	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:14.984469891 CET	1.1.1.1	192.168.11.20	0x69c6	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:15.486108065 CET	1.1.1.1	192.168.11.20	0x2b8e	No error (0)	www.google.com		142.250.189.4	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:17.498332024 CET	1.1.1.1	192.168.11.20	0xc94	No error (0)	acrobatsign.replit.app		34.117.33.233	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:18.582534075 CET	1.1.1.1	192.168.11.20	0xd221	No error (0)	adobesign.acrobat.college		109.61.95.11	A (IP address)	IN (0x0001)	false
Feb 22, 2024 15:20:24.549913883 CET	1.1.1.1	192.168.11.20	0x3a3e	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 22, 2024 15:20:37.781502962 CET	1.1.1.1	192.168.11.20	0xc9b1	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 22, 2024 15:20:53.532161951 CET	1.1.1.1	192.168.11.20	0x58ee	No error (0)	login.microsoftonline.com	login.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

ir.shareaholic.com

sso.college

https:

aadcdn.msftauth.net

acrobatsign.replit.app

adobesign.acrobat.college

aadcdn.msauth.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	61013	142.251.2.84	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:11 UTC	548	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979
2024-02-22 14:20:11 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-02-22 14:20:11 UTC	1799	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 22 Feb 2024 14:20:11 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-1t1TbNFPqiOKMeTTqAuI7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmJw05BiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQBiIR6O2RvurmMTmLFhx3tGALT3F6Y" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-02-22 14:20:11 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-02-22 14:20:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	52708	142.250.68.14	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:11 UTC	731	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=94.0.4606.61&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-94.0.4606.61 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:11 UTC	732	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-MaXFj0uVppm7sAezLLZUhg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 22 Feb 2024 14:20:11 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6261 X-Daystart: 22811 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-02-22 14:20:11 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 36 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 32 38 31 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6261" elapsed_seconds="22811"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2024-02-22 14:20:11 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2024-02-22 14:20:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	61776	44.212.226.113	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:13 UTC	818	OUT	GET /e?a=1&u=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1 HTTP/1.1 Host: ir.shareaholic.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:13 UTC	856	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 22 Feb 2024 14:20:13 GMT Content-Length: 0 Connection: close Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache P3P: CP="OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC" Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: c_id=3d048fbf-bc9e-42a3-9b59-fde69bdf226f;Version=1;Comment=;Domain=.shareaholic.com;Path=/;Max-Age=63113852;Secure;Expires=Sun, 22 Feb 2026 01:57:45 GMT;SameSite=None Set-Cookie: c_id-legacy=3d048fbf-bc9e-42a3-9b59-fde69bdf226f;Version=1;Comment=;Domain=.shareaholic.com;Path=/;Max-Age=63113852;Secure;Expires=Sun, 22 Feb 2026 01:57:45 GMT Location: https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork Referer-Policy: unsafe-url Content-Security-Policy: referrer always

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	64160	199.36.158.100	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:14 UTC	767	OUT	GET /m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork HTTP/1.1 Host: sso.college Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:14 UTC	589	IN	HTTP/1.1 404 Not Found Connection: close Content-Length: 29409 Cache-Control: max-age=3600 Content-Type: text/html; charset=utf-8 Etag: "42dda7675ddda56a0527d93e7dba7aaefd4c233525d3ecf2c4d0385868259067" Last-Modified: Sun, 28 Jan 2024 22:12:18 GMT Strict-Transport-Security: max-age=31556926 Accept-Ranges: bytes Date: Thu, 22 Feb 2024 14:20:14 GMT X-Served-By: cache-lax-kwhp1940099-LAX X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1708611615.593293,VS0,VE110 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-02-22 14:20:14 UTC	1378	IN	Data Raw: 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 52 65 64 69 72 65 63 74 20 28 75 72 6c 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 75 72 6c 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 50 61 72 61 6d 73 20 3d 20 6e 65 Data Ascii: <html dir="ltr" class="" lang="en"><head> <title>Loading...</title> <script type="text/javascript"> window.onload = function() { function Redirect (url){ window.location.href = url; } var urlParams = ne
2024-02-22 14:20:14 UTC	1378	IN	Data Raw: 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 22 3e 0a 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 6c 69 76 65 2e 63 6f 6d 2f 4d 65 2e 68 74 6d 3f 76 3d 33 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 61 75 74 68 2e 6e 65 74 2f 73 68 61 72 65 64 2f 31 2e 30 2f 63 6f 6e 74 65 6e 74 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 5f 61 5f 65 75 70 61 79 66 67 67 68 71 69 61 69 37 6b 39 73 6f 6c 36 6c 67 32 2e 69 63 6f 22 3e 0a Data Ascii: t> <meta name="robots" content="none"> <link rel="prefetch" href="https://login.live.com/Me.htm?v=3"> <link rel="shortcut icon" href="https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico">
2024-02-22 14:20:14 UTC	1378	IN	Data Raw: 64 6c 65 73 2f 63 6f 6e 76 65 72 67 65 64 2e 76 32 2e 6c 6f 67 69 6e 2e 6d 69 6e 5f 6b 66 68 72 66 79 66 79 2d 73 6d 32 74 6d 6b 6d 35 66 69 63 63 77 32 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 66 74 61 75 74 68 2e 6e 65 74 2f 65 73 74 73 2f 32 2e 31 2f 63 6f 6e 74 65 6e 74 2f 63 64 6e 62 75 6e 64 6c 65 73 2f 75 78 2e 63 6f 6e 76 65 72 67 65 64 2e 6c 6f 67 69 6e 2e 73 74 72 69 6e 67 73 2d 65 6e 2d 67 62 2e 6d 69 6e 5f 2d 68 6a 63 67 71 78 66 7a 66 75 30 63 77 7a 62 6c 61 63 64 71 71 32 2e 6a 73 22 3e 3c 73 63 72 69 70 74 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 66 74 61 75 Data Ascii: dles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css"><link rel="prefetch" href="https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js"><script charset="utf-8" src="https://aadcdn.msftau
2024-02-22 14:20:14 UTC	1378	IN	Data Raw: 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 78 2e 61 70 70 65 6e 64 4c 6f 67 26 26 78 2e 61 70 70 65 6e 64 4c 6f 67 28 22 43 6c 69 65 6e 74 20 50 72 65 66 65 74 63 68 3a 20 22 2b 65 29 7d 66 75 6e 63 74 69 6f 6e 20 69 28 29 7b 74 72 79 7b 66 6f 72 28 76 61 72 20 65 3d 74 2e 63 6f 6f 6b 69 65 2e 73 70 6c 69 74 28 22 3b 22 29 2c 72 3d 30 3b 72 3c 65 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 65 5b 72 5d 3b 69 66 28 69 29 7b 76 61 72 20 6f 3d 69 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 3b 69 66 28 2d 31 21 3d 3d 6f 29 7b 69 66 28 69 2e 73 75 62 73 74 72 28 30 2c 6f 29 2e 74 72 69 6d 28 29 3d 3d 3d 6e 2e 6e 61 6d 65 29 7b 76 61 72 20 75 3d 69 2e 73 75 62 73 74 72 28 6f 2b 31 29 3b 72 65 74 75 72 6e 20 4a 53 4f Data Ascii: ction(e,t,n){function r(e){x.appendLog&&x.appendLog("Client Prefetch: "+e)}function i(){try{for(var e=t.cookie.split(";"),r=0;r<e.length;r++){var i=e[r];if(i){var o=i.indexOf("=");if(-1!==o){if(i.substr(0,o).trim()===n.name){var u=i.substr(o+1);return JSO
2024-02-22 14:20:14 UTC	1378	IN	Data Raw: 3d 21 30 3b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 74 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 7b 64 65 6c 65 74 65 20 65 5b 74 5b 72 5d 5d 7d 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 29 7b 76 61 72 20 74 3d 73 28 29 2d 43 2c 6e 3d 74 2b 32 2a 43 2c 72 3d 6e 75 6c 6c 2c 69 3d 30 2c 6f 3d 5b 5d 0a 3b 72 65 74 75 72 6e 20 6c 28 65 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 63 3c 74 7c 7c 63 3e 6e 3f 6f 2e 70 75 73 68 28 63 29 3a 28 30 3d 3d 3d 65 5b 63 5d 2e 6c 65 6e 67 74 68 3f 6f 2e 70 75 73 68 28 63 29 3a 28 6e 75 6c 6c 3d 3d 3d 72 7c 7c 63 3c 72 29 26 26 28 72 3d 63 29 2c 69 2b 2b 29 2c 21 30 7d 29 2c 6e 75 6c 6c 21 3d 3d 72 26 26 69 3e 6b 26 26 6f 2e 70 75 73 68 28 72 29 2c 64 28 65 2c 6f 29 7d 66 75 6e 63 74 69 Data Ascii: =!0;for(var r=0;r<t.length;r++){delete e[t[r]]}}return n}function p(e){var t=s()-C,n=t+2*C,r=null,i=0,o=[];return l(e,function(c){return c<t\|\|c>n?o.push(c):(0===e[c].length?o.push(c):(null===r\|\|c<r)&&(r=c),i++),!0}),null!==r&&i>k&&o.push(r),d(e,o)}functi
2024-02-22 14:20:14 UTC	1378	IN	Data Raw: 65 5b 58 5d 3b 4f 28 74 2e 70 61 74 68 2c 74 2e 68 61 73 68 2c 74 2e 63 6f 7c 7c 21 31 2c 74 2e 72 66 7c 7c 21 31 29 2c 58 2b 2b 7d 7d 66 75 6e 63 74 69 6f 6e 20 79 28 65 29 7b 69 66 28 65 29 7b 74 72 79 7b 76 61 72 20 6e 3d 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 6e 6b 22 29 3b 6e 2e 72 65 6c 3d 22 70 72 65 66 65 74 63 68 22 2c 6e 2e 68 72 65 66 3d 65 2c 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6e 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 4d 28 29 7b 72 28 22 53 74 61 72 74 69 6e 67 22 29 2c 62 28 29 2c 62 28 29 7d 66 75 6e 63 74 69 6f 6e 20 53 28 29 7b 0a 66 6f 72 28 76 61 72 20 74 3d 65 2e 24 43 6f 6e 66 69 67 7c 7c 65 2e 53 65 72 76 65 72 44 61 74 61 7c 7c 7b 7d 2c 72 3d 6e 2e 66 65 74 63 68 Data Ascii: e[X];O(t.path,t.hash,t.co\|\|!1,t.rf\|\|!1),X++}}function y(e){if(e){try{var n=t.createElement("link");n.rel="prefetch",n.href=e,t.head.appendChild(n)}catch(e){}}}function M(){r("Starting"),b(),b()}function S(){for(var t=e.$Config\|\|e.ServerData\|\|{},r=n.fetch
2024-02-22 14:20:14 UTC	1378	IN	Data Raw: 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 75 73 65 57 69 7a 61 72 64 42 65 68 61 76 69 6f 72 3a 20 73 76 72 2e 66 55 73 65 57 69 7a 61 72 64 42 65 68 61 76 69 6f 72 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 61 6e 64 6c 65 57 69 7a 61 72 64 42 75 74 74 6f 6e 73 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 73 73 77 6f 72 64 3a 20 70 61 73 73 77 6f 72 64 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 69 64 65 46 72 6f 6d 41 72 69 61 3a 20 61 72 69 61 48 69 64 64 65 6e 20 7d 2c 0a 20 20 20 20 20 20 20 20 65 76 65 6e 74 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6f 74 65 72 41 67 72 65 65 6d 65 6e 74 43 6c 69 63 6b 3a 20 66 6f 6f 74 65 72 5f 61 67 72 65 65 6d 65 6e 74 43 6c 69 63 6b 20 7d 20 7d 22 3e 3c 21 Data Ascii: : true, useWizardBehavior: svr.fUseWizardBehavior, handleWizardButtons: false, password: password, hideFromAria: ariaHidden }, event: { footerAgreementClick: footer_agreementClick } }"><!
2024-02-22 14:20:14 UTC	1378	IN	Data Raw: 0a 20 20 20 20 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0a 0a 3c 21 2d 2d 20 6b 6f 20 69 66 3a 20 73 76 72 2e 69 42 61 6e 6e 65 72 45 6e 76 69 72 6f 6e 6d 65 6e 74 20 2d 2d 3e 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 0a 0a 3c 21 2d 2d 20 6b 6f 20 77 69 74 68 50 72 6f 70 65 72 74 69 65 73 3a 20 7b 20 27 24 6d 61 73 74 65 72 50 61 67 65 43 6f 6e 74 65 78 74 27 3a 20 24 70 61 72 65 6e 74 43 6f 6e 74 65 78 74 20 7d 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6f 75 74 65 72 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 63 73 73 3a 20 7b 20 27 61 70 70 27 3a 20 24 70 61 67 65 2e 62 61 63 6b 67 72 6f 75 6e 64 4c 6f 67 6f 55 72 6c 20 7d 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 6b 6f 20 69 66 3a 20 73 68 6f 77 48 65 61 64 65 72 20 2d 2d 3e Data Ascii: ... /ko --></div></div>... ko if: svr.iBannerEnvironment -->... /ko -->... ko withProperties: { '$masterPageContext': $parentContext } --><div class="outer" data-bind="css: { 'app': $page.backgroundLogoUrl }"> ... ko if: showHeader -->
2024-02-22 14:20:14 UTC	1378	IN	Data Raw: 72 65 64 41 6e 64 4e 65 77 53 65 73 73 69 6f 6e 20 26 61 6d 70 3b 26 61 6d 70 3b 20 28 24 70 61 67 65 2e 73 68 6f 77 46 65 64 43 72 65 64 42 75 74 74 6f 6e 73 28 29 20 7c 7c 20 24 70 61 67 65 2e 6e 65 77 53 65 73 73 69 6f 6e 28 29 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 74 72 61 6e 73 70 61 72 65 6e 74 2d 6c 69 67 68 74 62 6f 78 27 3a 20 24 70 61 67 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6e 74 72 6f 6c 4d 65 74 68 6f 64 73 28 29 20 26 61 6d 70 3b 26 61 6d 70 3b 20 24 70 61 67 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6e 74 72 6f 6c 4d 65 74 68 6f 64 73 28 29 2e 75 73 65 54 72 61 6e 73 70 61 72 65 6e 74 4c 69 67 68 74 42 6f 78 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 6c 69 67 68 74 62 6f 78 2d 62 6f 74 74 6f 6d 2d 6d Data Ascii: redAndNewSession && ($page.showFedCredButtons() \|\| $page.newSession()), 'transparent-lightbox': $page.backgroundControlMethods() && $page.backgroundControlMethods().useTransparentLightBox, 'lightbox-bottom-m
2024-02-22 14:20:14 UTC	1378	IN	Data Raw: 5d 2c 20 64 61 74 61 3a 20 24 70 61 72 65 6e 74 20 7d 20 2d 2d 3e 0a 3c 62 72 2f 3e 0a 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 6b 6f 20 69 66 3a 20 73 76 72 2e 73 74 72 4c 57 41 44 69 73 63 6c 61 69 6d 65 72 4d 73 67 20 26 26 20 70 61 67 69 6e 61 74 69 6f 6e 43 6f 6e 74 72 6f 6c 48 65 6c 70 65 72 2e 73 68 6f 77 4c 77 61 44 69 73 63 6c 61 69 6d 65 72 28 29 20 2d 2d 3e 3c 21 2d 2d 20 2f 6b 6f 20 2d 2d 3e 0a 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 6b 6f 20 69 66 3a 20 61 73 79 6e 63 49 6e 69 74 52 65 61 64 79 20 2d 2d 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 63 6f Data Ascii: ], data: $parent } --><br/>... /ko --></div> ... /ko --> ... ko if: svr.strLWADisclaimerMsg && paginationControlHelper.showLwaDisclaimer() -->... /ko --> ... ko if: asyncInitReady --> <div role="main" data-bind="co

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	63667	152.199.4.44	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:15 UTC	568	OUT	GET /shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://sso.college/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:15 UTC	749	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5989389 Cache-Control: public, max-age=31536000 Content-MD5: xAmVJ4UrtXATagLD0tDXoQ== Content-Type: application/x-javascript Date: Thu, 22 Feb 2024 14:20:15 GMT Etag: 0x8D9942E72241B02 Last-Modified: Thu, 21 Oct 2021 01:02:25 GMT Server: ECAcc (laa/7BFD) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 597dbef2-d01e-00da-7b21-2f6055000000 x-ms-version: 2009-09-19 Content-Length: 79507 Connection: close
2024-02-22 14:20:15 UTC	16383	IN	Data Raw: 28 77 69 6e 64 6f 77 2e 74 65 6c 65 6d 65 74 72 79 5f 77 65 62 70 61 63 6b 4a 73 6f 6e 70 3d 77 69 6e 64 6f 77 2e 74 65 6c 65 6d 65 74 72 79 5f 77 65 62 70 61 63 6b 4a 73 6f 6e 70 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 5d 2c 5b 2c 2c 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 2e 72 28 65 29 2c 74 2e 64 28 65 2c 22 56 61 6c 75 65 4b 69 6e 64 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 2e 65 7d 29 29 2c 74 2e 64 28 65 2c 22 45 76 65 6e 74 4c 61 74 65 6e 63 79 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 2e 61 7d 29 29 2c 74 2e 64 28 65 2c 22 45 76 65 6e 74 50 65 72 73 69 73 74 65 6e 63 65 22 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 2e 62 7d 29 Data Ascii: (window.telemetry_webpackJsonp=window.telemetry_webpackJsonp\|\|[]).push([[2],[,,function(n,e,t){"use strict";t.r(e),t.d(e,"ValueKind",(function(){return r.e})),t.d(e,"EventLatency",(function(){return r.a})),t.d(e,"EventPersistence",(function(){return r.b})
2024-02-22 14:20:15 UTC	16383	IN	Data Raw: 30 29 7d 63 61 74 63 68 28 6e 29 7b 74 28 6e 29 7d 7d 29 29 7d 2c 6e 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 6e 28 28 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 69 66 28 65 26 26 65 2e 6c 65 6e 67 74 68 29 74 72 79 7b 66 6f 72 28 76 61 72 20 72 3d 66 75 6e 63 74 69 6f 6e 28 72 29 7b 76 61 72 20 69 3d 65 5b 72 5d 3b 69 26 26 54 28 69 2e 74 68 65 6e 29 3f 69 2e 74 68 65 6e 28 6e 2c 74 29 3a 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 28 69 29 7d 29 2c 30 29 7d 2c 69 3d 30 3b 69 3c 65 2e 6c 65 6e 67 74 68 3b 69 2b 2b 29 72 28 69 29 7d 63 61 74 63 68 28 6e 29 7b 74 28 6e 29 7d 7d 29 29 7d 2c 6e 7d 28 29 2c 6b 3d 30 2c 50 3d 5b 5d 2c 4e 3d 5b 5d 2c 5f 3d 5b 5d 3b 66 75 6e 63 74 69 6f 6e Data Ascii: 0)}catch(n){t(n)}}))},n.race=function(e){return new n((function(n,t){if(e&&e.length)try{for(var r=function(r){var i=e[r];i&&T(i.then)?i.then(n,t):setTimeout((function(){n(i)}),0)},i=0;i<e.length;i++)r(i)}catch(n){t(n)}}))},n}(),k=0,P=[],N=[],_=[];function
2024-02-22 14:20:15 UTC	2	IN	Data Raw: 6e 67 Data Ascii: ng
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 20 70 61 79 6c 6f 61 64 2e 20 45 78 3a 22 2b 4f 62 6a 65 63 74 28 75 2e 61 29 28 6e 29 29 2c 44 28 6f 2c 30 2c 7b 7d 29 7d 7d 29 2c 4f 62 6a 65 63 74 28 6f 2e 63 29 28 76 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 48 74 74 70 4d 61 6e 61 67 65 72 3a 5f 64 6f 50 61 79 6c 6f 61 64 53 65 6e 64 2e 73 65 6e 64 65 72 22 7d 29 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 53 29 69 66 28 30 3d 3d 3d 65 2e 73 65 6e 64 54 79 70 65 26 26 6b 2b 2b 2c 54 26 26 21 65 2e 69 73 42 65 61 63 6f 6e 26 26 33 21 3d 3d 49 2e 5f 74 72 61 6e 73 70 6f 72 74 29 7b 76 61 72 20 74 3d 7b 64 61 74 61 3a 78 2e 64 61 74 61 2c 75 72 6c 53 74 72 69 6e 67 3a 78 2e 75 72 6c 53 74 72 69 6e 67 2c 68 65 61 64 65 72 73 3a 4f 62 6a 65 63 74 28 69 2e 6b 29 28 7b 7d 2c 78 2e 68 Data Ascii: payload. Ex:"+Object(u.a)(n)),D(o,0,{})}}),Object(o.c)(v,(function(){return"HttpManager:_doPayloadSend.sender"}),(function(){if(S)if(0===e.sendType&&k++,T&&!e.isBeacon&&3!==I._transport){var t={data:x.data,urlString:x.urlString,headers:Object(i.k)({},x.h
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 61 6e 64 6f 6d 33 32 3a 6c 2e 61 2c 67 65 6e 65 72 61 74 65 57 33 43 49 64 3a 66 2e 63 7d 3b 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 21 21 4f 62 6a 65 63 74 28 61 2e 65 29 28 22 63 68 72 6f 6d 65 22 29 7d 66 75 6e 63 74 69 6f 6e 20 55 28 6e 2c 65 2c 74 2c 72 2c 69 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 2c 65 2c 74 29 7b 74 72 79 7b 6e 5b 65 5d 3d 74 7d 63 61 74 63 68 28 6e 29 7b 7d 7d 76 6f 69 64 20 30 3d 3d 3d 72 26 26 28 72 3d 21 31 29 2c 76 6f 69 64 20 30 3d 3d 3d 69 26 26 28 69 3d 21 31 29 3b 76 61 72 20 75 3d 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 3b 72 65 74 75 72 6e 20 72 26 26 6f 28 75 2c 22 4d 69 63 72 6f 73 6f 66 74 5f 41 70 70 6c 69 63 61 74 69 6f 6e 49 6e 73 69 67 68 74 73 5f 42 79 70 61 73 73 41 6a 61 78 49 Data Ascii: andom32:l.a,generateW3CId:f.c};function z(){return!!Object(a.e)("chrome")}function U(n,e,t,r,i){function o(n,e,t){try{n[e]=t}catch(n){}}void 0===r&&(r=!1),void 0===i&&(i=!1);var u=new XMLHttpRequest;return r&&o(u,"Microsoft_ApplicationInsights_BypassAjaxI
2024-02-22 14:20:16 UTC	13973	IN	Data Raw: 74 43 74 78 29 29 7b 76 61 72 20 66 3d 73 2e 67 65 74 43 74 78 28 75 2e 43 68 69 6c 64 72 65 6e 43 6f 6e 74 65 78 74 4b 65 79 29 3b 66 7c 7c 28 66 3d 5b 5d 2c 73 2e 73 65 74 43 74 78 28 75 2e 43 68 69 6c 64 72 65 6e 43 6f 6e 74 65 78 74 4b 65 79 2c 66 29 29 2c 66 2e 70 75 73 68 28 63 29 7d 72 65 74 75 72 6e 20 61 2e 73 65 74 43 74 78 28 22 43 6f 72 65 55 74 69 6c 73 2e 64 6f 50 65 72 66 22 2c 63 29 2c 74 28 63 29 7d 7d 63 61 74 63 68 28 6e 29 7b 63 26 26 63 2e 73 65 74 43 74 78 26 26 63 2e 73 65 74 43 74 78 28 22 65 78 63 65 70 74 69 6f 6e 22 2c 6e 29 7d 66 69 6e 61 6c 6c 79 7b 63 26 26 61 2e 66 69 72 65 28 63 29 2c 61 2e 73 65 74 43 74 78 28 22 43 6f 72 65 55 74 69 6c 73 2e 64 6f 50 65 72 66 22 2c 73 29 7d 7d 7d 72 65 74 75 72 6e 20 74 28 29 7d 66 75 6e Data Ascii: tCtx)){var f=s.getCtx(u.ChildrenContextKey);f\|\|(f=[],s.setCtx(u.ChildrenContextKey,f)),f.push(c)}return a.setCtx("CoreUtils.doPerf",c),t(c)}}catch(n){c&&c.setCtx&&c.setCtx("exception",n)}finally{c&&a.fire(c),a.setCtx("CoreUtils.doPerf",s)}}}return t()}fun

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	59756	152.199.4.44	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:15 UTC	635	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" Origin: https://sso.college sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://sso.college/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:15 UTC	627	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 12584917 Cache-Control: public, max-age=31536000 Content-MD5: 0O2H9juGYL0zkzcYWr0NIg== Content-Type: text/css Date: Thu, 22 Feb 2024 14:20:15 GMT Etag: 0x8D982C8F03AF4D4 Last-Modified: Tue, 28 Sep 2021 21:42:58 GMT Server: ECAcc (laa/7A9E) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 69fa4fd2-401e-0027-0e24-f31a1b000000 x-ms-version: 2009-09-19 Content-Length: 110118 Connection: close
2024-02-22 14:20:15 UTC	16383	IN	Data Raw: 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2a 2f 2f 2a 21 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 0a 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 Data Ascii: /! Copyright (C) Microsoft Corporation. All rights reserved. //*!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------This file is based on or incorporates material from the projects listed
2024-02-22 14:20:15 UTC	16383	IN	Data Raw: 73 2d 31 2c 2e 63 6f 6c 2d 78 73 2d 32 2c 2e 63 6f 6c 2d 78 73 2d 33 2c 2e 63 6f 6c 2d 78 73 2d 34 2c 2e 63 6f 6c 2d 78 73 2d 35 2c 2e 63 6f 6c 2d 78 73 2d 36 2c 2e 63 6f 6c 2d 78 73 2d 37 2c 2e 63 6f 6c 2d 78 73 2d 38 2c 2e 63 6f 6c 2d 78 73 2d 39 2c 2e 63 6f 6c 2d 78 73 2d 31 30 2c 2e 63 6f 6c 2d 78 73 2d 31 31 2c 2e 63 6f 6c 2d 78 73 2d 31 32 2c 2e 63 6f 6c 2d 78 73 2d 31 33 2c 2e 63 6f 6c 2d 78 73 2d 31 34 2c 2e 63 6f 6c 2d 78 73 2d 31 35 2c 2e 63 6f 6c 2d 78 73 2d 31 36 2c 2e 63 6f 6c 2d 78 73 2d 31 37 2c 2e 63 6f 6c 2d 78 73 2d 31 38 2c 2e 63 6f 6c 2d 78 73 2d 31 39 2c 2e 63 6f 6c 2d 78 73 2d 32 30 2c 2e 63 6f 6c 2d 78 73 2d 32 31 2c 2e 63 6f 6c 2d 78 73 2d 32 32 2c 2e 63 6f 6c 2d 78 73 2d 32 33 2c 2e 63 6f 6c 2d 78 73 2d 32 34 7b 66 6c 6f 61 74 3a Data Ascii: s-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11,.col-xs-12,.col-xs-13,.col-xs-14,.col-xs-15,.col-xs-16,.col-xs-17,.col-xs-18,.col-xs-19,.col-xs-20,.col-xs-21,.col-xs-22,.col-xs-23,.col-xs-24{float:
2024-02-22 14:20:15 UTC	2	IN	Data Raw: 72 67 Data Ascii: rg
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 69 6e 2d 6c 65 66 74 3a 39 35 2e 38 33 33 33 33 25 7d 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 32 34 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 30 25 7d 7d 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 6d 69 6e 2d 77 69 64 74 68 3a 30 7d 6c 65 67 65 6e 64 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 7d 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 Data Ascii: in-left:95.83333%}.col-xl-offset-24{margin-left:100%}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;border:0}label{display:inline-block;max-width:100%}input[type="search"]{-webkit-box-sizing:border-box;-moz-box
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 6f 77 2d 78 3a 61 75 74 6f 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 2e 30 31 25 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 35 33 39 70 78 29 7b 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 7b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 2d 6d 73 2d 6f 76 65 72 66 6c 6f 77 2d 73 74 79 6c 65 3a 2d 6d 73 2d 61 75 74 6f 68 69 64 69 6e 67 2d 73 63 72 6f 6c 6c 62 61 72 7d 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3e 2e 74 61 62 6c 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 2e 74 61 62 6c 65 2d 72 65 73 70 6f 6e 73 69 76 65 3e 2e 74 61 62 6c 65 3e 74 68 65 61 64 3e 74 72 3e 74 68 2c 2e 74 61 62 6c Data Ascii: ow-x:auto;min-height:.01%}@media screen and (max-width:539px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.tabl
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 22 2c 22 54 75 6e 67 61 22 2c 22 4c 61 6f 20 55 49 22 2c 22 52 61 61 76 69 22 2c 22 49 73 6b 6f 6f 6c 61 20 50 6f 74 61 22 2c 22 4c 61 74 68 61 22 2c 22 4c 65 65 6c 61 77 61 64 65 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 20 55 49 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 4a 68 65 6e 67 48 65 69 20 55 49 22 2c 22 4d 61 6c 67 75 6e 20 47 6f 74 68 69 63 22 2c 22 45 73 74 72 61 6e 67 65 6c 6f 20 45 64 65 73 73 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 48 69 6d 61 6c 61 79 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 4e 65 77 20 54 61 69 20 4c 75 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 50 68 61 67 73 50 61 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 54 61 69 20 4c 65 22 2c 22 4d 69 63 72 6f 73 6f 66 74 20 59 69 20 42 61 69 74 69 22 2c 22 4d 6f 6e 67 6f Data Ascii: ","Tunga","Lao UI","Raavi","Iskoola Pota","Latha","Leelawadee","Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Estrangelo Edessa","Microsoft Himalaya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti","Mongo
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 72 79 2d 61 63 74 69 76 65 2c 2e 62 74 6e 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 61 63 74 69 76 65 2c 62 75 74 74 6f 6e 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 61 63 74 69 76 65 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 5d 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 61 63 74 69 76 65 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 61 63 74 69 76 65 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 61 63 74 69 76 65 7b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 39 38 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d Data Ascii: ry-active,.btn.btn-primary:active,button.btn-primary:active,input[type="button"].btn-primary:active,input[type="submit"].btn-primary:active,input[type="reset"].btn-primary:active{outline:none;text-decoration:none;-ms-transform:scale(.98);-webkit-transform
2024-02-22 14:20:16 UTC	11818	IN	Data Raw: 74 7d 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 2e 6d 65 6d 62 65 72 6e 61 6d 65 50 72 65 66 69 6c 6c 53 65 6c 65 63 74 3a 68 6f 76 65 72 2c 2e 6f 70 65 6e 20 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 2e 6d 65 6d 62 65 72 6e 61 6d 65 50 72 65 66 69 6c 6c 53 65 6c 65 63 74 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 30 30 37 38 64 37 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 30 3b 62 6f 72 64 65 72 2d 6c 65 66 74 2d 77 69 64 74 68 3a 30 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 77 69 64 74 68 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 2e 6d 65 6d 62 65 72 6e 61 6d 65 50 72 65 66 69 6c 6c 53 65 6c 65 63 74 2e Data Ascii: t}.dropdown-toggle.membernamePrefillSelect:hover,.open .dropdown-toggle.membernamePrefillSelect{border:1px solid #0078d7;border-top-width:0;border-left-width:0;border-right-width:0;background-color:#eee !important}.dropdown-toggle.membernamePrefillSelect.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	56332	152.199.4.44	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:15 UTC	612	OUT	GET /shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" Origin: https://sso.college sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://sso.college/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:15 UTC	642	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 7878149 Cache-Control: public, max-age=31536000 Content-MD5: e+GEpArZIh9idGnWSOj0zg== Content-Type: application/x-javascript Date: Thu, 22 Feb 2024 14:20:15 GMT Etag: 0x8D99FD6608B3F3E Last-Modified: Thu, 04 Nov 2021 21:02:14 GMT Server: ECAcc (laa/7BC9) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 91a738f0-201e-00f1-44f3-1dd471000000 x-ms-version: 2009-09-19 Content-Length: 470200 Connection: close
2024-02-22 14:20:15 UTC	16383	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2024-02-22 14:20:15 UTC	1	IN	Data Raw: 75 Data Ascii: u
2024-02-22 14:20:15 UTC	16383	IN	Data Raw: 70 6c 69 63 61 74 65 52 65 71 75 65 73 74 22 2c 55 73 65 72 56 6f 69 63 65 41 75 74 68 46 61 69 6c 65 64 50 68 6f 6e 65 55 6e 72 65 61 63 68 61 62 6c 65 3a 22 55 73 65 72 56 6f 69 63 65 41 75 74 68 46 61 69 6c 65 64 50 68 6f 6e 65 55 6e 72 65 61 63 68 61 62 6c 65 22 2c 55 73 65 72 56 6f 69 63 65 41 75 74 68 46 61 69 6c 65 64 50 72 6f 76 69 64 65 72 43 6f 75 6c 64 6e 74 53 65 6e 64 43 61 6c 6c 3a 22 55 73 65 72 56 6f 69 63 65 41 75 74 68 46 61 69 6c 65 64 50 72 6f 76 69 64 65 72 43 6f 75 6c 64 6e 74 53 65 6e 64 43 61 6c 6c 22 2c 55 73 65 72 32 57 61 79 53 4d 53 41 75 74 68 46 61 69 6c 65 64 50 72 6f 76 69 64 65 72 43 6f 75 6c 64 6e 74 53 65 6e 64 53 4d 53 3a 22 55 73 65 72 32 57 61 79 53 4d 53 41 75 74 68 46 61 69 6c 65 64 50 72 6f 76 69 64 65 72 43 6f 75 Data Ascii: plicateRequest",UserVoiceAuthFailedPhoneUnreachable:"UserVoiceAuthFailedPhoneUnreachable",UserVoiceAuthFailedProviderCouldntSendCall:"UserVoiceAuthFailedProviderCouldntSendCall",User2WaySMSAuthFailedProviderCouldntSendSMS:"User2WaySMSAuthFailedProviderCou
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 76 61 72 20 74 3d 74 68 69 73 3b 74 2e 65 72 72 6f 72 54 65 78 74 3d 65 2c 74 2e 72 65 6d 65 64 69 61 74 69 6f 6e 54 65 78 74 3d 6e 2c 74 2e 74 6f 53 74 72 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 2e 65 72 72 6f 72 54 65 78 74 7d 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 29 7b 76 61 72 20 69 3d 74 28 32 29 3b 6e 2e 63 72 65 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 2c 74 3d 21 31 3b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 72 65 74 75 72 6e 20 74 3d 21 30 2c 61 2e 65 76 65 6e 74 41 72 67 73 28 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 29 2c 6e 7d 72 65 74 75 72 6e 20 61 2e 65 76 65 6e 74 41 72 67 73 3d 69 2e 6f 62 73 65 72 76 61 62 Data Ascii: var t=this;t.errorText=e,t.remediationText=n,t.toString=function(){return t.errorText}}},function(e,n,t){var i=t(2);n.create=function(e){var n,t=!1;function a(){return t=!0,a.eventArgs(Array.prototype.slice.call(arguments)),n}return a.eventArgs=i.observab
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 67 49 6e 70 75 74 54 79 70 65 53 75 70 70 6f 72 74 65 64 28 29 26 26 28 65 2e 74 79 70 65 3d 53 29 2c 65 7d 29 29 2c 6e 2e 6f 6e 50 72 69 6d 61 72 79 42 75 74 74 6f 6e 43 6c 69 63 6b 3d 6f 2e 63 72 65 61 74 65 28 29 2c 6e 2e 6f 6e 53 65 63 6f 6e 64 61 72 79 42 75 74 74 6f 6e 43 6c 69 63 6b 3d 6f 2e 63 72 65 61 74 65 28 29 2c 6e 2e 73 65 74 54 65 78 74 50 72 69 6d 61 72 79 42 75 74 74 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 2e 70 72 69 6d 61 72 79 42 75 74 74 6f 6e 54 65 78 74 28 65 29 7d 2c 6e 2e 73 65 74 54 65 78 74 53 65 63 6f 6e 64 61 72 79 42 75 74 74 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 2e 73 65 63 6f 6e 64 61 72 79 42 75 74 74 6f 6e 54 65 78 74 28 65 29 7d 2c 6e 2e 73 65 74 56 69 73 69 62 69 6c 69 74 79 50 72 69 6d 61 72 79 42 75 Data Ascii: gInputTypeSupported()&&(e.type=S),e})),n.onPrimaryButtonClick=o.create(),n.onSecondaryButtonClick=o.create(),n.setTextPrimaryButton=function(e){n.primaryButtonText(e)},n.setTextSecondaryButton=function(e){n.secondaryButtonText(e)},n.setVisibilityPrimaryBu
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 61 72 61 6d 73 3a 56 65 28 65 2e 46 6c 6f 77 54 6f 6b 65 6e 29 7d 3a 5b 5d 29 3b 69 66 28 76 65 5b 50 52 4f 4f 46 2e 54 79 70 65 2e 45 6d 61 69 6c 5d 26 26 76 65 5b 50 52 4f 4f 46 2e 54 79 70 65 2e 53 4d 53 5d 26 26 76 65 5b 50 52 4f 4f 46 2e 54 79 70 65 2e 56 6f 69 63 65 5d 29 7b 76 61 72 20 70 3d 45 65 28 65 2c 21 30 2c 6e 29 3b 70 2e 6c 65 6e 67 74 68 3e 30 26 26 28 63 2e 41 72 72 61 79 2e 66 6f 72 45 61 63 68 28 70 2c 41 65 29 2c 75 3d 75 2e 63 6f 6e 63 61 74 28 70 29 29 7d 72 65 74 75 72 6e 20 75 7d 66 75 6e 63 74 69 6f 6e 20 46 65 28 65 2c 6e 29 7b 76 61 72 20 74 3d 5b 5d 3b 69 66 28 76 65 5b 50 52 4f 4f 46 2e 54 79 70 65 2e 45 6d 61 69 6c 5d 26 26 76 65 5b 50 52 4f 4f 46 2e 54 79 70 65 2e 53 4d 53 5d 26 26 76 65 5b 50 52 4f 4f 46 2e 54 79 70 65 2e Data Ascii: arams:Ve(e.FlowToken)}:[]);if(ve[PROOF.Type.Email]&&ve[PROOF.Type.SMS]&&ve[PROOF.Type.Voice]){var p=Ee(e,!0,n);p.length>0&&(c.Array.forEach(p,Ae),u=u.concat(p))}return u}function Fe(e,n){var t=[];if(ve[PROOF.Type.Email]&&ve[PROOF.Type.SMS]&&ve[PROOF.Type.
2024-02-22 14:20:16 UTC	4	IN	Data Raw: 63 6f 75 6e Data Ascii: coun
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 74 56 69 73 69 62 6c 65 2c 6b 3d 5b 5d 2c 50 3d 6e 75 6c 6c 2c 44 3d 69 2e 6f 62 73 65 72 76 61 62 6c 65 28 29 3b 66 75 6e 63 74 69 6f 6e 20 45 28 65 29 7b 52 28 65 29 2c 6e 2e 6f 6e 53 65 74 50 65 6e 64 69 6e 67 52 65 71 75 65 73 74 28 21 31 29 2c 6e 2e 6f 6e 53 77 69 74 63 68 56 69 65 77 28 66 2e 4f 6e 65 54 69 6d 65 43 6f 64 65 2c 21 31 2c 50 29 7d 66 75 6e 63 74 69 6f 6e 20 41 28 65 29 7b 76 61 72 20 74 2c 69 3d 65 2e 67 65 74 4f 74 63 53 74 61 74 75 73 28 29 3b 73 77 69 74 63 68 28 52 28 65 29 2c 69 29 7b 63 61 73 65 20 6c 2e 53 74 61 74 75 73 2e 46 54 45 72 72 6f 72 3a 74 3d 53 2e 43 54 5f 4f 54 43 5f 53 54 52 5f 45 72 72 6f 72 5f 46 6c 6f 77 45 78 70 69 72 65 64 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 74 3d 50 2e 70 72 6f 6f 66 2e 73 74 72 2e Data Ascii: tVisible,k=[],P=null,D=i.observable();function E(e){R(e),n.onSetPendingRequest(!1),n.onSwitchView(f.OneTimeCode,!1,P)}function A(e){var t,i=e.getOtcStatus();switch(R(e),i){case l.Status.FTError:t=S.CT_OTC_STR_Error_FlowExpired;break;default:t=P.proof.str.
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 70 75 72 65 43 6f 6d 70 75 74 65 64 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 70 61 67 69 6e 61 74 69 6f 6e 43 6f 6e 74 72 6f 6c 4d 65 74 68 6f 64 73 28 29 26 26 61 2e 70 61 67 69 6e 61 74 69 6f 6e 43 6f 6e 74 72 6f 6c 4d 65 74 68 6f 64 73 28 29 2e 63 75 72 72 65 6e 74 56 69 65 77 48 61 73 4d 65 74 61 64 61 74 61 28 22 65 78 74 72 61 44 65 62 75 67 44 65 74 61 69 6c 73 22 29 7d 29 29 2c 61 2e 73 68 6f 77 46 6f 6f 74 65 72 43 6f 6e 74 72 6f 6c 3d 69 2e 70 75 72 65 43 6f 6d 70 75 74 65 64 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 72 26 26 61 2e 70 61 67 69 6e 61 74 69 6f 6e 43 6f 6e 74 72 6f 6c 4d 65 74 68 6f 64 73 28 29 26 26 61 2e 70 61 67 69 6e 61 74 69 6f 6e 43 6f 6e 74 72 6f 6c 4d 65 74 68 6f 64 73 28 29 2e 68 Data Ascii: pureComputed((function(){return a.paginationControlMethods()&&a.paginationControlMethods().currentViewHasMetadata("extraDebugDetails")})),a.showFooterControl=i.pureComputed((function(){return!r&&a.paginationControlMethods()&&a.paginationControlMethods().h
2024-02-22 14:20:16 UTC	16383	IN	Data Raw: 65 3d 69 2e 53 65 72 76 65 72 44 61 74 61 3b 69 66 28 65 2e 73 74 72 3d 63 2e 67 65 74 53 74 72 69 6e 67 73 28 22 73 74 72 22 2c 65 29 2c 65 2e 68 74 6d 6c 3d 63 2e 67 65 74 53 74 72 69 6e 67 73 28 22 68 74 6d 6c 22 2c 65 29 2c 65 2e 61 72 72 50 72 6f 6f 66 44 61 74 61 3d 63 2e 67 65 74 53 74 72 69 6e 67 73 28 22 70 72 6f 6f 66 44 61 74 61 22 29 2c 21 68 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 72 79 7b 69 66 28 74 6f 70 21 3d 3d 73 65 6c 66 26 26 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 73 65 6c 66 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 2c 32 3d 3d 3d 65 2e 69 46 65 64 53 74 61 74 65 26 26 65 2e 75 72 6c 46 65 64 29 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 2c 69 29 7b 76 61 72 20 61 3d 69 2e 73 46 Data Ascii: e=i.ServerData;if(e.str=c.getStrings("str",e),e.html=c.getStrings("html",e),e.arrProofData=c.getStrings("proofData"),!h&&!function(e){try{if(top!==self&&top.location.replace(self.location.href),2===e.iFedState&&e.urlFed)return function(e,n,t,i){var a=i.sF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	62082	152.199.4.44	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:15 UTC	611	OUT	GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://sso.college/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:15 UTC	642	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 20041259 Cache-Control: public, max-age=31536000 Content-MD5: +lZRrDLGp8Gp/hURw2aXyQ== Content-Type: application/x-javascript Date: Thu, 22 Feb 2024 14:20:15 GMT Etag: 0x8D99FD65BAB30A3 Last-Modified: Thu, 04 Nov 2021 21:02:05 GMT Server: ECAcc (laa/7BF3) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: c39ba69e-301e-0013-0f54-af92cd000000 x-ms-version: 2009-09-19 Content-Length: 15415 Connection: close
2024-02-22 14:20:15 UTC	15415	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	49826	152.199.4.44	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:15 UTC	634	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" Origin: https://sso.college sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://sso.college/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:15 UTC	641	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 9081849 Cache-Control: public, max-age=31536000 Content-MD5: GYbSFdLE8Xb9pCzSg7cJ6A== Content-Type: application/x-javascript Date: Thu, 22 Feb 2024 14:20:15 GMT Etag: 0x8D992B5E417004E Last-Modified: Tue, 19 Oct 2021 04:06:56 GMT Server: ECAcc (laa/7BB6) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: cc35d244-d01e-00b2-1c00-137a66000000 x-ms-version: 2009-09-19 Content-Length: 43235 Connection: close
2024-02-22 14:20:15 UTC	16383	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 69 29 7b 69 66 28 6e 5b 69 5d 29 72 65 74 75 72 6e 20 6e 5b 69 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 74 3d 6e 5b 69 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 2c 69 64 3a 69 2c 6c 6f 61 64 65 64 3a 21 31 7d 3b 72 65 74 75 72 6e 20 65 5b 69 5d 2e 63 61 6c 6c 28 74 2e 65 78 70 6f 72 74 73 2c 74 2c 74 2e 65 78 70 6f 72 74 73 2c 6f 29 2c 74 2e 6c 6f 61 64 65 64 3d 21 30 2c 74 2e 65 78 70 6f 72 74 73 7d 76 61 72 20 6e 3d 7b 7d 3b 72 65 74 75 72 6e 20 6f 2e 6d 3d 65 2c 6f 2e 63 3d 6e 2c 6f 2e 70 3d 22 22 2c 6f 28 30 29 7d 28 5b 66 75 6e 63 74 69 6f 6e 28 65 2c 6f 2c 6e 29 7b 6e 28 32 29 3b 76 61 72 20 69 3d 6e 28 31 29 2c 74 3d 6e 28 34 29 2c 72 3d 6e 28 35 29 2c 61 3d 72 2e 53 74 72 69 6e Data Ascii: !function(e){function o(i){if(n[i])return n[i].exports;var t=n[i]={exports:{},id:i,loaded:!1};return e[i].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var n={};return o.m=e,o.c=n,o.p="",o(0)}([function(e,o,n){n(2);var i=n(1),t=n(4),r=n(5),a=r.Strin
2024-02-22 14:20:15 UTC	1	IN	Data Raw: 63 Data Ascii: c
2024-02-22 14:20:15 UTC	16383	IN	Data Raw: 61 74 65 22 2c 65 2e 43 54 5f 53 54 52 5f 43 72 65 64 65 6e 74 69 61 6c 50 69 63 6b 65 72 5f 4f 70 74 69 6f 6e 5f 45 78 69 64 3d 22 53 69 67 6e 20 69 6e 20 74 6f 20 61 6e 20 6f 72 67 61 6e 69 73 61 74 69 6f 6e 22 2c 65 2e 43 54 5f 53 54 52 5f 43 72 65 64 65 6e 74 69 61 6c 50 69 63 6b 65 72 5f 48 65 6c 70 5f 44 65 73 63 5f 45 78 69 64 3d 22 53 65 61 72 63 68 20 66 6f 72 20 61 20 63 6f 6d 70 61 6e 79 20 6f 72 20 61 6e 20 6f 72 67 61 6e 69 73 61 74 69 6f 6e 20 74 68 61 74 20 79 6f 75 e2 80 99 72 65 20 77 6f 72 6b 69 6e 67 20 77 69 74 68 2e 22 2c 65 2e 43 54 5f 53 54 52 5f 46 69 64 6f 44 69 61 6c 6f 67 5f 44 65 73 63 3d 22 53 69 67 6e 20 69 6e 20 77 69 74 68 6f 75 74 20 61 20 75 73 65 72 6e 61 6d 65 20 6f 72 20 70 61 73 73 77 6f 72 64 20 62 79 20 75 73 69 6e Data Ascii: ate",e.CT_STR_CredentialPicker_Option_Exid="Sign in to an organisation",e.CT_STR_CredentialPicker_Help_Desc_Exid="Search for a company or an organisation that youre working with.",e.CT_STR_FidoDialog_Desc="Sign in without a username or password by usin
2024-02-22 14:20:16 UTC	10468	IN	Data Raw: 4b 6d 73 69 3a 32 38 7d 2c 6f 2e 55 73 65 72 50 72 6f 70 65 72 74 79 3d 7b 55 53 45 52 4e 41 4d 45 3a 22 6c 6f 67 69 6e 22 2c 45 52 52 4f 52 5f 43 4f 44 45 3a 22 48 52 22 2c 45 52 52 5f 4d 53 47 3a 22 45 72 72 6f 72 4d 65 73 73 61 67 65 22 2c 45 58 54 5f 45 52 52 4f 52 3a 22 45 78 74 45 72 72 22 2c 45 52 52 5f 55 52 4c 3a 22 45 72 72 55 72 6c 22 2c 44 41 54 4f 4b 45 4e 3a 22 44 41 54 6f 6b 65 6e 22 2c 44 41 5f 53 45 53 4b 45 59 3a 22 44 41 53 65 73 73 69 6f 6e 4b 65 79 22 2c 44 41 5f 53 54 41 52 54 3a 22 44 41 53 74 61 72 74 54 69 6d 65 22 2c 44 41 5f 45 58 50 49 52 45 3a 22 44 41 45 78 70 69 72 65 73 22 2c 53 54 53 5f 49 4c 46 54 3a 22 53 54 53 49 6e 6c 69 6e 65 46 6c 6f 77 54 6f 6b 65 6e 22 2c 53 49 47 4e 49 4e 4e 41 4d 45 3a 22 53 69 67 6e 69 6e 4e 61 Data Ascii: Kmsi:28},o.UserProperty={USERNAME:"login",ERROR_CODE:"HR",ERR_MSG:"ErrorMessage",EXT_ERROR:"ExtErr",ERR_URL:"ErrUrl",DATOKEN:"DAToken",DA_SESKEY:"DASessionKey",DA_START:"DAStartTime",DA_EXPIRE:"DAExpires",STS_ILFT:"STSInlineFlowToken",SIGNINNAME:"SigninNa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.20	63579	152.199.4.44	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:16 UTC	653	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://sso.college/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:17 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5317036 Cache-Control: public, max-age=31536000 Content-MD5: DhdidjYrlCeaRJJRG/y9mA== Content-Type: image/svg+xml Date: Thu, 22 Feb 2024 14:20:17 GMT Etag: 0x8D7B007297AE131 Last-Modified: Wed, 12 Feb 2020 22:01:50 GMT Server: ECAcc (laa/7ABD) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 302e0dac-d01e-004e-373e-352b2a000000 x-ms-version: 2009-09-19 Content-Length: 1864 Connection: close
2024-02-22 14:20:17 UTC	1864	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.11.20	62536	152.199.4.44	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:17 UTC	422	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:18 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5317037 Cache-Control: public, max-age=31536000 Content-MD5: DhdidjYrlCeaRJJRG/y9mA== Content-Type: image/svg+xml Date: Thu, 22 Feb 2024 14:20:18 GMT Etag: 0x8D7B007297AE131 Last-Modified: Wed, 12 Feb 2020 22:01:50 GMT Server: ECAcc (laa/7ABD) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 302e0dac-d01e-004e-373e-352b2a000000 x-ms-version: 2009-09-19 Content-Length: 1864 Connection: close
2024-02-22 14:20:18 UTC	1864	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.11.20	56813	34.117.33.233	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:17 UTC	830	OUT	GET /wp-xml.php?url=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork HTTP/1.1 Host: acrobatsign.replit.app Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://sso.college/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:18 UTC	624	IN	HTTP/1.1 302 Found Content-Length: 0 Content-Type: text/html; charset=UTF-8 Date: Thu, 22 Feb 2024 14:20:18 GMT Location: https://adobesign.acrobat.college/?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20=#/63?document=hytzrggjnjjqwut-63-&doc=97-48-hytzrggjnjjqwut Server: Google Frontend Strict-Transport-Security: max-age=63072000; includeSubDomains X-Cloud-Trace-Context: 7767f1972303f9d02ca108aef4139f74 X-Powered-By: PHP/8.2.0RC7 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.11.20	56344	109.61.95.11	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:19 UTC	822	OUT	GET /?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20= HTTP/1.1 Host: adobesign.acrobat.college Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://sso.college/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:20 UTC	181	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 22 Feb 2024 14:20:20 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding
2024-02-22 14:20:20 UTC	7100	IN	Data Raw: 31 62 62 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 3e 0a 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 2f 3e 0a 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 Data Ascii: 1bb4<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"/> <meta content="IE=Edge,chrome=1" http-equiv="X-UA-Compatible"> <meta content="noindex, nofollow" name="robots"/> <meta content="width=device-width, initial-scale=1, maximum-s
2024-02-22 14:20:20 UTC	16384	IN	Data Raw: 33 66 66 39 0d 0a 73 65 20 30 78 34 3a 72 65 74 75 72 6e 21 30 78 31 3b 63 61 73 65 20 30 78 37 3a 5f 30 78 32 36 35 61 35 30 28 5f 30 78 33 64 66 38 66 38 2c 5f 30 78 34 61 34 63 35 34 29 3b 7d 7d 7d 72 65 74 75 72 6e 20 5f 30 78 32 33 30 33 66 63 3f 2d 30 78 31 3a 5f 30 78 33 31 61 66 38 38 7c 7c 5f 30 78 33 33 31 65 32 30 3f 5f 30 78 33 33 31 65 32 30 3a 5f 30 78 33 64 66 38 66 38 3b 7d 3b 7d 3b 5f 30 78 32 62 31 32 62 38 5b 27 65 78 70 6f 72 74 73 27 5d 3d 7b 27 66 6f 72 45 61 63 68 27 3a 5f 30 78 35 63 65 65 35 31 28 30 78 30 29 2c 27 6d 61 70 27 3a 5f 30 78 35 63 65 65 35 31 28 30 78 31 29 2c 27 66 69 6c 74 65 72 27 3a 5f 30 78 35 63 65 65 35 31 28 30 78 32 29 2c 27 73 6f 6d 65 27 3a 5f 30 78 35 63 65 65 35 31 28 30 78 33 29 2c 27 65 76 65 72 79 27 Data Ascii: 3ff9se 0x4:return!0x1;case 0x7:_0x265a50(_0x3df8f8,_0x4a4c54);}}}return _0x2303fc?-0x1:_0x31af88\|\|_0x331e20?_0x331e20:_0x3df8f8;};};_0x2b12b8['exports']={'forEach':_0x5cee51(0x0),'map':_0x5cee51(0x1),'filter':_0x5cee51(0x2),'some':_0x5cee51(0x3),'every'
2024-02-22 14:20:20 UTC	16384	IN	Data Raw: 0a 34 30 30 30 0d 0a 63 39 5b 5f 30 78 63 32 39 62 39 62 5d 2c 5f 30 78 33 36 66 66 39 38 3d 5f 30 78 32 39 61 61 31 33 5b 5f 30 78 35 62 31 35 37 33 28 30 78 35 30 65 29 5d 3f 28 5f 30 78 33 35 61 65 66 65 3d 5f 30 78 33 30 39 31 31 62 28 5f 30 78 35 61 36 63 39 35 2c 5f 30 78 63 32 39 62 39 62 29 29 26 26 5f 30 78 33 35 61 65 66 65 5b 5f 30 78 35 62 31 35 37 33 28 30 78 33 38 65 29 5d 3a 5f 30 78 35 61 36 63 39 35 5b 5f 30 78 63 32 39 62 39 62 5d 2c 21 5f 30 78 33 61 31 63 33 36 28 5f 30 78 35 36 64 36 38 30 3f 5f 30 78 63 32 39 62 39 62 3a 5f 30 78 33 30 39 37 64 61 2b 28 5f 30 78 32 32 66 32 39 33 3f 27 2e 27 3a 27 23 27 29 2b 5f 30 78 63 32 39 62 39 62 2c 5f 30 78 32 39 61 61 31 33 5b 5f 30 78 35 62 31 35 37 33 28 30 78 33 65 34 29 5d 29 26 26 76 6f Data Ascii: 4000c9[_0xc29b9b],_0x36ff98=_0x29aa13[_0x5b1573(0x50e)]?(_0x35aefe=_0x30911b(_0x5a6c95,_0xc29b9b))&&_0x35aefe[_0x5b1573(0x38e)]:_0x5a6c95[_0xc29b9b],!_0x3a1c36(_0x56d680?_0xc29b9b:_0x3097da+(_0x22f293?'.':'#')+_0xc29b9b,_0x29aa13[_0x5b1573(0x3e4)])&&vo
2024-02-22 14:20:20 UTC	9	IN	Data Raw: 36 65 39 5b 5f 30 78 0d 0a Data Ascii: 6e9[_0x
2024-02-22 14:20:20 UTC	16384	IN	Data Raw: 34 30 30 30 0d 0a 32 32 30 61 35 31 28 30 78 33 33 64 29 5d 7c 7c 28 5f 30 78 34 65 62 36 65 39 5b 5f 30 78 32 32 30 61 35 31 28 30 78 33 33 64 29 5d 3d 6e 65 77 20 5f 30 78 31 32 33 64 66 33 28 29 29 3b 5f 30 78 34 64 38 62 32 64 5b 5f 30 78 32 32 30 61 35 31 28 30 78 31 35 62 29 5d 3d 5f 30 78 34 64 38 62 32 64 5b 5f 30 78 32 32 30 61 35 31 28 30 78 31 35 62 29 5d 2c 5f 30 78 34 64 38 62 32 64 5b 5f 30 78 32 32 30 61 35 31 28 30 78 34 65 33 29 5d 3d 5f 30 78 34 64 38 62 32 64 5b 5f 30 78 32 32 30 61 35 31 28 30 78 34 65 33 29 5d 2c 5f 30 78 34 64 38 62 32 64 5b 5f 30 78 32 32 30 61 35 31 28 30 78 34 62 30 29 5d 3d 5f 30 78 34 64 38 62 32 64 5b 5f 30 78 32 32 30 61 35 31 28 30 78 34 62 30 29 5d 2c 5f 30 78 32 36 37 31 61 33 3d 66 75 6e 63 74 69 6f 6e 28 Data Ascii: 4000220a51(0x33d)]\|\|(_0x4eb6e9[_0x220a51(0x33d)]=new _0x123df3());_0x4d8b2d[_0x220a51(0x15b)]=_0x4d8b2d[_0x220a51(0x15b)],_0x4d8b2d[_0x220a51(0x4e3)]=_0x4d8b2d[_0x220a51(0x4e3)],_0x4d8b2d[_0x220a51(0x4b0)]=_0x4d8b2d[_0x220a51(0x4b0)],_0x2671a3=function(
2024-02-22 14:20:21 UTC	16384	IN	Data Raw: 5b 5f 30 78 33 35 0d 0a 34 30 30 30 0d 0a 66 36 66 61 5d 29 7c 7c 5f 30 78 33 38 31 62 61 32 28 5f 30 78 33 31 39 33 35 31 2c 5f 30 78 33 35 66 36 66 61 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 3b 7d 29 2c 5f 30 78 33 65 33 32 30 65 5b 5f 30 78 33 36 35 38 37 31 28 30 78 32 66 35 29 5d 3d 7b 27 49 74 65 72 61 74 6f 72 50 72 6f 74 6f 74 79 70 65 27 3a 5f 30 78 33 31 39 33 35 31 2c 27 42 55 47 47 59 5f 53 41 46 41 52 49 5f 49 54 45 52 41 54 4f 52 53 27 3a 5f 30 78 35 32 37 63 30 37 7d 3b 7d 2c 30 78 32 36 63 31 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 62 64 37 66 31 61 29 7b 76 61 72 20 5f 30 78 34 62 34 36 38 31 3d 61 30 5f 30 78 35 36 35 34 3b 69 66 28 5f 30 78 34 62 34 36 38 31 28 30 78 34 61 64 29 21 3d 3d 5f 30 78 34 62 34 36 Data Ascii: [_0x354000f6fa])\|\|_0x381ba2(_0x319351,_0x35f6fa,function(){return this;}),_0x3e320e[_0x365871(0x2f5)]={'IteratorPrototype':_0x319351,'BUGGY_SAFARI_ITERATORS':_0x527c07};},0x26c1:function(_0xbd7f1a){var _0x4b4681=a0_0x5654;if(_0x4b4681(0x4ad)!==_0x4b46
2024-02-22 14:20:21 UTC	16384	IN	Data Raw: 5f 30 78 32 36 33 31 30 34 2c 5f 30 78 34 0d 0a 34 30 30 30 0d 0a 33 31 37 32 63 29 3b 66 6f 72 28 3b 5f 30 78 31 64 62 34 37 37 5b 5f 30 78 34 36 30 32 65 64 28 30 78 32 66 37 29 5d 3e 5f 30 78 32 32 64 64 32 65 3b 29 5f 30 78 34 36 61 37 39 32 28 5f 30 78 32 35 64 65 35 30 2c 5f 30 78 34 33 31 37 32 63 3d 5f 30 78 31 64 62 34 37 37 5b 5f 30 78 32 32 64 64 32 65 2b 2b 5d 29 26 26 28 7e 5f 30 78 31 36 34 39 62 33 28 5f 30 78 32 36 33 31 30 34 2c 5f 30 78 34 33 31 37 32 63 29 7c 7c 5f 30 78 31 38 62 61 36 39 28 5f 30 78 32 36 33 31 30 34 2c 5f 30 78 34 33 31 37 32 63 29 29 3b 72 65 74 75 72 6e 20 5f 30 78 32 36 33 31 30 34 3b 7d 3b 7d 65 6c 73 65 7b 76 61 72 20 5f 30 78 63 61 63 61 63 32 3d 5f 30 78 32 30 30 64 64 65 28 30 78 31 39 30 36 29 2c 5f 30 78 35 Data Ascii: _0x263104,_0x440003172c);for(;_0x1db477[_0x4602ed(0x2f7)]>_0x22dd2e;)_0x46a792(_0x25de50,_0x43172c=_0x1db477[_0x22dd2e++])&&(~_0x1649b3(_0x263104,_0x43172c)\|\|_0x18ba69(_0x263104,_0x43172c));return _0x263104;};}else{var _0xcacac2=_0x200dde(0x1906),_0x5
2024-02-22 14:20:21 UTC	5516	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 5f 30 78 34 33 34 66 39 37 29 7b 76 61 0d 0a 31 35 36 63 0d 0a 72 20 5f 30 78 32 61 62 64 62 65 3d 5f 30 78 33 32 38 32 30 62 3b 69 66 28 5f 30 78 32 61 62 64 62 65 28 30 78 32 36 30 29 3d 3d 3d 5f 30 78 32 61 62 64 62 65 28 30 78 32 36 30 29 29 7b 76 61 72 20 5f 30 78 32 62 32 63 37 37 3d 5f 30 78 66 62 65 65 65 30 28 5f 30 78 34 33 34 66 39 37 29 3b 5f 30 78 32 33 62 66 34 34 26 26 5f 30 78 32 62 32 63 37 37 26 26 21 5f 30 78 32 62 32 63 37 37 5b 5f 30 78 32 65 35 66 64 62 5d 26 26 5f 30 78 32 63 36 64 39 66 28 5f 30 78 32 62 32 63 37 37 2c 5f 30 78 32 65 35 66 64 62 2c 7b 27 63 6f 6e 66 69 67 75 72 61 62 6c 65 27 3a 21 30 78 30 2c 27 67 65 74 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 3b 7d 7d 29 Data Ascii: function(_0x434f97){va156cr _0x2abdbe=_0x32820b;if(_0x2abdbe(0x260)===_0x2abdbe(0x260)){var _0x2b2c77=_0xfbeee0(_0x434f97);_0x23bf44&&_0x2b2c77&&!_0x2b2c77[_0x2e5fdb]&&_0x2c6d9f(_0x2b2c77,_0x2e5fdb,{'configurable':!0x0,'get':function(){return this;}})
2024-02-22 14:20:21 UTC	10868	IN	Data Raw: 33 66 66 39 0d 0a 33 32 66 64 38 37 2c 5f 30 78 35 32 34 34 30 33 2c 5f 30 78 35 34 64 34 62 33 29 7b 76 61 72 20 5f 30 78 31 39 31 66 37 30 3d 61 30 5f 30 78 35 36 35 34 3b 69 66 28 5f 30 78 31 39 31 66 37 30 28 30 78 34 38 65 29 3d 3d 3d 5f 30 78 31 39 31 66 37 30 28 30 78 33 63 36 29 29 7b 76 61 72 20 5f 30 78 33 35 30 32 63 39 3d 5f 30 78 32 34 66 63 33 37 28 30 78 61 34 32 29 3b 5f 30 78 31 64 34 62 37 30 5b 5f 30 78 31 39 31 66 37 30 28 30 78 32 66 35 29 5d 3d 2f 77 65 62 30 73 28 3f 21 2e 2a 63 68 72 6f 6d 65 29 2f 69 5b 5f 30 78 31 39 31 66 37 30 28 30 78 34 65 66 29 5d 28 5f 30 78 33 35 30 32 63 39 29 3b 7d 65 6c 73 65 7b 76 61 72 20 5f 30 78 31 66 31 35 36 62 3d 5f 30 78 35 34 64 34 62 33 28 30 78 36 30 65 29 2c 5f 30 78 34 61 30 66 65 31 3d 5f Data Ascii: 3ff932fd87,_0x524403,_0x54d4b3){var _0x191f70=a0_0x5654;if(_0x191f70(0x48e)===_0x191f70(0x3c6)){var _0x3502c9=_0x24fc37(0xa42);_0x1d4b70[_0x191f70(0x2f5)]=/web0s(?!.*chrome)/i[_0x191f70(0x4ef)](_0x3502c9);}else{var _0x1f156b=_0x54d4b3(0x60e),_0x4a0fe1=_
2024-02-22 14:20:21 UTC	16384	IN	Data Raw: 61 30 5f 30 78 35 36 35 34 3b 69 66 28 5f 30 78 32 63 30 66 61 38 28 30 78 34 37 31 29 21 3d 3d 5f 30 78 32 63 30 66 61 38 28 30 78 34 37 31 29 29 72 65 74 75 72 6e 27 3c 27 2b 5f 30 78 66 35 34 32 64 36 2b 27 3e 27 2b 5f 30 78 34 37 35 30 64 62 2b 27 3c 2f 27 2b 5f 30 78 33 37 32 33 37 61 2b 27 3e 27 3b 65 6c 73 65 7b 76 61 72 20 5f 30 78 34 32 33 63 31 36 3d 5f 30 78 33 63 66 65 37 63 28 30 78 66 32 35 29 2c 5f 30 78 34 30 37 31 64 3d 5f 30 78 33 63 66 65 37 63 28 30 78 31 34 62 61 29 3b 5f 30 78 34 39 65 35 65 61 5b 5f 30 78 32 63 30 66 61 38 28 30 78 32 66 35 29 5d 3d 5f 30 78 34 32 33 63 31 36 26 26 5f 30 78 34 30 37 31 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 35 37 36 39 64 64 3d 5f 30 78 32 63 30 66 61 38 3b 72 65 74 75 72 6e 20 Data Ascii: a0_0x5654;if(_0x2c0fa8(0x471)!==_0x2c0fa8(0x471))return'<'+_0xf542d6+'>'+_0x4750db+'</'+_0x37237a+'>';else{var _0x423c16=_0x3cfe7c(0xf25),_0x4071d=_0x3cfe7c(0x14ba);_0x49e5ea[_0x2c0fa8(0x2f5)]=_0x423c16&&_0x4071d(function(){var _0x5769dd=_0x2c0fa8;return

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.11.20	50253	109.61.95.11	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:22 UTC	1112	OUT	POST /?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20= HTTP/1.1 Host: adobesign.acrobat.college Connection: keep-alive Content-Length: 1277 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://adobesign.acrobat.college Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://adobesign.acrobat.college/?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:22 UTC	1277	OUT	Data Raw: 69 76 35 71 64 70 62 74 73 3d 64 74 71 37 39 63 65 6f 39 34 37 75 6c 37 75 77 32 26 7a 72 79 35 67 74 38 39 71 3d 68 70 32 30 65 61 38 69 66 66 65 32 78 78 69 72 6b 6e 78 64 38 6d 38 38 31 6f 72 62 61 62 6f 74 34 67 6d 61 71 37 6f 68 75 63 74 61 72 35 7a 63 73 26 4b 76 45 39 76 57 3d 57 79 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 46 6b 62 32 4a 6c 63 32 6c 6e 62 69 35 68 59 33 4a 76 59 6d 46 30 4c 6d 4e 76 62 47 78 6c 5a 32 55 76 50 32 39 79 5a 32 46 75 61 58 4e 68 64 47 6c 76 62 6a 31 68 64 57 4a 31 63 6d 35 69 59 57 35 72 4c 6d 4e 76 62 54 39 31 64 47 31 66 59 32 46 74 63 47 46 70 5a 32 34 39 63 32 68 68 63 6d 56 68 61 47 39 73 61 57 4d 6d 64 58 52 74 58 32 31 6c 5a 47 6c 31 62 54 31 30 64 32 6c 30 64 47 56 79 4a 6e 56 30 62 56 39 7a 62 33 56 79 59 32 55 39 Data Ascii: iv5qdpbts=dtq79ceo947ul7uw2&zry5gt89q=hp20ea8iffe2xxirknxd8m881orbabot4gmaq7ohuctar5zcs&KvE9vW=WyJodHRwczovL2Fkb2Jlc2lnbi5hY3JvYmF0LmNvbGxlZ2UvP29yZ2FuaXNhdGlvbj1hdWJ1cm5iYW5rLmNvbT91dG1fY2FtcGFpZ249c2hhcmVhaG9saWMmdXRtX21lZGl1bT10d2l0dGVyJnV0bV9zb3VyY2U9
2024-02-22 14:20:23 UTC	529	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 22 Feb 2024 14:20:23 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close location: https://adobesign.acrobat.college/?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20= set-cookie: KvE9vW="ZWI2YTdkODYtYjRiMS00NWMxLTlkMTAtMGVlNzhiODczMjNmOmM5ZTQ0Yjc3LTE2MjgtNDU4My05ZTU4LTRiMmJmODFlMGE5ZA=="; Domain=acrobat.college; HttpOnly; Path=/; SameSite=None; Secure
2024-02-22 14:20:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.11.20	59640	109.61.95.11	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:23 UTC	1116	OUT	GET /?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20= HTTP/1.1 Host: adobesign.acrobat.college Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://adobesign.acrobat.college/?organisation=auburnbank.com?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork&amp=dHNleW1vdXJAYXVidXJuYmFuay5jb20= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: KvE9vW="ZWI2YTdkODYtYjRiMS00NWMxLTlkMTAtMGVlNzhiODczMjNmOmM5ZTQ0Yjc3LTE2MjgtNDU4My05ZTU4LTRiMmJmODFlMGE5ZA=="
2024-02-22 14:20:24 UTC	247	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 22 Feb 2024 14:20:24 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close referrer-policy: no-referrer location: https://login.microsoftonline.com/jsdisabled
2024-02-22 14:20:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.11.20	58622	13.107.246.69	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:25 UTC	661	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" Origin: https://login.microsoftonline.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:26 UTC	781	IN	HTTP/1.1 200 OK Date: Thu, 22 Feb 2024 14:20:26 GMT Content-Type: text/css Content-Length: 20314 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 27 Dec 2023 18:18:12 GMT ETag: 0x8DC07082FBB8D2B x-ms-request-id: d88a2bfa-701e-0079-8013-60648d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240222T142026Z-ed5g83uy313nvb9dnuw80q1u4s000000090000000000612a x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-02-22 14:20:26 UTC	15603	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 6b 73 e3 36 b2 e8 f7 f9 15 5c a7 52 3b ce 4a 8c 48 3d 2d 57 52 3b 99 cc 26 3e 67 5e 35 33 d9 47 a5 52 5b b4 44 59 3c 43 89 ba 24 65 8f 57 47 ff fd e2 8d 06 d0 20 29 8f b3 d9 7b 2b 27 67 13 0b dd 6c 00 dd 8d 06 1a e8 06 be fe ea 0f c1 f3 62 77 5f 66 37 eb 3a 78 fa fc 3c 78 95 2d ca a2 2a 56 35 29 2f 77 45 99 d4 59 b1 0d 83 67 79 1e 30 a4 2a 28 d3 2a 2d 6f d3 65 18 7c f5 f5 d7 5f fd e1 49 bf fb ff 05 ef 3f 3c 7b f7 21 78 f3 97 e0 c3 8f 57 ef be 0f de 92 5f ff 08 5e bf f9 70 f5 fc 45 d0 99 ca 93 27 1f d6 59 15 ac b2 3c 0d c8 7f af 93 2a 5d 06 c5 36 28 ca 20 db 2e 44 ab d3 2a d8 90 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 f4 21 cf aa 9a 7c 74 9d e6 c5 5d f0 94 90 2b 97 c1 db a4 ac ef 83 ab b7 e7 61 f0 81 e0 16 Data Ascii: }ks6\R;JH=-WR;&>g^53GR[DY<C$eWG ){+'glbw_f7:x<x-V5)/wEYgy0(-oe\|_I?<{!xW_^pE'Y<]6( .D*Y:ve?!\|t]+a
2024-02-22 14:20:26 UTC	4711	IN	Data Raw: e7 bc b1 e2 92 61 7d df b0 68 ac ab 2c aa b1 88 da cb c6 22 89 f4 a2 b1 42 53 1e da 58 e7 55 1e b5 fb a5 96 31 c6 85 9c 5c 95 58 0f 77 34 04 a7 bc ef e9 bc 62 55 e4 cb 9d 46 11 60 f2 34 8a 20 ba 0a e1 1d 2d b3 ba 41 d4 6a 33 50 25 58 6c a8 15 02 68 eb 56 83 ba b5 a0 21 5d f4 aa e1 60 30 5e 26 13 b7 4f 5a e3 0c 32 50 fb 10 40 6b 9f fc 5a d9 82 86 f5 c9 a7 ad bc 4f 0f 53 c6 3e 8f 75 ef 81 fb bb e5 60 13 bf d0 d1 86 c0 d4 70 43 60 72 bc 81 ca 0c ee 7b ca cd 06 61 90 56 01 34 34 b4 0d 0f 13 81 b8 e1 dc 70 52 d0 d3 64 f3 b6 df 8a 2c 1c d2 a7 e1 c5 ec 1c b9 2b 18 00 b1 42 22 26 de 7d 9d 59 8d 1f 8e 83 89 00 6e 65 8f 64 aa a2 fc c3 d8 65 70 5f b6 f7 9c 65 7e ea 83 9d 2c f7 31 10 e4 08 df ce 47 c4 df 33 f4 3c 40 c9 2e 2b 17 af 8a ce 37 c9 36 db ed 73 c6 5e f7 a6 Data Ascii: a}h,"BSXU1\Xw4bUF`4 -Aj3P%XlhV!]`0^&OZ2P@kZOS>u`pC`r{aV44pRd,+B"&}Ynedep_e~,1G3<@.+76s^

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.11.20	49733	13.107.246.69	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:25 UTC	666	OUT	GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:26 UTC	761	IN	HTTP/1.1 200 OK Date: Thu, 22 Feb 2024 14:20:26 GMT Content-Type: image/png Content-Length: 1057 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F48FD7E08 x-ms-request-id: 3aaa418e-801e-007e-6a84-64b583000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240222T142026Z-znypz829a13wh9vr792b1k0he8000000090g000000002y8b x-fd-int-roxy-purgeid: 4554691 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-02-22 14:20:26 UTC	1057	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6c 00 00 00 18 08 06 00 00 00 1f d5 18 1a 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 03 d3 49 44 41 54 68 de ed 58 4d 4e db 50 10 fe 5c b1 45 f1 0d 92 f6 02 b8 27 20 2c da 2d e9 ba 8b 24 27 c0 48 b3 8f d9 8f 14 73 02 8c d4 ae 31 db 76 51 e7 06 c9 01 aa 9a 13 34 e9 05 d2 cd 0c 1a 06 1b 0c 2d c2 91 3c 92 17 ef f9 fd cc 7b df fc 7c f3 82 3f a3 77 5b 34 94 fd ab 9f 41 f2 3d 68 3c 3e f9 b0 0d d0 c9 7f 95 37 dd 15 74 80 75 f2 82 b2 d7 5d 41 7b 84 88 26 00 06 d2 2c 98 b9 68 05 60 44 34 00 30 31 5d 95 ca d5 1c 04 cc 9c 48 7f 26 fd c9 43 f3 77 00 a8 10 40 01 e0 c0 fd 2a da e2 61 03 00 33 d3 be 03 48 c5 61 52 00 3d cb 67 88 28 02 30 d6 36 80 e1 0e 3b 57 6c c0 da 00 58 02 58 cb f9 47 Data Ascii: PNGIHDRlpHYs~IDAThXMNP\E' ,-$'Hs1vQ4-<{\|?w[4A=h<>7tu]A{&,h`D401]H&Cw@*a3HaR=g(06;WlXXG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.11.20	64422	13.107.246.69	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:26 UTC	421	OUT	GET /shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.png HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:26 UTC	761	IN	HTTP/1.1 200 OK Date: Thu, 22 Feb 2024 14:20:26 GMT Content-Type: image/png Content-Length: 1057 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Wed, 24 May 2023 10:11:48 GMT ETag: 0x8DB5C3F48FD7E08 x-ms-request-id: 3aaa418e-801e-007e-6a84-64b583000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240222T142026Z-zwc4zhfxxd1ytdudenku06e84800000006b000000000brv3 x-fd-int-roxy-purgeid: 4554691 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-02-22 14:20:26 UTC	1057	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6c 00 00 00 18 08 06 00 00 00 1f d5 18 1a 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 03 d3 49 44 41 54 68 de ed 58 4d 4e db 50 10 fe 5c b1 45 f1 0d 92 f6 02 b8 27 20 2c da 2d e9 ba 8b 24 27 c0 48 b3 8f d9 8f 14 73 02 8c d4 ae 31 db 76 51 e7 06 c9 01 aa 9a 13 34 e9 05 d2 cd 0c 1a 06 1b 0c 2d c2 91 3c 92 17 ef f9 fd cc 7b df fc 7c f3 82 3f a3 77 5b 34 94 fd ab 9f 41 f2 3d 68 3c 3e f9 b0 0d d0 c9 7f 95 37 dd 15 74 80 75 f2 82 b2 d7 5d 41 7b 84 88 26 00 06 d2 2c 98 b9 68 05 60 44 34 00 30 31 5d 95 ca d5 1c 04 cc 9c 48 7f 26 fd c9 43 f3 77 00 a8 10 40 01 e0 c0 fd 2a da e2 61 03 00 33 d3 be 03 48 c5 61 52 00 3d cb 67 88 28 02 30 d6 36 80 e1 0e 3b 57 6c c0 da 00 58 02 58 cb f9 47 Data Ascii: PNGIHDRlpHYs~IDAThXMNP\E' ,-$'Hs1vQ4-<{\|?w[4A=h<>7tu]A{&,h`D401]H&Cw@*a3HaR=g(06;WlXXG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.11.20	63807	13.107.246.69	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:26 UTC	652	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.microsoftonline.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:27 UTC	744	IN	HTTP/1.1 200 OK Date: Thu, 22 Feb 2024 14:20:26 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT ETag: 0x8D8731230C851A6 x-ms-request-id: c7c49d3c-801e-0006-0dcc-611f92000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240222T142026Z-7s7fumzdkx4bbf33zd6htfbers00000006m0000000002trt x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-02-22 14:20:27 UTC	15640	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-02-22 14:20:27 UTC	1534	IN	Data Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.11.20	57796	13.107.246.69	443	3360	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-22 14:20:27 UTC	407	OUT	GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-22 14:20:28 UTC	744	IN	HTTP/1.1 200 OK Date: Thu, 22 Feb 2024 14:20:27 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT ETag: 0x8D8731230C851A6 x-ms-request-id: b37cfbaa-b01e-0021-62c6-625faf000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240222T142027Z-er8txukdn53nmfqtnrm0kcphp400000008y0000000007stq x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-02-22 14:20:28 UTC	15640	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-02-22 14:20:28 UTC	1534	IN	Data Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Behavior

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2544, Parent PID: 4016

General

Target ID:	0
Start time:	15:20:08
Start date:	22/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff786460000
File size:	2'509'656 bytes
MD5 hash:	464953824E644F10FFDC9E093FD18F94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3360, Parent PID: 2544

General

Target ID:	5
Start time:	15:20:08
Start date:	22/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1656,4161156890332825623,16311060440526564371,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 /prefetch:8
Imagebase:	0x7ff786460000
File size:	2'509'656 bytes
MD5 hash:	464953824E644F10FFDC9E093FD18F94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8064, Parent PID: 4016

General

Target ID:	8
Start time:	15:20:11
Start date:	22/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ir.shareaholic.com/e?a=1&u=https://sso.college/m3TsQ3Ey-y5ourl-Qau-4Gurn-4Gank-d58Kvo-y5%3Futm_campaign%3Dshareaholic%26utm_medium%3Dtwitter%26utm_source%3Dsocialnetwork&r=1
Imagebase:	0x7ff786460000
File size:	2'509'656 bytes
MD5 hash:	464953824E644F10FFDC9E093FD18F94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly