Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim

Overview

General Information

Sample URL:	https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim
Analysis ID:	1418450
Infos:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Found HTTP page in a blob

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Submit button contains javascript call

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 4132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2128,i,4475635242253092868,16860567519649660981,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim

Avira URL Cloud: detection malicious, Label: phishing

Multi AV Scanner detection for submitted file

Source: https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim

Virustotal: Detection: 17%

Phishing

Phishing site detected (based on favicon image match)

Source: https://myqcloud.com	Matcher: Template: microsoft matched with high similarity
Source: blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Found HTTP page in a blob

Source: blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470

DOM page: Blob-based

Phishing site detected (based on image similarity)

Source: blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470

Matcher: Template: microsoft matched

Source: https://account.live.com/ResetPassword.aspx	HTTP Parser: Number of links: 0
Source: https://signup.live.com/?lic=1	HTTP Parser: Number of links: 0

Source: blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470

HTTP Parser: Base64 decoded: https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

Source: blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://signup.live.com/?lic=1	HTTP Parser: Title: Create account does not match URL

Source: https://signup.live.com/?lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/?lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/?lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();

Source: blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470

HTTP Parser: <input type="password" .../> found

Source: https://www.bing.com/ck/a?!&&p=2514c319cfd09310JmltdHM9MTY4NTMxODQwMCZpZ3VpZD0wODM2NWU4Mi1hMmQ4LTY1YzEtMGMyNC00Y2RiYTNiYjY0NjUmaW5zaWQ9NTE5NQ&ptn=3&hsh=3&fclid=08365e82-a2d8-65c1-0c24-4cdba3bb6465&psq=https%3a%2f%2faccount.live.com%2fResetPassword.aspx&u=a1aHR0cHM6Ly9hY2NvdW50LmxpdmUuY29tL1Jlc2V0UGFzc3dvcmQuYXNweA&ntb=1	HTTP Parser: No favicon
Source: https://www.bing.com/ck/a?!&&p=1ca7097290a0fed1JmltdHM9MTY4NTMxODQwMCZpZ3VpZD0wODM2NWU4Mi1hMmQ4LTY1YzEtMGMyNC00Y2RiYTNiYjY0NjUmaW5zaWQ9NTE4NA&ptn=3&hsh=3&fclid=08365e82-a2d8-65c1-0c24-4cdba3bb6465&psq=https%3a%2f%2fsignup.live.com%2f&u=a1aHR0cHM6Ly9zaWdudXAubGl2ZS5jb20v&ntb=1	HTTP Parser: No favicon

Source: blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/ResetPassword.aspx	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/ResetPassword.aspx	HTTP Parser: No <meta name="author".. found
Source: https://account.live.com/ResetPassword.aspx	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/?lic=1	HTTP Parser: No <meta name="author".. found

Source: blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/ResetPassword.aspx	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/ResetPassword.aspx	HTTP Parser: No <meta name="copyright".. found
Source: https://account.live.com/ResetPassword.aspx	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/?lic=1	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49720 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /cummon/update-agreements/claim HTTP/1.1Host: appservies02342-1321331581.cos.ap-beijing.myqcloud.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://appservies02342-1321331581.cos.ap-beijing.myqcloud.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/reset-password-signinname_en_8qvvLKBP0Aes1nPeyZ0lbw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_c53074e74ebeb8e140d6_en.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://account.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://account.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lightweightsignuppackage_I2u0h5_OVsvo48cPwiR07Q2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: appservies02342-1321331581.cos.ap-beijing.myqcloud.com

Source: chromecache_73.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_73.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_115.2.dr	String found in binary or memory: https://account.live.com/ResetPassword.aspx
Source: chromecache_74.2.dr	String found in binary or memory: https://signup.live.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49720 version: TLS 1.2

Source: classification engine

Classification label: mal84.phis.win@22/85@22/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2128,i,4475635242253092868,16860567519649660981,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2128,i,4475635242253092868,16860567519649660981,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim	100%	Avira URL Cloud	phishing
https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim	17%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
sni1gl.wpc.alphacdn.net	0%	Virustotal		Browse
cs1227.wpc.alphacdn.net	0%	Virustotal		Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse
acctcdn.msftauth.net	1%	Virustotal		Browse
cs1100.wpc.omegacdn.net	0%	Virustotal		Browse
logincdn.msftauth.net	0%	Virustotal		Browse
part-0012.t-0009.t-msedge.net	0%	Virustotal		Browse
aadcdn.msftauth.net	0%	Virustotal		Browse
bg.microsoft.map.fastly.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	0%	Avira URL Cloud	safe
blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	0%	Virustotal		Browse
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	0%	Virustotal		Browse
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	Virustotal		Browse
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	0%	Virustotal		Browse
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg	0%	Virustotal		Browse
https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg	0%	Virustotal		Browse
https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg	0%	Virustotal		Browse
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg	0%	Virustotal		Browse
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	0%, Virustotal, Browse	unknown
code.jquery.com	151.101.66.137	true	false		high
cdnjs.cloudflare.com	104.17.24.14	true	false		high
sni1gl.wpc.alphacdn.net	152.195.19.97	true	false	0%, Virustotal, Browse	unknown
www.google.com	172.253.62.106	true	false		high
cs1227.wpc.alphacdn.net	192.229.211.199	true	false	0%, Virustotal, Browse	unknown
bj.file.myqcloud.com	82.156.94.13	true	false		high
part-0012.t-0009.t-msedge.net	13.107.213.40	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	0%, Virustotal, Browse	unknown
signup.live.com	unknown	unknown	false		high
appservies02342-1321331581.cos.ap-beijing.myqcloud.com	unknown	unknown	false		high
aadcdn.msftauth.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
logincdn.msftauth.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
account.live.com	unknown	unknown	false		high
acctcdn.msftauth.net	unknown	unknown	false	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
blob:https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/e7308b8f-0f12-4d80-a428-888da083a470	true	Avira URL Cloud: safe	low
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://signup.live.com/?lic=1	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://account.live.com/ResetPassword.aspx	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	chromecache_73.2.dr	false		high
https://signup.live.com/	chromecache_74.2.dr	false		high
http://fontawesome.io/license	chromecache_73.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
13.107.246.40	unknown	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
192.229.211.199	cs1227.wpc.alphacdn.net	United States		15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.66.137	code.jquery.com	United States		54113	FASTLYUS	false
172.253.62.106	www.google.com	United States		15169	GOOGLEUS	false
82.156.94.13	bj.file.myqcloud.com	China		12513	ECLIPSEGB	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1418450
Start date and time:	2024-04-02 01:40:21 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.phis.win@22/85@22/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://www.bing.com/ck/a?!&&p=1ca7097290a0fed1JmltdHM9MTY4NTMxODQwMCZpZ3VpZD0wODM2NWU4Mi1hMmQ4LTY1YzEtMGMyNC00Y2RiYTNiYjY0NjUmaW5zaWQ9NTE4NA&ptn=3&hsh=3&fclid=08365e82-a2d8-65c1-0c24-4cdba3bb6465&psq=https%3a%2f%2fsignup.live.com%2f&u=a1aHR0cHM6Ly9zaWdudXAubGl2ZS5jb20v&ntb=1 Browse: https://www.bing.com/ck/a?!&&p=2514c319cfd09310JmltdHM9MTY4NTMxODQwMCZpZ3VpZD0wODM2NWU4Mi1hMmQ4LTY1YzEtMGMyNC00Y2RiYTNiYjY0NjUmaW5zaWQ9NTE5NQ&ptn=3&hsh=3&fclid=08365e82-a2d8-65c1-0c24-4cdba3bb6465&psq=https%3a%2f%2faccount.live.com%2fResetPassword.aspx&u=a1aHR0cHM6Ly9hY2NvdW50LmxpdmUuY29tL1Jlc2V0UGFzc3dvcmQuYXNweA&ntb=1

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.163.94, 142.251.167.139, 142.251.167.100, 142.251.167.138, 142.251.167.102, 142.251.167.113, 142.251.167.101, 142.250.31.84, 34.104.35.123, 52.165.165.26, 199.232.214.172, 192.229.211.108, 20.3.187.198, 13.107.21.200, 204.79.197.200, 13.107.42.22, 172.253.62.95, 172.253.115.95, 142.251.163.95, 142.251.111.95, 172.253.63.95, 142.250.31.95, 142.251.16.95, 142.251.167.95, 172.253.122.95, 20.189.173.2, 20.189.173.6, 20.166.126.56, 20.190.151.133, 20.190.151.69, 20.190.151.7, 20.190.151.6, 20.190.151.8, 20.190.151.67, 20.190.151.70, 20.190.151.132, 13.105.221.21, 23.61.11.32, 23.61.11.39
Excluded domains from analysis (whitelisted): lgincdnmsftuswe2.azureedge.net, slscr.update.microsoft.com, global-entry-afdthirdparty-fallback-first.trafficmanager.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, a767.dspw65.akamai.net, clients2.google.com, ocsp.digicert.com, login.live.com, www-bing-com.dual-a-0001.a-msedge.net, update.googleapis.com, acctcdnvzeuno.azureedge.net, acctcdnvzeuno.ec.azureedge.net, www.bing.com, fs.microsoft.com, acctcdnmsftuswe2.azureedge.net, content-autofill.googleapis.com, dual-a-0001.a-msedge.net, thirdpartyfallback-mnz22r6b.trafficmanager.net, lgincdnvzeuno.ec.azureedge.net, www-www.bing.com.trafficmanager.net, edgedl.me.gvt1.com, account.msa.msidentity.com, clients.l.google.com, onedscolprdwus05.westus.cloudapp.azure.com, www.tm.lg.prod.aadmsa.trafficmanager.net, logincdn.msauth.net, acctcdn.msauth.net, acctcdn.trafficmanager.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.tra
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 100

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 95910
Category:	downloaded
Size (bytes):	17755
Entropy (8bit):	7.985805274338916
Encrypted:	false
SSDEEP:	384:7P/snh9IWQT5yz/+u+ZoU9a5pXAeTHNxDyG6d1zC9pvFe5:j/HWWyqu+ZoU9atAeTHzeGgv5
MD5:	5E5918E943A26D2E4037BD7418076110
SHA1:	06B96FC7B61F3EF879A3D37536AE28BC47B0CF48
SHA-256:	1F0A2E09C97C138320FBA7E9291D31247912914223FBFE953917005BAC107A88
SHA-512:	DB49B108F7EBF7431ACB9215605C2D39813F2E7DE7A982632F1C69BE6F77FFC8217D1A7D94661F93DA1D17C1F6C6295852387413CC5B780B4829BAD1975CCF3D
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1
Preview:	...........}is.F..w...\.XY..-J.....Y.K..V.."!.k.`..e.....s_=.(...D.D...\===3}\|......H..U...~.&..y._U.^.."..<..gi.P.2(.2.>..0......n....g./.w?...N..........N_....<zt.H..I...^Fe<..,. .f..q.,.w.DipU..Z........iRVP.2N..).+..YTT....~.\.l..M2(=...U2..(.Sl)\|..8Xg..n..l.._.....)(.nV...".....Z.v..9..XKZ.......O...^...%..h.j..&e.,...FHd..f...n.5o..O.].0n..C..:h.\|=.B......@!9...N..A.y..ez.\.QF.\T...].q..........A.\ACh.:A\V.j..dn)........Z.TusYv/.."Zu.,...p......G...^..9.=./...i.q...z.apq.T0...4.=zt...%...{...R.l..<....f....;d~..6X.EI..e.%...R.#...@f....7.v>K"2Q.\|.&.Cg..6..B.{...>.d.G.$.."..h."_S.d.f.Vg...6..4Y&..R.Q.#@.......`..+.7..Z./a..:.<!./..$.$..f...; .2N.G.!!...h].-.....$)7..dO.........0d.F.JH....SX.k.<.'.G.....2.....L.J..*.d1].\|...${D.Dw.R}Y........gw3.._....~........<8{.._./O^.{....^'....../..x..-pc`....'........g.O..w....9{}z.i.o_........P..w......^..H.....9A.....W.........<....-.....3................@./....?..ZN.....VH.N.._..W.

Chrome Cache Entry: 101

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 102

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

Chrome Cache Entry: 103

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

Chrome Cache Entry: 104

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	3.6086949695628414
Encrypted:	false
SSDEEP:	3:KAam:Kjm
MD5:	6BB67F495601048D153FBC0E1B5D05CE
SHA1:	23A3E77DB69B11287E84568C2E94192A1EBE4E2C
SHA-256:	5B053E9B260D50775B96A767F054A10724CF5EC33A2A5AD06842AB96B439A108
SHA-512:	A0D0736DC0249FCC064019486F59F7F82D0861FE3B32E87D1E177B5E7D593279CBC55D25781674F40D88516CCB63722A431BD22F29003A521AE096D40336E3CA
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAkuJsum9Yzc8RIFDbT67LQ=?alt=proto
Preview:	Cg0KCw20+uy0GgQIZBgC

Chrome Cache Entry: 105

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 106

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 107

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:	12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

Chrome Cache Entry: 108

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 109

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 8111
Category:	downloaded
Size (bytes):	3505
Entropy (8bit):	7.945008338787512
Encrypted:	false
SSDEEP:	96:ziS8LmnrKD6nrzRydFgkoVfemimQY/W+X:ziarzrzR04GmP7/fX
MD5:	1A9078EB7795CC2AB9BE86D02D21A853
SHA1:	0CD912EEE4E1FE283AD99FA0C69CDC1F32DA7025
SHA-256:	B68C76624B9979DA1E4138A3570F2F944CF67343AFE8EC089C15E0266E8E2D35
SHA-512:	3E3AA3A4BB67BF617276C27F17AC7FC390C6520009EE9478AC28934AC50F195B2985153AD2DD9DA8ADCE0192572A4385CBE153F53BAFE3C2419AAAA13DDB0CA8
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
Preview:	...........Y[s.6.~..Q.L.`FI...D..q..c+....$$1.I..-+...~..M....N......~..&e..(MlgY.Z....U.U.c..n.\|%..{=[.Y...7..JH.......!...O..1....7.......>..'e....!0...>1.M.......s+..^>...Z..q9...M ..[..(e.^o..[.z...`.Z.$L.n!.8..i..)/..=wG...D...w....C.,....m....I.....K........9. \|.a#;u...... ....5..+I..AeV&.0J..F..$.......V...!..RK...F.\..\.. .8.07...{$......h...O8..Jw[..Y6..Qh..`.(...K...8..09P..#.,`..f.qI..\|...{.h....pm.\.m.&.s...tI@....Y.m.sg.x.j.og]..+.AY6.&.8...7.5..Y.$...Z....6....w.f.d..Q.LV..3qTh....X5Ih.%....j..tb..kfB..o..;....3...8C...l.:.W..jF...1!..5..~/.j....t....3.......e..:".9........_.,.h..<.. .x..9.HD...1...w..Kq..Q^FW....VA'K.&..<.H.3l..>........M.....t.._....+B ..e6jK..A. ..+9...nRX.M.....\.....b...j55<..X...U...U0S...we..8.kY...@&._.......;h.e.=..&.H.e.d...;%.R.YH...tg~.a.\|....E..p..Q.Gj.T;.....'3.iQP....m..U.......KC..k.b0...w...z...9r[..R.h....K?.#.....e.!..5y.....s....G.oa.;..:............H......._Y&.W...X.u.

Chrome Cache Entry: 110

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	900
Entropy (8bit):	3.8081778439799248
Encrypted:	false
SSDEEP:	24:t4CvnAVRHf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUV0UFl:fn+1QqC4GuiHFXS1QqCWRHQ3V1QqCWRV
MD5:	635A63D500A92A0B8497CDC58D0F66B1
SHA1:	A32EBA4B4D139E8DA52C5801A13C1EE222B2B882
SHA-256:	61D7CCC5D2C41BF86BE6CEFB0063405067849BA64E9F219F60596EF09A54A942
SHA-512:	EFFE15E105FC5FA853E76917B533AAE6C75EBA9A256049FB5EAB88BBF319D63A4CE4AE3743A09D6A5F474B01649D6EDC5C8BCCC61B8CA9EA9E5C39E7AE724C16
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

Chrome Cache Entry: 111

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 112

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 113

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	899
Entropy (8bit):	3.8260330857236338
Encrypted:	false
SSDEEP:	24:t4CvnAVROLgCWbVHTVSRUyL3Fe09gCWbVHTVeUVh10UsSgCWbVHTVeUVh10Usb7:fncCWRH0JL3FECWRHQA10rCWRHQA10F
MD5:	7568A43CF440757C55D2E7F51557AE1F
SHA1:	55C22CA98B5CDCED134F6E24205C288845312A2D
SHA-256:	B7FCD37EAAFE3F08647ED072D5289EADFFF6C660A26CDEF31532B3FCFB4A0BB2
SHA-512:	F01DA2804594C3C78C0694FD6CC49B667663DA95AE7367EE3F0F5112B9957A3220389AAE4A5B750BCB3BC4F1092EA614266A4BFFD7E0FE16232E1CB57606E901
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M9.143,1.143a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.107,1.107,0,0,1-.089-.446A1.107,1.107,0,0,1,6.946.7,1.164,1.164,0,0,1,7.554.089a1.161,1.161,0,0,1,.893,0A1.164,1.164,0,0,1,9.054.7a1.107,1.107,0,0,1,.089.446M9.143,8a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607,1.161,1.161,0,0,1,.893,0,1.164,1.164,0,0,1,.607.607A1.107,1.107,0,0,1,9.143,8m0,6.857a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607,1.161,1.161,0,0,1,.893,0,1.164,1.164,0,0,1,.607.607A1.107,1.107,0,0,1,9.143,14.857Z"/></svg>

Chrome Cache Entry: 114

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 115

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (407), with CRLF line terminators
Category:	downloaded
Size (bytes):	1951
Entropy (8bit):	5.058919953649703
Encrypted:	false
SSDEEP:	24:hPIzWgR8CC07ERsePmCcxtBQ2iBZWGFr1ebxeVhUX7+eBmRRDihFMZEnNJ/okUst:tTg7YeDQZWSkHmvih+ZuJesArKNNCbA
MD5:	4FA3B0ACEA56B8090154EB5701F9A607
SHA1:	C373110D22A2459F217021418F8B394F40138880
SHA-256:	14251927B3D31B020125E08B4DCD6ED7A514CF72CC4F32DF79F7FC4A040B1870
SHA-512:	0F6F149CDD1B5DB0A462D52D8316C25AFEDDE30EF87A8714EC7D65E29F177E01919BD0B1624B467E5F13853A65893560BDF668D548D88423407909EDB48A4376
Malicious:	false
Reputation:	low
URL:	https://www.bing.com/ck/a?!&&p=2514c319cfd09310JmltdHM9MTY4NTMxODQwMCZpZ3VpZD0wODM2NWU4Mi1hMmQ4LTY1YzEtMGMyNC00Y2RiYTNiYjY0NjUmaW5zaWQ9NTE5NQ&ptn=3&hsh=3&fclid=08365e82-a2d8-65c1-0c24-4cdba3bb6465&psq=https%3a%2f%2faccount.live.com%2fResetPassword.aspx&u=a1aHR0cHM6Ly9hY2NvdW50LmxpdmUuY29tL1Jlc2V0UGFzc3dvcmQuYXNweA&ntb=1
Preview:	<!DOCTYPE html>..<html lang="en">.. <head>.. <meta charset="utf-8">.. <meta name="referrer" content="origin-when-cross-origin">.. <script>//<![CDATA[.. var s = false;.. function l() {.. setTimeout(f, 10000);.. if (document.referrer) {.. try {.. var pm = /(^\|&\|\?)px=([^&]*)(&\|$)/i;.. var px = window.location.href.match(pm);.. var rs = document.referrer;.. if (px != null) {.. if (rs.match(pm)).. rs = rs.replace(pm, "$1px=" + px[2] + "$3");.. else if (rs.indexOf("?") != -1).. rs = rs + "&px=" + px[2];.. else.. rs = rs + "?px=" + px[2];.. }.. history.replaceState({}, "Bing", rs);.. window.addEventListener("pageshow", function(e) { if (e.persisted \|\| (typeof window.performance != "undefined" && window.performance.navigation.type === 2)) window.location.reload(); });.. s = true;..

Chrome Cache Entry: 116

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 273170
Category:	downloaded
Size (bytes):	105716
Entropy (8bit):	7.9966881199454365
Encrypted:	true
SSDEEP:	3072:/IuCFZmgGfas/n8fHSFYXfFmO7scECa0Ht15HhSd:/dY7sE/MwfFmyscEfgBK
MD5:	68B3385A6DFFC8D64E019832ACC918ED
SHA1:	7D29DDA429CED1040EE8959B5688387D4DD1B4E0
SHA-256:	17190922204C288B25C7DB6B10EB4130B147C53171E442B25BC1F2D56BB74AEC
SHA-512:	3C90DEEBED1C066B1629ADDA526ADA2821BA66DC523910C71D84BAC4D88BFB830965AF355C132BA9D7AA84ACB58BF602ED9B4C70F6E2F42A1B4CAE203AE85426
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1
Preview:	............is.H...}".?.....Y.Im..].....Zlwst..Y.`Q..E.-..~.......{...L[D.[VVfVf.....[.Fw.....q.....'J4V.+..N.'OIx}.5.....I..WY#.F.a.eIx.gq.....q.s..D..W.6W.V...L%Q0n.F.'../.... iD2..S..U...0......j...0sz.u$."...t..o....G#u.Fj.T:.$...i...#.. =\|...x......<..Qf..\\...ix..M..&.8.O]gQR.....s.FF.x.+.....&..q...FGJ.--..lv<.fi)z~v...q=./..)..).ZZ..T.....0%R5..y...Q.?..(~.9.7..e.]...G.......d7I...C..I.8....d.....f...\|.....s.......%E?GKK.\G.A.\..]...........}....h.d$..&>s.........N.....e<.U...S%.<o....^W4"...DW$2H..;.ei{.....NzY.....F.5T.o..{...0..]%B.k>...?^1/.T...Z..X...b...)8..n_\.\\...i..Y..1..I.<--.+..ev.....Zt<.{...f...:I..z.uZM.WS.dl.6mw.......f].zb.5l..n.i75.c..Q...j8-.r.a.bB........'.s."..f0....U..2.(.V... ~.....Z.."...r....Rv^-....N..Y.....;n...w..t.Uv.g....u.?).` .........#......BG..h.W.5a.$...@...A.F..8..FU....uDB.....2J..4=.iuD.q..t..o..R........aJ+...JL.]\|....)=...Q<...u..?..#..G[..d.2....8.........$...?...=..!.

Chrome Cache Entry: 65

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 66

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 67

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 69

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 208265
Category:	downloaded
Size (bytes):	53103
Entropy (8bit):	7.995099232746401
Encrypted:	true
SSDEEP:	1536:J3SCE2KqpmkKwua0QMPQj3Bb/VWQ8te/Z:QF2KYyBQj3Bb/0g/Z
MD5:	53DBD2FD82810AEEC9383D4792683A56
SHA1:	D800AC38DBEF14D3E5CF571FEE2432835E5E1489
SHA-256:	5B33C3CB8C3DE781483206E3479CAAE02A1F3424E465464A8F2A9FEA43672E07
SHA-512:	625D6B37616B327256DCDB33AEA4C9223BA5974CB3CCD10588F9A3D04E0883365A9DF3AC0B39F5394928B87C57BF13CBC82C5204F4C3FC6BE92F1E0C3399DBD1
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/lightweightsignuppackage_I2u0h5_OVsvo48cPwiR07Q2.js?v=1
Preview:	...........}y.......2...H.D...%i.ln.4m]5..).5E.$..g.3...7..i...{='...X...0....(v........XwX.\|f.wWVX...a?.v..T.[q.:.v.#+rt....6.N.?#K.c._x.i:.%......._..U`.Z.Kk...[.............]V.UQ.[.....y....Y..ruUT._..[..~.........`.~].....`..'~L@..M..8.,p"+_.z...S.@.V.;.Y.dA......e....r.-\|....ck....kARM.e."...+.^..\...4..F....H}....8t....<S.7c..\..$..,d......bf.E/..X.u....0.Yf..[.....C.O+..f.....O.. .En....P&...A.a.....z..M..(....!+..v.O..\c.....S.K...V:..u'[.J.ca.)...c......>.p...<.7..............o..\|..oq.o..Z.n.oi'..>f...(K.....?K.s..i.#D....r2s....S..C..Q...N._..D....w..w.]....{.[.+.6T&.....5=....!8.z.......7..zwo..p.....<....6.....{..n............z}.....(..5z{].q.....G.F......i,....i..f.....>....7.8..sd.e...]w.....b..,.>.C.V..X".v2...FlZ.mh..m..0..s......>{.......cA...g;.'....m1,@..U6.F_.3.=.f8..........Z.....zY.'l..i......dU:-....;`.}....n....8.V....P....3.....M?....99..._..%..L+.1..)8..~."....?.Q,9\|...s...!xs..P..p........$..Q...G.-...t

Chrome Cache Entry: 70

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	32
Entropy (8bit):	4.202819531114783
Encrypted:	false
SSDEEP:	3:WRemVnCAd:rTAd
MD5:	7F6C2F2EC0AC79AF93AC42E55601E0D8
SHA1:	8DE377E67C5B4919C767A044051BFD52C77A985E
SHA-256:	5F1077DECBD2768AD99AF5D592C4DDE934F19682BB8BAD05599F9D403344DA27
SHA-512:	85DCD5AE0B75A54F30675AA864DC4526F9AAD07F9CAC63D9004B81EF2EA1D270909740137D72A9D8D0BBBD9D8674B8FFDDE1745E95E628D65B4F898F49FA9A91
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAnw8PvhQPeM6xIFDewtwx0=?alt=proto
Preview:	ChUKEw3sLcMdGgQICRgBGgQIZBgCIAE=

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/images/favicon.ico?v=2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
URL:	https://signup.live.com/Resources/images/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 73

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	troff or preprocessor input, ASCII text, with very long lines (372)
Category:	downloaded
Size (bytes):	37414
Entropy (8bit):	4.82325822639402
Encrypted:	false
SSDEEP:	768:mmMtI+A4CSIDqvnI+YTBrFPvVrJjhiRAiiEL:mXtI+A4GDUI+Y9rpVljhiIEL
MD5:	C495654869785BC3DF60216616814AD1
SHA1:	0140952C64E3F2B74EF64E050F2FE86EAB6624C8
SHA-256:	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
SHA-512:	E40F27C1D30E5AB4B3DB47C3B2373381489D50147C9623D853E5B299364FD65998F46E8E73B1E566FD79E97AA7B20354CD3C8C79F15372C147FED9C913FFB106
Malicious:	false
Reputation:	low
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Preview:	/!. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). /./ FONT PATH. * -------------------------- /.@font-face {. font-family: 'FontAwesome';. src: url('../fonts/fontawesome-webfont.eot?v=4.7.0');. src: url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'), url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'), url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'), url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');. font-weight: normal;. font-style: normal;.}..fa {. display: inline-block;. font: normal normal normal 14px/1 FontAwesome;. font-size: inherit;. text-rendering: auto;. -webkit-font-smoothing: antialiased;. -moz-osx-font-smoothing: grayscale;.}./ makes the font 33% larger relative to the icon container */..

Chrome Cache Entry: 74

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (362), with CRLF line terminators
Category:	downloaded
Size (bytes):	1887
Entropy (8bit):	5.016609058089312
Encrypted:	false
SSDEEP:	24:hPIzWgR8CC07ERsePmCcxtBQ2iBZWGFr1ebxeVd+eBmRRDihFMZEnNJ/tUsA+ais:tTg7YeDQZWSvmvih+ZuJOsAkbA
MD5:	C7E7C2CDC63DD44CC8A86D7022796652
SHA1:	7164DE578B1356CF28D3E586BBA3A9E46919BCF1
SHA-256:	25C1B2CF69BB05F7582E27A221F436EB41E3280E9BB82093510A6C19D3EB8C9C
SHA-512:	7CD05235EC9B21B96592A6F0EDE48D034D1F5EEAC4168C63F739583F685D6006F4DA3F0A4FD0452256D8655CA93E74E18B297ED63F9BFAD47AB5F56F1A5DC70A
Malicious:	false
Reputation:	low
URL:	https://www.bing.com/ck/a?!&&p=1ca7097290a0fed1JmltdHM9MTY4NTMxODQwMCZpZ3VpZD0wODM2NWU4Mi1hMmQ4LTY1YzEtMGMyNC00Y2RiYTNiYjY0NjUmaW5zaWQ9NTE4NA&ptn=3&hsh=3&fclid=08365e82-a2d8-65c1-0c24-4cdba3bb6465&psq=https%3a%2f%2fsignup.live.com%2f&u=a1aHR0cHM6Ly9zaWdudXAubGl2ZS5jb20v&ntb=1
Preview:	<!DOCTYPE html>..<html lang="en">.. <head>.. <meta charset="utf-8">.. <meta name="referrer" content="origin-when-cross-origin">.. <script>//<![CDATA[.. var s = false;.. function l() {.. setTimeout(f, 10000);.. if (document.referrer) {.. try {.. var pm = /(^\|&\|\?)px=([^&]*)(&\|$)/i;.. var px = window.location.href.match(pm);.. var rs = document.referrer;.. if (px != null) {.. if (rs.match(pm)).. rs = rs.replace(pm, "$1px=" + px[2] + "$3");.. else if (rs.indexOf("?") != -1).. rs = rs + "&px=" + px[2];.. else.. rs = rs + "?px=" + px[2];.. }.. history.replaceState({}, "Bing", rs);.. window.addEventListener("pageshow", function(e) { if (e.persisted \|\| (typeof window.performance != "undefined" && window.performance.navigation.type === 2)) window.location.reload(); });.. s = true;..

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 76

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90613
Category:	downloaded
Size (bytes):	32748
Entropy (8bit):	7.992329865067804
Encrypted:	true
SSDEEP:	384:Rk71wwFxcfkQxFoFKrDsQtReHGqskPEoIJgLFg4AKxk9I0nis/7doaZCPtr3ZCS8:LwFxcceouDsQD5JUFFT2Isi6d5APXLAn
MD5:	B3DF30AE70C34BAC95FC91544D9209BD
SHA1:	68E1316DE3CD5FEEBCB4DA17AFC80EAFD7FB2234
SHA-256:	B06F7F7C91DA1E7A195A508913008E0427889447B9697E090CC8ADC7D4E6564E
SHA-512:	E209CF0223EBE5FDA949E721CB6794B7FF9173B95BC2B28FA5B70B576DD03AD36DCCED5B1C4764571C8CB1CF0B7FB965F1835DC9B3CB7A7AFA8B3C4CE684A7FC
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/5/chunks/oneds-analytics-js_c53074e74ebeb8e140d6_en.js
Preview:	...........iw.8.?.~>....%."9Kw.0:..t....Y..>...l.BR^b.O...A.N...yq.t,b!.....BU.....4kM.Lr..I.]DE.&..TF..K.J.9.7.$....(..7?.=.....O.....;~t,..y........Nq].~...ys.Rd...~....<.E..yr~\|..c..qqs.....Q.S.....3..g.......}.{..Q.2OF....)...d..D...R.>..v.<>=+.4.e..6..<KZ_..Z......P..h).o..}.}..v...'j.9..@N.,.....4N.j.....qS+(..~,.iS7^eK.B^.$6.~.._..i..4yo..S.5T..Rl_...F.LF7.U..t.=..$.Z...4...q>..... TJ.F....2#......o.QC./1JN.....Rf.'..>S.....Y.$r...i.X.......w..3..}Z...#.hq4..#..#..6..}m/Kg2+b.. {..w../U.y.7B.9A.b.VJ0.....S#.Y4.o..M.}M...M..M.4...*?6SJS.zD.i...tj.j;..OM...<....x..L..;!.>.....>....B.R...,..f.9.>..(M...lF.!...Mr.4%.........Y....F...............p.@.p.....G.=.....>#.9M..\|.-...2.ZY.bO....+...4...XNbj..Q...b.F.Y..iq3.bD..."rz.e..$.......FL.y.,.w...50_m...$.No...H'.....t.....P/..sQ.f.r......P.P.w....s.l>...0..m.\Bbh....... ....tZ.x..\...f..~...j:d..!s.W...C....w&.v.t..D..8.:..._...u8......h..El....................t.....E.9..G9.KH..6

Chrome Cache Entry: 77

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	900
Entropy (8bit):	3.8081778439799248
Encrypted:	false
SSDEEP:	24:t4CvnAVRHf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUV0UFl:fn+1QqC4GuiHFXS1QqCWRHQ3V1QqCWRV
MD5:	635A63D500A92A0B8497CDC58D0F66B1
SHA1:	A32EBA4B4D139E8DA52C5801A13C1EE222B2B882
SHA-256:	61D7CCC5D2C41BF86BE6CEFB0063405067849BA64E9F219F60596EF09A54A942
SHA-512:	EFFE15E105FC5FA853E76917B533AAE6C75EBA9A256049FB5EAB88BBF319D63A4CE4AE3743A09D6A5F474B01649D6EDC5C8BCCC61B8CA9EA9E5C39E7AE724C16
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

Chrome Cache Entry: 78

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	756
Entropy (8bit):	4.879179443781471
Encrypted:	false
SSDEEP:	12:t4pb8WsQKvkBWSfYcW3ffBfYfomQO1a7aajR2F1hgWSnuCNSganii7v/NPujARqj:t4pb8WvKMTfY3ffBfYfomQO1eXjR2oug
MD5:	9DE70D1C5191D1852A0D5AAC28B44A6C
SHA1:	F4F64F5CBDBE6D1115C10A7F9CCB8828E6B67CAE
SHA-256:	5D3357BD875B7335ACE42E8EE3A64578E4253BED1A4E279109DE403EEDAE3A69
SHA-512:	CAC13FC2FE30E10772008F2AFF70FCA031EA9918E1F8C5C8B91CB9E79463383183406EFAADF89360DE3A08573FCDF2716C14DA6411E24B7E260B96AF84F00762
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M34,35V14a2.938,2.938,0,0,0-3-3H27V8l2-1L27.948,5.638,24,8,20.07,5.648,19,7l2,1v3H17a2.938,2.938,0,0,0-3,3V35a2.938,2.938,0,0,0,3,3H31A2.938,2.938,0,0,0,34,35Zm-3,1H17a.979.979,0,0,1-1-1V14a.979.979,0,0,1,1-1h6V10h2v3h6a.979.979,0,0,1,1,1V35A.979.979,0,0,1,31,36Z" fill="#404040"/><path d="M26.766,25.42a4.432,4.432,0,1,0-5.533,0A6.237,6.237,0,0,0,17.765,31h1.653a4.582,4.582,0,1,1,9.165,0h1.653A6.237,6.237,0,0,0,26.766,25.42Zm-5.546-3.435A2.779,2.779,0,1,1,24,24.765,2.783,2.783,0,0,1,21.221,21.985Z" fill="#404040"/><rect x="21" y="14" width="6" height="2" rx="1" ry="1" fill="#404040"/></svg>

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	222
Entropy (8bit):	5.004415423297573
Encrypted:	false
SSDEEP:	3:tIsqDmJS4RKb5zMc7XpCN+bJMacvRxyJAgR/QvfqhcDQKG2TcVER+HLZqWTboZUq:tI9mc4slztdbC/yXADQKDTcVEqLwDZsc
MD5:	56E73414003CDB676008FF7857343074
SHA1:	9ED7A58CD0E81E9689AC8C6D548A47D0185E0FDC
SHA-256:	749F85621D92A5B31B2A377A8C385A36D48A83327DAD9A8A8DA93CD831B8C9A2
SHA-512:	FAD0071AC2DFA23989BFBC7D3850415F3C340A74A54D3D8D797AFCCD6A301513BBC769DF4E5148605BE1E23A8750973EB80726F3CC959A2A457B0EC09AE14F27
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M25,23H36v2H25V36H23V25H12V23H23V12h2Z" fill="#404040"/></svg>

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 80144
Category:	downloaded
Size (bytes):	28582
Entropy (8bit):	7.990835795085235
Encrypted:	true
SSDEEP:	768:SUSXTBiGf3+ifgoT+C2k8EJCHSJxknJc+OAf51u+NrKMWINuz+:8ViGf3VJkc+O+ea2MWINH
MD5:	A37BDBB8F418A4014C99AC1393E58A58
SHA1:	00C49FEF2C56BC87AAF99FAEE903E05986234BC8
SHA-256:	99EF7CD8BC7584B2645FA63F11E101B1377CE314D7738FA57CB886813906BBD1
SHA-512:	6C93DC6F08B440B070616A10BDB832CDB9DE3C52A98580D3E4535E5E45723F1575E91BA43AD7561636AA697BF238F50A2D9BA2CD2CF225416CFBC546467D05DF
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
Preview:	...........is.H.6..... ^...R.T.3....%.V.,.%...i.....\D.Z,...... .w..uW.@".........?...:.....ZW.O.......uv~urxl..Z.?{..j0..0K-...<M.....$..g.y.HskL...0.z...Z.Rk6.~M.Ene.\|A..4..Y.U7O...\|.`.\|t=..N...pB......k2]....'....$O..$I...`.....x>...5O.txK..KJ.6!.p.Zy..z..b ..Y..j...b......@./.p8E.gK.4.L'.gt.......ZL...R....p.h..9....:.B...^e.y:.E...R......Vz?..y.`....S.......4......K.h.`..3...LXi...fi.....y.Y...../.i<......mx..3.8......'.'o..9.k]...tb].h>..c......;R.\|.x:....r.\|....www.tF...<N....ww<\..o6....Gs.N..Q..9.....(..#-.0.)7v8.;..)...S.=+...~.......M.E8.`.C.......N....\|..C,I2..X......r....M$).\|8../..p1.../..X....l....s6.......!T.2......O.a..).j.......Qu.\Pb.D.&.Q....i.gt....N.:..P.j.......H.Q...5.r.dJ..-.d ..{..*..O'..#.}K.$..hz.>.0..Y...S>...R5g.4.ph.h....Zy@2.m.d}......<.{....uri}.8............o'W..?]Y.....@/A.._N..u.........u.....1.....~::9{g..r......T....UU'........{J8xsrzr....\...T..C...O.....O.../...GT.........t.......9..

Chrome Cache Entry: 83

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	899
Entropy (8bit):	3.8260330857236338
Encrypted:	false
SSDEEP:	24:t4CvnAVROLgCWbVHTVSRUyL3Fe09gCWbVHTVeUVh10UsSgCWbVHTVeUVh10Usb7:fncCWRH0JL3FECWRHQA10rCWRHQA10F
MD5:	7568A43CF440757C55D2E7F51557AE1F
SHA1:	55C22CA98B5CDCED134F6E24205C288845312A2D
SHA-256:	B7FCD37EAAFE3F08647ED072D5289EADFFF6C660A26CDEF31532B3FCFB4A0BB2
SHA-512:	F01DA2804594C3C78C0694FD6CC49B667663DA95AE7367EE3F0F5112B9957A3220389AAE4A5B750BCB3BC4F1092EA614266A4BFFD7E0FE16232E1CB57606E901
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M9.143,1.143a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.107,1.107,0,0,1-.089-.446A1.107,1.107,0,0,1,6.946.7,1.164,1.164,0,0,1,7.554.089a1.161,1.161,0,0,1,.893,0A1.164,1.164,0,0,1,9.054.7a1.107,1.107,0,0,1,.089.446M9.143,8a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607,1.161,1.161,0,0,1,.893,0,1.164,1.164,0,0,1,.607.607A1.107,1.107,0,0,1,9.143,8m0,6.857a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607,1.161,1.161,0,0,1,.893,0,1.164,1.164,0,0,1,.607.607A1.107,1.107,0,0,1,9.143,14.857Z"/></svg>

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
URL:	https://signup.live.com/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 85

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 86

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	222
Entropy (8bit):	5.004415423297573
Encrypted:	false
SSDEEP:	3:tIsqDmJS4RKb5zMc7XpCN+bJMacvRxyJAgR/QvfqhcDQKG2TcVER+HLZqWTboZUq:tI9mc4slztdbC/yXADQKDTcVEqLwDZsc
MD5:	56E73414003CDB676008FF7857343074
SHA1:	9ED7A58CD0E81E9689AC8C6D548A47D0185E0FDC
SHA-256:	749F85621D92A5B31B2A377A8C385A36D48A83327DAD9A8A8DA93CD831B8C9A2
SHA-512:	FAD0071AC2DFA23989BFBC7D3850415F3C340A74A54D3D8D797AFCCD6A301513BBC769DF4E5148605BE1E23A8750973EB80726F3CC959A2A457B0EC09AE14F27
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M25,23H36v2H25V36H23V25H12V23H23V12h2Z" fill="#404040"/></svg>

Chrome Cache Entry: 87

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 88

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
URL:	https://signup.live.com/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 89

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 90

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 91

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:	12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

Chrome Cache Entry: 92

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	756
Entropy (8bit):	4.879179443781471
Encrypted:	false
SSDEEP:	12:t4pb8WsQKvkBWSfYcW3ffBfYfomQO1a7aajR2F1hgWSnuCNSganii7v/NPujARqj:t4pb8WvKMTfY3ffBfYfomQO1eXjR2oug
MD5:	9DE70D1C5191D1852A0D5AAC28B44A6C
SHA1:	F4F64F5CBDBE6D1115C10A7F9CCB8828E6B67CAE
SHA-256:	5D3357BD875B7335ACE42E8EE3A64578E4253BED1A4E279109DE403EEDAE3A69
SHA-512:	CAC13FC2FE30E10772008F2AFF70FCA031EA9918E1F8C5C8B91CB9E79463383183406EFAADF89360DE3A08573FCDF2716C14DA6411E24B7E260B96AF84F00762
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M34,35V14a2.938,2.938,0,0,0-3-3H27V8l2-1L27.948,5.638,24,8,20.07,5.648,19,7l2,1v3H17a2.938,2.938,0,0,0-3,3V35a2.938,2.938,0,0,0,3,3H31A2.938,2.938,0,0,0,34,35Zm-3,1H17a.979.979,0,0,1-1-1V14a.979.979,0,0,1,1-1h6V10h2v3h6a.979.979,0,0,1,1,1V35A.979.979,0,0,1,31,36Z" fill="#404040"/><path d="M26.766,25.42a4.432,4.432,0,1,0-5.533,0A6.237,6.237,0,0,0,17.765,31h1.653a4.582,4.582,0,1,1,9.165,0h1.653A6.237,6.237,0,0,0,26.766,25.42Zm-5.546-3.435A2.779,2.779,0,1,1,24,24.765,2.783,2.783,0,0,1,21.221,21.985Z" fill="#404040"/><rect x="21" y="14" width="6" height="2" rx="1" ry="1" fill="#404040"/></svg>

Chrome Cache Entry: 93

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Reputation:	low
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 94

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Reputation:	low
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 95

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 28981
Category:	downloaded
Size (bytes):	7203
Entropy (8bit):	7.957414144235107
Encrypted:	false
SSDEEP:	192:hxLf1m7xU3bfEQ2Ki5vY92Nm5cQqSDhJAd:hxT1mIwQ1ava5Ad
MD5:	E136BF6A4163DFAF362EE33A5CCE2141
SHA1:	6BF60E30FD6DC097BD7F50F67622C6ED2E9117FC
SHA-256:	4C9D555EA3719C873C5EDDA8B109BD4A136ACBECE2DD0324FD7634F63BB4584E
SHA-512:	9717178B54637299A4B5AFFA39F27712176B7B70A89C939D9B6920F06BED4AE97224C1FAD4B1B0D9CE13AAA2758C8BD2DD32C7A4A9B535649A9A93C9ACD8A942
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1
Preview:	...........\.r.Hr..)..#...Q......DI.[$..)....D.,...(N....1...!\|........&~.g.@"...................g...^}.U...R..J.ka.W.....Y..{..:..B..$........J..._KZ..:p...4]:..x.J..Nn......%...{..x..d..\K.. .^ORq.\..p5.:-,\|.......S...(\g~.k_.eA.....`).:y.b.).W+.:...E..<...0.q...g..0..V...e$j.....uh}R...,[y...K.k.X.....u.%\..#\.....f..Z...?[.........p..~0...>8.r ......\|..s......qKX..qh.])`.@o-...p.+.....<.Lb.J..k.W.]..eH...Ac..1B...p......\|.........B.Ur....Qj.~...j...x0?_...pq........Y.......K...x.f.....BY3a?...z..Z...WK1.F+.cX.#.6...G.$.YV..P;....S..SW...q#..?2......v...q....G.Mb?....;......h.3.D.9x.....BD...@...v..%....?.P..1.............y........_....5..~.\|].......C.'....8.lf.u]....n.T.....s..k......@.,.;..tR.]..%..B.G..W....\{-..;.b....H].....j.\...w.M.=..vQ.lZ..v.....~<.....o.$$9i...q.'..\.....(..3..$...Rq...<9.A......./..i._(P.Z..B.I.=..K.0..& ja.0..s...!....H.C....Q..U\|k.p.+..#D..;.,.m...............`.\|..q.YC....c,.r.....Z...u..).H!-....@..J...H1..

Chrome Cache Entry: 96

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65309)
Category:	downloaded
Size (bytes):	198160
Entropy (8bit):	5.671950708936261
Encrypted:	false
SSDEEP:	6144:q7aUfedCnmlGrrnbgYA506xsCq16YunplE3+yY6:dYA506xsZqlE3+W
MD5:	4BE46FD4CE0BED4652ABE1E193517C69
SHA1:	75A6A6EA8FC6D707736A45A3BD2F35B968039364
SHA-256:	14844D77C34D346E06EF0CA0166B2BD9F29E9CB900F174B446415AEDF1CC3013
SHA-512:	3B520CE52F1AEC129B5BFCE3182588BF2FFAEF52EE9388EBF8D6F15668AA581EC3C26220B4CB4E34BE0A34A5B8AA3B51B8CD9D9834DBD510BCFB59CF44B957F6
Malicious:	false
Reputation:	low
URL:	https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <title></title>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="robots" content="noindex,nofollow">. <script>. let htmlContent = 'PGh0bWwgZGlyPSJsdHIiIGxhbmc9ImVuIj4KIDxtZXRhIGNoYXJzZXQ9InV0Zi04Ij4KIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wLCBtYXhpbXVtLXNjYWxlPTIuMCwgbWluaW11bS1zY2FsZT0xLjAsIHVzZXItc2NhbGFibGU9eWVzIj4KIDxsaW5rIGhyZWY9Imh0dHBzOi8vYWFkY2RuLm1zZnRhdXRoLm5ldC9lc3RzLzIuMS9jb250ZW50L2ltYWdlcy9mYXZpY29uX2FfZXVwYXlmZ2docWlhaTdrOXNvbDZsZzIuaWNvIiByZWw9InNob3J0Y3V0IGljb24iPgogPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJodHRwczovL2NkbmpzLmNsb3VkZmxhcmUuY29tL2FqYXgvbGlicy9mb250LWF3ZXNvbWUvNC43LjAvY3NzL2ZvbnQtYXdlc29tZS5jc3MiIGludGVncml0eT0ic2hhMjU2LU51Q240SXZ1WlhkQmFGS0pPQWNzVTJRM1pwd2JkRmlzZDVkdXg0amtRNXc9IiBjcm9zc29yaWdpbj0iYW5vbnltb3VzIj4KIDxzdHlsZT4KICBodG1sIHsKICAgZm9udC1mYW1pbHk6IHNhbnMtc2VyaWY7CiAgIC1tcy10ZX

Chrome Cache Entry: 97

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 22961
Category:	downloaded
Size (bytes):	5564
Entropy (8bit):	7.96911120289624
Encrypted:	false
SSDEEP:	96:26I4XZXVk41B1hFdJqnP/x0rTuwfifl0h3yajulA2TxxBM0iUGR+MrBN6Fz+w:26Zlpvv7J6P/TwfifK5yb9vM0iUGdrnY
MD5:	B59E39F9921CAFCA149EB9685B51F656
SHA1:	CE99E1B2CA50537D61B5F6004EA2D0F528725979
SHA-256:	72DE626A972E4867B3D7A5E1E3A08812FD74C25FAD1132E934AD3565FFD5AD78
SHA-512:	BA49F13506CD1648109B8684132794F7749129432DC0F89B2CB3869FC39D4DF107F08E0EF69958DDD993C8C09ED3060D35C193922BD5433897CE2B0583EB6559
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1
Preview:	...........<k..8...+.....pg..`.bd3...f..6..;.F...&2...4...W.DR...d..[.EV...".{..9.g_....B.y).%<$..itOF#2._..M!..b..".K..g.>.../..BG9...r#........Q.k......;g...J.Z..\|..].I."HSq..)Et.e../0...;....6."...Y.N.<%c.C.Iy...B..&)_....K.y.H....bN.......UUQE.. .7,_.M.4.....V...s"...A.fF.......6O..yV..2....A./..57..)...j...EJ....= ..j........X..&+/o)..pq.d....;..Qv./..........1. j..)#f"%S.B.x...F.H.1$..WQ\|.l.x.T.......5.%}.......2%@D...D@..A&)...u.$et...M.........<U0O..8.Y.C2?_.x.?...t..U..;.YD.P...zN...X.,-...A..().2..Y.M..E....J..K....S...W.> (a.e.`.j..A.......m..%e..l.Al.O.....-..~..$.D.d.....}..^.s.J...V...Q,....&/V.%..!.?.bOj.3..-3d0...........;....5.=.T-.5LF.- j...-d\....."..hD.K...D...q... ....K$..'jU.....h2Lk..!.wk....$...,...;..p.G<j..U.mq..s..`........K..f......88o..kp.M7z@.kZ...W#a....Jn..7.7..WW.)..A.,q."..\|.@........=s..3..1.D.Z.-=U.l..Ll.r,6..6;..I... .".[..9...5.B#..V.....6.<..F=.A.x./7.P.6%....V.6.Ab.}4.O;.....e&........ACU.\

Chrome Cache Entry: 98

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 99

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 609680
Category:	downloaded
Size (bytes):	161862
Entropy (8bit):	7.9984032722098695
Encrypted:	true
SSDEEP:	3072:iDtFDFBLO2HEdtsl9XeDWbMQ40OzKEhqG9sXKWdkauuxpRRq1NK:oXBS2HOSl9XeKUDzkK2huurRso
MD5:	EB6A055A72B4F1993BEC800D3C68B6B6
SHA1:	979A945885E56B2C61900DE2712AAE38B32DDFCB
SHA-256:	78E21E121BC7A36B790B6F57CEE83E31B07E856C7F1DE054B723F7DC8F60A925
SHA-512:	4684D470939A49DFDC21CDB580AA3FD9E4B5C16BF900E58327EAAC85B281D5426F3551D1F71B2435EBC49BBCC13BBE55F86B6F0C4378F9C8AB9685E670C2DA22
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/5/js/reset-password-signinname_en_8qvvLKBP0Aes1nPeyZ0lbw2.js
Preview:	...........mw.H.(......%.t..........a....''K.....$'.....K.Jr.g.}....[.VwuuuwUuU...X_...i:.Y)..l....J.lm>..d.R......<)...o..Y.fY2.'2.~..^>.{s...Vk.q..Y.,.......I.&E%2Q.<.~.p.. 2..Mx.Y`CU......(.,x...^......y.U.k..j..h.'F...H..r.,..."..sZ........d.[+AYEz!.UR.."...E^.xg..._.Rs.2.T..R..u.Z...:WE...'.,L...l1.YU.CZ]QeI\|}..~.O..yR...p;l..z9..6.dx].jQdkE7-_.Y.Y.$...n...&_N.....eR.....U!.1..'..`.Nl.8N......'9..PK.I.D..(u>...e...RL._.^.N.i)..we9.y..b.x.G.`".t.........P.D..u:.:H..Yg=f.e.}.s"..A...\|=..66...>]..$...dc#H...=J.`.y!..E....(.Bq.?Y(fqo0{.t.....3n.4N.f..hy=H.Na..........nlL!...W.<..i8......u..%.0:....%.STR-....~...lp.9.....5~x.66:%%./.i%...hh[3...r....P...$...]...8.M..N.1.j.".....h........bh..N!..+9.8.;a........V..-..B.`=h+4).3...0.......T%..Q{.E>Ia..b.{b...E:..z.a...Sk....s..TR^e#..~.f..F...../=n...Z'.....0.[.(.).b;0.n+v2MK.m..Z..`yS.....E..+U.j-r:.G.UK}q...E6N..4...........Z...........c;..q..j............). .kJ...dP^....J1B.#.T..BX

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 2, 2024 01:41:05.350826979 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 2, 2024 01:41:05.350828886 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 2, 2024 01:41:05.678962946 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 2, 2024 01:41:13.086114883 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:13.086158991 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:13.086262941 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:13.086677074 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:13.086729050 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:13.086792946 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:13.086906910 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:13.086920023 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:13.087106943 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:13.087117910 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.021261930 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.021485090 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.021603107 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.021622896 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.021703959 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.021728039 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.022051096 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.022120953 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.022135019 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.022197008 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.022658110 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.022730112 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.022887945 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.022949934 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.024106979 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.024178028 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.024228096 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.024296999 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.024518967 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.024524927 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.070620060 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.070621014 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.070645094 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.116631031 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.587558985 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.587589979 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.587599993 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.587652922 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.587666035 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.632061005 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.889818907 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.889832020 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.889882088 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.889890909 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.889930010 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.889934063 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.889941931 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.889952898 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.889961004 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.890005112 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.890005112 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.930762053 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.930835009 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:14.930845022 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:14.954843044 CEST	49674	443	192.168.2.6	173.222.162.64
Apr 2, 2024 01:41:14.955430984 CEST	49673	443	192.168.2.6	173.222.162.64
Apr 2, 2024 01:41:14.976530075 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.192090034 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.192101955 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.192157030 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.192193985 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.192199945 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.192214012 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.192234993 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.192269087 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.192449093 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.192539930 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.192544937 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.239362001 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.285803080 CEST	49672	443	192.168.2.6	173.222.162.64
Apr 2, 2024 01:41:15.314640045 CEST	49708	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:41:15.314697981 CEST	443	49708	172.253.62.106	192.168.2.6
Apr 2, 2024 01:41:15.314753056 CEST	49708	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:41:15.315426111 CEST	49708	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:41:15.315450907 CEST	443	49708	172.253.62.106	192.168.2.6
Apr 2, 2024 01:41:15.493670940 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.493686914 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.493732929 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.493750095 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.493793011 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.493793011 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.493803978 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.493850946 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.494354010 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.494375944 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.494456053 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.494461060 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.494493008 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.534693003 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.534724951 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.534779072 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.534787893 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.534881115 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.535006046 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.535082102 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.535089970 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.535104990 CEST	443	49708	172.253.62.106	192.168.2.6
Apr 2, 2024 01:41:15.535372972 CEST	49708	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:41:15.535408020 CEST	443	49708	172.253.62.106	192.168.2.6
Apr 2, 2024 01:41:15.536475897 CEST	443	49708	172.253.62.106	192.168.2.6
Apr 2, 2024 01:41:15.536530018 CEST	49708	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:41:15.588438034 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.795540094 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.795552969 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.795603991 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.795638084 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.795646906 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.795665026 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.795675993 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.795696974 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.795697927 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.795713902 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.795747042 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.795747042 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.796437979 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.796458960 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.796492100 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.796497107 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.796619892 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.796863079 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.796884060 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.796935081 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.796938896 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.796993971 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.797147989 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.797244072 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.797250986 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.797435045 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.797503948 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.797511101 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.797621012 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.797667027 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.797717094 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.797717094 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.797722101 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.797746897 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.797926903 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.798157930 CEST	49704	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:15.798170090 CEST	443	49704	82.156.94.13	192.168.2.6
Apr 2, 2024 01:41:15.847872972 CEST	49708	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:41:15.848062992 CEST	443	49708	172.253.62.106	192.168.2.6
Apr 2, 2024 01:41:15.890602112 CEST	49708	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:41:15.890628099 CEST	443	49708	172.253.62.106	192.168.2.6
Apr 2, 2024 01:41:15.941402912 CEST	49708	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:41:15.997672081 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:15.997709036 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:15.997786045 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:15.998166084 CEST	49710	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:15.998197079 CEST	443	49710	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:15.998256922 CEST	49710	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:15.998641968 CEST	49711	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:15.998673916 CEST	443	49711	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:15.998778105 CEST	49711	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:15.999147892 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:15.999170065 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:15.999260902 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:15.999901056 CEST	49713	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:15.999927998 CEST	443	49713	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.000026941 CEST	49713	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.000566959 CEST	49714	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.000598907 CEST	443	49714	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.000664949 CEST	49714	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.001068115 CEST	49710	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.001080036 CEST	443	49710	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.001339912 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.001348972 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.002062082 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.002069950 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.002154112 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.002505064 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.002516985 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.002844095 CEST	49711	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.002871037 CEST	443	49711	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.003166914 CEST	49713	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.003175020 CEST	443	49713	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.003443956 CEST	49714	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.003452063 CEST	443	49714	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.003778934 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.003791094 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.050525904 CEST	49716	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:16.050555944 CEST	443	49716	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:16.050617933 CEST	49716	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:16.056154966 CEST	49716	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:16.056170940 CEST	443	49716	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:16.231718063 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.232048035 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.232059956 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.232906103 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.232979059 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.234245062 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.234287977 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.234635115 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.234639883 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.242332935 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.242628098 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.242650986 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.243628025 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.243700981 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.244878054 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.244939089 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.245311975 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.245332003 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.255501986 CEST	443	49716	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:16.255587101 CEST	49716	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:16.267039061 CEST	49716	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:16.267056942 CEST	443	49716	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:16.267307997 CEST	443	49716	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:16.286202908 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.286319971 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.298481941 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.318659067 CEST	49716	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:16.322791100 CEST	443	49710	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.339679956 CEST	443	49714	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.340039968 CEST	443	49713	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.340423107 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.340430975 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.340754032 CEST	49710	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.340789080 CEST	443	49710	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.341207981 CEST	49714	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.341228962 CEST	443	49714	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.341510057 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.341557980 CEST	49713	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.341583014 CEST	443	49713	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.341590881 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.341938972 CEST	443	49710	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.342003107 CEST	49710	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.342291117 CEST	443	49714	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.342344046 CEST	49714	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.342753887 CEST	443	49713	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.342806101 CEST	49713	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.345870018 CEST	443	49711	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.349266052 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.349364042 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.349621058 CEST	49710	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.349704981 CEST	443	49710	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.350161076 CEST	49714	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.350239992 CEST	443	49714	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.352575064 CEST	49711	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.352597952 CEST	443	49711	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.353190899 CEST	49713	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.353303909 CEST	443	49713	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.353768110 CEST	443	49711	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.353837967 CEST	49711	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.354053020 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.354059935 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.354242086 CEST	49710	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.354257107 CEST	443	49710	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.354574919 CEST	49714	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.354583025 CEST	443	49714	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.354670048 CEST	49713	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.354686975 CEST	443	49713	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.355238914 CEST	49711	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.355313063 CEST	443	49711	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.355906963 CEST	49711	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.355926037 CEST	443	49711	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.397244930 CEST	49714	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.397250891 CEST	49711	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.397274971 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.397378922 CEST	49713	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.397381067 CEST	49710	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.419831038 CEST	49716	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:16.427059889 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.427120924 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.427176952 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.427200079 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.427231073 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.427262068 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.427274942 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.427280903 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.427483082 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.430208921 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.433343887 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.433389902 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.433398008 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.436491966 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.436682940 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.436687946 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.439680099 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.439734936 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.439742088 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.458710909 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.458738089 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.458801985 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.458825111 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.458882093 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.464231014 CEST	443	49716	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:16.467370987 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.467425108 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.467586994 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.467616081 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.467626095 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.467658997 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.467664003 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.467878103 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.467924118 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.467927933 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.467988968 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.468022108 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.468025923 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.468200922 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.468242884 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.468246937 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.468323946 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.468358040 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.468360901 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.468473911 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.468523979 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.468528032 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.469058990 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.469094992 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.469104052 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.469110966 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.469223976 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.469228029 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.469314098 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.469350100 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.469353914 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.469989061 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.470061064 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.470105886 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.470113039 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.470120907 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.470154047 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.470201015 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.470381975 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.470388889 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.470884085 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.470923901 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.470932961 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.470940113 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.470974922 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.470978022 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.471041918 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.471080065 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.477655888 CEST	49717	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.477704048 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.477808952 CEST	49717	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.478157043 CEST	49717	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.478173018 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.479187012 CEST	49709	443	192.168.2.6	104.17.24.14
Apr 2, 2024 01:41:16.479212046 CEST	443	49709	104.17.24.14	192.168.2.6
Apr 2, 2024 01:41:16.488713026 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.489789009 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.489859104 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.489917994 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.489917994 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.514169931 CEST	443	49710	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.514295101 CEST	443	49710	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.514503956 CEST	49710	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.516583920 CEST	443	49716	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:16.516650915 CEST	443	49716	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:16.516803026 CEST	49716	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:16.524252892 CEST	443	49714	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.524380922 CEST	443	49714	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.524437904 CEST	49714	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.528975964 CEST	443	49713	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.529083967 CEST	443	49713	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.529139042 CEST	49713	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.530452967 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.530481100 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.530540943 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.530560970 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.530591965 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.530608892 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.538137913 CEST	443	49711	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.538228035 CEST	443	49711	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.538531065 CEST	49711	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.546365976 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.546385050 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.546447992 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.546471119 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.546525002 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.558634996 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.558653116 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.558775902 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.558798075 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.558842897 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.561641932 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.561708927 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.561714888 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.561726093 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.561767101 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.561970949 CEST	49716	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:16.561984062 CEST	443	49716	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:16.622040987 CEST	49715	443	192.168.2.6	151.101.66.137
Apr 2, 2024 01:41:16.622078896 CEST	443	49715	151.101.66.137	192.168.2.6
Apr 2, 2024 01:41:16.694334030 CEST	443	49698	173.222.162.64	192.168.2.6
Apr 2, 2024 01:41:16.694559097 CEST	49698	443	192.168.2.6	173.222.162.64
Apr 2, 2024 01:41:16.760837078 CEST	49711	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.760874987 CEST	443	49711	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.761399031 CEST	49718	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.761444092 CEST	443	49718	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.761509895 CEST	49718	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.762157917 CEST	49713	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.762197018 CEST	443	49713	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.762815952 CEST	49714	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.762854099 CEST	443	49714	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.763520956 CEST	49710	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.763530970 CEST	443	49710	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.763917923 CEST	49712	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.763931036 CEST	443	49712	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.765896082 CEST	49718	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.765917063 CEST	443	49718	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.770348072 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.771326065 CEST	49717	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.771353006 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.771718025 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.777360916 CEST	49717	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.777451992 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.778143883 CEST	49719	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.778178930 CEST	443	49719	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.778260946 CEST	49719	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.783437014 CEST	49719	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.783452988 CEST	443	49719	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.783724070 CEST	49717	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:16.824240923 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.959335089 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.959393978 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.959471941 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:16.959518909 CEST	49717	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.057646990 CEST	443	49718	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.059657097 CEST	49720	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:17.059699059 CEST	443	49720	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:17.059828997 CEST	49720	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:17.061583042 CEST	49720	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:17.061614037 CEST	443	49720	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:17.071485043 CEST	443	49719	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.095988035 CEST	49718	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.096014023 CEST	443	49718	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.096350908 CEST	49719	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.096374035 CEST	443	49719	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.096440077 CEST	443	49718	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.096822023 CEST	443	49719	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.097618103 CEST	49718	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.097692966 CEST	443	49718	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.099176884 CEST	49719	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.099257946 CEST	443	49719	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.099845886 CEST	49718	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.099987984 CEST	49719	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.106435061 CEST	49717	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.106466055 CEST	443	49717	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.140239954 CEST	443	49719	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.140254021 CEST	443	49718	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.248389006 CEST	443	49718	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.248521090 CEST	443	49718	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.248589993 CEST	49718	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.249243021 CEST	49718	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.249263048 CEST	443	49718	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.257739067 CEST	443	49720	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:17.257813931 CEST	49720	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:17.259242058 CEST	49720	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:17.259252071 CEST	443	49720	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:17.259485006 CEST	443	49720	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:17.260585070 CEST	49720	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:17.260869980 CEST	443	49719	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.260971069 CEST	443	49719	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.261025906 CEST	49719	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.261507034 CEST	49719	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.261522055 CEST	443	49719	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.304244995 CEST	443	49720	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:17.447722912 CEST	443	49720	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:17.447802067 CEST	443	49720	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:17.447860956 CEST	49720	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:17.448592901 CEST	49720	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:17.448617935 CEST	443	49720	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:17.448632002 CEST	49720	443	192.168.2.6	23.221.242.90
Apr 2, 2024 01:41:17.448637962 CEST	443	49720	23.221.242.90	192.168.2.6
Apr 2, 2024 01:41:17.535387993 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.535425901 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.535484076 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.536417961 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.536431074 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.628817081 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.628853083 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.628915071 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.629364967 CEST	49723	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.629388094 CEST	443	49723	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.629611969 CEST	49723	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.629770994 CEST	49724	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.629815102 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.629916906 CEST	49724	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.630450964 CEST	49725	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.630501986 CEST	443	49725	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.630665064 CEST	49726	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.630692005 CEST	443	49726	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.630697012 CEST	49725	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.630747080 CEST	49726	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.631175995 CEST	49727	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.631207943 CEST	443	49727	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.631324053 CEST	49727	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.631866932 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.631877899 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.632330894 CEST	49723	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.632342100 CEST	443	49723	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.633138895 CEST	49727	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.633162022 CEST	443	49727	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.634016037 CEST	49726	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.634032011 CEST	443	49726	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.634633064 CEST	49725	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.634661913 CEST	443	49725	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.634875059 CEST	49724	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.634886980 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.826931953 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.827313900 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.827336073 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.827651024 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.828627110 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.828684092 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.829108000 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.876243114 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.925438881 CEST	443	49723	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.925697088 CEST	49723	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.925718069 CEST	443	49723	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.926676035 CEST	443	49723	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.926739931 CEST	49723	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.928016901 CEST	49723	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.928071976 CEST	443	49723	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.928546906 CEST	49723	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:17.928554058 CEST	443	49723	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:17.973718882 CEST	49723	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.017654896 CEST	443	49727	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.017781973 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.018271923 CEST	49727	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.018292904 CEST	443	49727	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.018513918 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.018531084 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.018573046 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.018594980 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.018610001 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.018626928 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.018650055 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.018668890 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.019483089 CEST	443	49727	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.019558907 CEST	49727	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.019689083 CEST	49721	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.019704103 CEST	443	49721	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.021569014 CEST	49727	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.021713972 CEST	443	49727	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.024595976 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.026161909 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.028647900 CEST	443	49726	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.028932095 CEST	443	49725	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.053215027 CEST	49725	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.053236961 CEST	443	49725	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.053657055 CEST	49726	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.053679943 CEST	443	49726	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.053936958 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.053958893 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.054224014 CEST	49724	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.054243088 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.054409981 CEST	443	49725	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.054471016 CEST	49725	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.054788113 CEST	443	49726	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.054816008 CEST	49727	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.054824114 CEST	443	49727	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.054843903 CEST	49726	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.055056095 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.055104971 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.055211067 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.055258989 CEST	49724	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.056036949 CEST	49725	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.056097031 CEST	443	49725	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.057112932 CEST	49726	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.057212114 CEST	443	49726	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.057904005 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.057964087 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.058478117 CEST	49724	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.058532000 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.058868885 CEST	49725	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.058876038 CEST	443	49725	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.059036016 CEST	49726	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.059045076 CEST	443	49726	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.059067011 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.059075117 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.059345961 CEST	49724	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.059350967 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.099358082 CEST	49727	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.099385023 CEST	49726	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.099384069 CEST	49725	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.099390984 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.114682913 CEST	49724	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.119775057 CEST	443	49723	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.119884968 CEST	443	49723	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.120049000 CEST	49723	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.130575895 CEST	49723	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.130592108 CEST	443	49723	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.131088972 CEST	49728	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.131115913 CEST	443	49728	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.131218910 CEST	49728	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.131746054 CEST	49728	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.131757975 CEST	443	49728	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.169255972 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.169317961 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.169389963 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.169446945 CEST	49724	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.179133892 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.179174900 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.179234982 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.179250002 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.179303885 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.179574013 CEST	443	49725	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.179671049 CEST	443	49725	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.179709911 CEST	49725	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.184257030 CEST	443	49727	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.184345007 CEST	443	49727	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.184457064 CEST	49727	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.187474012 CEST	443	49726	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.187549114 CEST	443	49726	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.187603951 CEST	49726	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.194523096 CEST	49724	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.194536924 CEST	443	49724	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.195475101 CEST	49729	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.195502043 CEST	443	49729	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.195569992 CEST	49729	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.196863890 CEST	49729	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.196872950 CEST	443	49729	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.201818943 CEST	49726	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.201836109 CEST	443	49726	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.202461004 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.202482939 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.202717066 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.203876019 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.203887939 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.205013037 CEST	49727	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.205034971 CEST	443	49727	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.206234932 CEST	49725	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.206248045 CEST	443	49725	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.222105980 CEST	49722	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.222115040 CEST	443	49722	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.420588970 CEST	443	49728	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.421533108 CEST	49728	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.421546936 CEST	443	49728	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.421870947 CEST	443	49728	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.423671961 CEST	49728	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.423731089 CEST	443	49728	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.423933029 CEST	49728	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.464236021 CEST	443	49728	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.485160112 CEST	443	49729	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.485961914 CEST	49729	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.485985041 CEST	443	49729	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.486310005 CEST	443	49729	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.486701965 CEST	49729	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.486757994 CEST	443	49729	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.487006903 CEST	49729	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.493774891 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.494054079 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.494076967 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.495088100 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.495167971 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.495910883 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.495970964 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.496232033 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.496244907 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.532234907 CEST	443	49729	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.539448023 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.610987902 CEST	443	49728	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.611156940 CEST	443	49728	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.611215115 CEST	49728	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.613609076 CEST	49728	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.613629103 CEST	443	49728	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.673516989 CEST	443	49729	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.673661947 CEST	443	49729	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.673712015 CEST	49729	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.687994957 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.688975096 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.688982964 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.689027071 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.689039946 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.689068079 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.689084053 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.689100027 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.689110994 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.689126015 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.689129114 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.689157009 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.690880060 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.698870897 CEST	49729	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.698908091 CEST	443	49729	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:18.719088078 CEST	49730	443	192.168.2.6	152.199.4.44
Apr 2, 2024 01:41:18.719118118 CEST	443	49730	152.199.4.44	192.168.2.6
Apr 2, 2024 01:41:25.582529068 CEST	443	49708	172.253.62.106	192.168.2.6
Apr 2, 2024 01:41:25.582596064 CEST	443	49708	172.253.62.106	192.168.2.6
Apr 2, 2024 01:41:25.582694054 CEST	49708	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:41:25.746105909 CEST	49708	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:41:25.746126890 CEST	443	49708	172.253.62.106	192.168.2.6
Apr 2, 2024 01:41:33.665004015 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:33.665031910 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:33.665163994 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:33.665491104 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:33.665505886 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:33.668256998 CEST	49748	443	192.168.2.6	192.229.211.199
Apr 2, 2024 01:41:33.668296099 CEST	443	49748	192.229.211.199	192.168.2.6
Apr 2, 2024 01:41:33.668692112 CEST	49748	443	192.168.2.6	192.229.211.199
Apr 2, 2024 01:41:33.669051886 CEST	49748	443	192.168.2.6	192.229.211.199
Apr 2, 2024 01:41:33.669063091 CEST	443	49748	192.229.211.199	192.168.2.6
Apr 2, 2024 01:41:33.962162971 CEST	443	49748	192.229.211.199	192.168.2.6
Apr 2, 2024 01:41:33.962455034 CEST	49748	443	192.168.2.6	192.229.211.199
Apr 2, 2024 01:41:33.962482929 CEST	443	49748	192.229.211.199	192.168.2.6
Apr 2, 2024 01:41:33.963377953 CEST	443	49748	192.229.211.199	192.168.2.6
Apr 2, 2024 01:41:33.963460922 CEST	49748	443	192.168.2.6	192.229.211.199
Apr 2, 2024 01:41:33.964524984 CEST	49748	443	192.168.2.6	192.229.211.199
Apr 2, 2024 01:41:33.964587927 CEST	443	49748	192.229.211.199	192.168.2.6
Apr 2, 2024 01:41:34.011450052 CEST	49748	443	192.168.2.6	192.229.211.199
Apr 2, 2024 01:41:34.011457920 CEST	443	49748	192.229.211.199	192.168.2.6
Apr 2, 2024 01:41:34.015302896 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.015569925 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.015592098 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.016489029 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.016622066 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.017529011 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.017592907 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.017756939 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.017766953 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.057205915 CEST	49748	443	192.168.2.6	192.229.211.199
Apr 2, 2024 01:41:34.072606087 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.312052011 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.312072992 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.312083006 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.312107086 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.312112093 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.312118053 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.312210083 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.312210083 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.312235117 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.312397003 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.312416077 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.312422991 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.312428951 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.312448025 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.312515974 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.411102057 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.411130905 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.411248922 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.411268950 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.411426067 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.411878109 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.411892891 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.411967993 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.411973953 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.412138939 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.412277937 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.412292957 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.412439108 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.412446976 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.412597895 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.509741068 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.509766102 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.509840012 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.509860992 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.509947062 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.510196924 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.510211945 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.510442019 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.510449886 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.510694027 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.512449980 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.512464046 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.512537956 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.512545109 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.512653112 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.521609068 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.521622896 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.521863937 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.521869898 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.522079945 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.522533894 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.522573948 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.522608995 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.522651911 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.522651911 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.522717953 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.524796009 CEST	49747	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.524805069 CEST	443	49747	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.562731981 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.562764883 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.562895060 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.563163042 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.563174963 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.611588955 CEST	49750	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.611634016 CEST	443	49750	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.612047911 CEST	49750	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.612404108 CEST	49750	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.612406969 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.612416029 CEST	443	49750	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.612432003 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.612622023 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.612862110 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.612870932 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.876522064 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.876832008 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.876859903 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.877208948 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.877659082 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.877659082 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.877672911 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.877726078 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.921035051 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.921303034 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.921314001 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.922290087 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.922430038 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.922815084 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.922874928 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.922972918 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.927642107 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.927743912 CEST	443	49750	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.934729099 CEST	49750	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.934752941 CEST	443	49750	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.935635090 CEST	443	49750	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.935730934 CEST	49750	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.937939882 CEST	49750	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.937994003 CEST	443	49750	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.938250065 CEST	49750	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.938256025 CEST	443	49750	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.963049889 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:34.963057995 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:34.978894949 CEST	49750	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.006521940 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.128626108 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.128669977 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.128730059 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.128736973 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.128787994 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.130069017 CEST	49751	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.130090952 CEST	443	49751	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.144016027 CEST	443	49750	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.144345999 CEST	443	49750	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.144402027 CEST	49750	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.144764900 CEST	49750	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.144781113 CEST	443	49750	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.181502104 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.181524992 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.181533098 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.181565046 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.181598902 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.181613922 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.181641102 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.181659937 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.181693077 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.182456970 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.182476997 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.182516098 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.182545900 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.182553053 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.182565928 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.182585001 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.182631016 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.185484886 CEST	49749	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:35.185497046 CEST	443	49749	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:35.240274906 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.240303993 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.240359068 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.240498066 CEST	49754	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.240530014 CEST	443	49754	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.240588903 CEST	49754	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.240891933 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.240904093 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.241153955 CEST	49754	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.241166115 CEST	443	49754	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.320627928 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.320661068 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.320733070 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.321223021 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.321234941 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.576775074 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.577028036 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.577045918 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.578048944 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.578116894 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.578607082 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.578665972 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.578742981 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.578748941 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.580851078 CEST	443	49754	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.581039906 CEST	49754	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.581058025 CEST	443	49754	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.581933022 CEST	443	49754	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.581993103 CEST	49754	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.582288980 CEST	49754	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.582345009 CEST	443	49754	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.582402945 CEST	49754	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.582411051 CEST	443	49754	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.618632078 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.624497890 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.624690056 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.624696970 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.625570059 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.625647068 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.626643896 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.626725912 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.626827955 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.633846045 CEST	49754	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.668239117 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.679106951 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.679115057 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.727361917 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.781600952 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.781991959 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.782037020 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.782047033 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.782058954 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.782098055 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.782510996 CEST	49753	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.782522917 CEST	443	49753	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.783603907 CEST	443	49754	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.783817053 CEST	443	49754	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.784117937 CEST	49754	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.785309076 CEST	49754	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.785320997 CEST	443	49754	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.926162958 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.926186085 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.926192999 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.926214933 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.926229954 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.926239967 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.926248074 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.926254988 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.926273108 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.926278114 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.926300049 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.926307917 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:35.926408052 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.927653074 CEST	49755	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:35.927661896 CEST	443	49755	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:36.028994083 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.029027939 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.029095888 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.029313087 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.029325008 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.339036942 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.339286089 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.339312077 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.340194941 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.340497017 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.340589046 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.340639114 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.340720892 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.340725899 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.381920099 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.641522884 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.641556025 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.641561985 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.641588926 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.641599894 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.641608953 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.641614914 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.641633034 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.641655922 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.641658068 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:36.641731024 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.642812967 CEST	49756	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:36.642823935 CEST	443	49756	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:41.292198896 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.292238951 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.292314053 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.295267105 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.295279026 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.373035908 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.373073101 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.373223066 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.374073029 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.374089956 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.457195044 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.457226038 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.457452059 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.458004951 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.458028078 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.458102942 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.458328962 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.458344936 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.461893082 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.461905956 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.465533018 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.465572119 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.465636015 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.466515064 CEST	49769	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.466551065 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.466610909 CEST	49769	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.466933966 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.466947079 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.467351913 CEST	49769	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.467365980 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.602471113 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.605446100 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.605464935 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.606622934 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.606683969 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.607264996 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.607325077 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.607579947 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.607589960 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.648991108 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.679426908 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.686579943 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.686604977 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.687805891 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.687869072 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.729954004 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.730173111 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.730407953 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.730424881 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.764601946 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.767256975 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.767292023 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.768317938 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.768373966 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.769906044 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.769995928 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.770029068 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.771528959 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.772974014 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.776614904 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.776634932 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.777570963 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.777637005 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.778158903 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.778278112 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.778280973 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.778337955 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.802541018 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.802762032 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.802846909 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.802874088 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.803230047 CEST	49769	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.803244114 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.803711891 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.803783894 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.803852081 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.804261923 CEST	49769	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.804325104 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.804497957 CEST	49769	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.805037975 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.805095911 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.805298090 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.805305958 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.812935114 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.812942982 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.827613115 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.827620029 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.845664024 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.852231026 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.853960991 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.869175911 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.880753040 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.880779982 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.880839109 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.880872011 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.880887985 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.880929947 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.884881020 CEST	49765	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.884897947 CEST	443	49765	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906518936 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906550884 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906559944 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906585932 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906599045 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.906613111 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906636000 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906655073 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.906655073 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.906670094 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906675100 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.906686068 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906744003 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.906753063 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906781912 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.906949997 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.909341097 CEST	49764	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.909368038 CEST	443	49764	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.979454041 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.979995966 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.980048895 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:41.980056047 CEST	49769	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.980112076 CEST	49769	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.983028889 CEST	49769	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:41.983048916 CEST	443	49769	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.075838089 CEST	49772	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.075879097 CEST	443	49772	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.076035023 CEST	49772	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.077274084 CEST	49772	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.077289104 CEST	443	49772	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.078116894 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.078141928 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.078149080 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.078193903 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.078198910 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.078214884 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.078223944 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.078242064 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.078268051 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.079138041 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.079154968 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.079205036 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.079216957 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.079262018 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.112068892 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.112092018 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.112097979 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.112124920 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.112139940 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.112140894 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.112157106 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.112179041 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.112190962 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.112190962 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.112215042 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.112234116 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.112591028 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.112646103 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.112652063 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.112657070 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.112685919 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.112701893 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.116101027 CEST	49766	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.116111040 CEST	443	49766	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.177273989 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.177304029 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.177356958 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.177381992 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.177401066 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.177411079 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.177428007 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.177433014 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.177453041 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.177468061 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.177483082 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.177506924 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.179403067 CEST	49768	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.179414988 CEST	443	49768	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.263983965 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.264012098 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.264019012 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.264079094 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.264108896 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.264147997 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.264152050 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.264183044 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.264261961 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.265153885 CEST	49767	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:42.265166998 CEST	443	49767	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:42.390221119 CEST	443	49772	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.390422106 CEST	49772	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.390448093 CEST	443	49772	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.390749931 CEST	443	49772	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.391037941 CEST	49772	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.391096115 CEST	443	49772	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.433679104 CEST	49772	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.556529045 CEST	49773	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.556583881 CEST	443	49773	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.556813955 CEST	49773	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.569735050 CEST	49773	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.569750071 CEST	443	49773	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.882436037 CEST	443	49773	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.883431911 CEST	49773	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.883459091 CEST	443	49773	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.883836031 CEST	443	49773	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.884195089 CEST	49773	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:42.884265900 CEST	443	49773	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:42.926902056 CEST	49773	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:43.683187008 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:43.683229923 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:43.683310986 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:43.684001923 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:43.684015989 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:43.989609003 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:43.990021944 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:43.990050077 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:43.990397930 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:43.990748882 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:43.990807056 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:43.990937948 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:44.036242962 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:44.196938038 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:44.196970940 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:44.197062969 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:44.197072983 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:44.197109938 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:44.197896004 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:44.197912931 CEST	443	49774	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:44.197938919 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:44.197958946 CEST	49774	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:44.366539955 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.366573095 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.366641998 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.366864920 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.366878986 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.373928070 CEST	49777	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.373965979 CEST	443	49777	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.374017954 CEST	49777	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.374227047 CEST	49777	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.374243975 CEST	443	49777	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.677237988 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.678121090 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.678134918 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.678591967 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.679837942 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.679903984 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.680200100 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.688453913 CEST	443	49777	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.688901901 CEST	49777	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.688924074 CEST	443	49777	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.689214945 CEST	443	49777	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.689541101 CEST	49777	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.689604044 CEST	443	49777	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.689892054 CEST	49777	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.720252991 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.732253075 CEST	443	49777	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.922220945 CEST	443	49777	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.922477007 CEST	443	49777	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.922537088 CEST	49777	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.923393965 CEST	49777	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.923413038 CEST	443	49777	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.938393116 CEST	49780	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.938421965 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.938668966 CEST	49780	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.939063072 CEST	49780	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:44.939079046 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:44.959394932 CEST	49783	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:44.959419966 CEST	443	49783	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:44.959520102 CEST	49783	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:44.959820986 CEST	49783	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:44.959834099 CEST	443	49783	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:45.011331081 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.011353970 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.011395931 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.011411905 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.011431932 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.011462927 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.011483908 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.012056112 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.012075901 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.012115955 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.012123108 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.012149096 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.012168884 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.114814997 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.114846945 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.114902973 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.114921093 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.114955902 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.114968061 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.115581989 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.115597963 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.115657091 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.115664959 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.115704060 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.116444111 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.116461992 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.116523027 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.116529942 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.116780043 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.214684963 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.214708090 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.214773893 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.214796066 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.214885950 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.215198994 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.215255976 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.215262890 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.215281963 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.215331078 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.215924978 CEST	49775	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.215934992 CEST	443	49775	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.254580021 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.257164001 CEST	49780	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.257188082 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.257648945 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.260257959 CEST	49780	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.260323048 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.260574102 CEST	49780	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.264252901 CEST	443	49783	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:45.264523029 CEST	49783	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:45.264533043 CEST	443	49783	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:45.264866114 CEST	443	49783	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:45.265531063 CEST	49783	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:45.265592098 CEST	443	49783	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:45.265851021 CEST	49783	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:45.308229923 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.308295012 CEST	443	49783	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:45.444700003 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.444729090 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.444789886 CEST	49780	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.444813013 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.444863081 CEST	49780	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.445265055 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.445327044 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.445544004 CEST	49780	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.447051048 CEST	49780	443	192.168.2.6	13.107.246.40
Apr 2, 2024 01:41:45.447060108 CEST	443	49780	13.107.246.40	192.168.2.6
Apr 2, 2024 01:41:45.480568886 CEST	443	49783	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:45.480912924 CEST	443	49783	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:45.480973959 CEST	49783	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:45.481378078 CEST	49783	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:45.481390953 CEST	443	49783	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:47.282320976 CEST	443	49772	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:47.282407999 CEST	443	49772	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:47.282463074 CEST	49772	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:47.710639000 CEST	49772	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:47.710669041 CEST	443	49772	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:47.771209002 CEST	443	49773	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:47.771286964 CEST	443	49773	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:47.771331072 CEST	49773	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:48.654656887 CEST	49773	443	192.168.2.6	13.107.213.40
Apr 2, 2024 01:41:48.654690981 CEST	443	49773	13.107.213.40	192.168.2.6
Apr 2, 2024 01:41:59.083951950 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:41:59.083977938 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:42:13.703749895 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:42:13.703838110 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:42:13.703885078 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:42:13.712477922 CEST	49705	443	192.168.2.6	82.156.94.13
Apr 2, 2024 01:42:13.712495089 CEST	443	49705	82.156.94.13	192.168.2.6
Apr 2, 2024 01:42:15.272684097 CEST	49795	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:42:15.272723913 CEST	443	49795	172.253.62.106	192.168.2.6
Apr 2, 2024 01:42:15.272785902 CEST	49795	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:42:15.273026943 CEST	49795	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:42:15.273040056 CEST	443	49795	172.253.62.106	192.168.2.6
Apr 2, 2024 01:42:15.479201078 CEST	443	49795	172.253.62.106	192.168.2.6
Apr 2, 2024 01:42:15.479528904 CEST	49795	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:42:15.479547024 CEST	443	49795	172.253.62.106	192.168.2.6
Apr 2, 2024 01:42:15.479878902 CEST	443	49795	172.253.62.106	192.168.2.6
Apr 2, 2024 01:42:15.480290890 CEST	49795	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:42:15.480410099 CEST	443	49795	172.253.62.106	192.168.2.6
Apr 2, 2024 01:42:15.521379948 CEST	49795	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:42:19.021451950 CEST	49748	443	192.168.2.6	192.229.211.199
Apr 2, 2024 01:42:19.021475077 CEST	443	49748	192.229.211.199	192.168.2.6
Apr 2, 2024 01:42:25.551373959 CEST	443	49795	172.253.62.106	192.168.2.6
Apr 2, 2024 01:42:25.551451921 CEST	443	49795	172.253.62.106	192.168.2.6
Apr 2, 2024 01:42:25.551673889 CEST	49795	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:42:25.712387085 CEST	49795	443	192.168.2.6	172.253.62.106
Apr 2, 2024 01:42:25.712410927 CEST	443	49795	172.253.62.106	192.168.2.6
Apr 2, 2024 01:42:33.958817959 CEST	443	49748	192.229.211.199	192.168.2.6
Apr 2, 2024 01:42:33.958901882 CEST	443	49748	192.229.211.199	192.168.2.6
Apr 2, 2024 01:42:33.959027052 CEST	49748	443	192.168.2.6	192.229.211.199

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 2, 2024 01:41:11.413757086 CEST	53	60286	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:11.532150030 CEST	53	55625	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:12.268157005 CEST	53	64769	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:12.783868074 CEST	52782	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:12.784162045 CEST	50387	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:13.023370981 CEST	53	52782	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:13.090332985 CEST	53	50387	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:15.212899923 CEST	52178	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:15.213213921 CEST	61486	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:15.307917118 CEST	53	52178	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:15.308576107 CEST	53	61486	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:15.900243998 CEST	63388	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:15.900787115 CEST	51363	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:15.901196003 CEST	55791	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:15.901607037 CEST	51615	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:15.902587891 CEST	59185	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:15.902834892 CEST	57433	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:15.995312929 CEST	53	63388	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:15.996316910 CEST	53	55791	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:15.996584892 CEST	53	51615	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:15.996665955 CEST	53	51363	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:15.997376919 CEST	53	59185	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:15.997701883 CEST	53	57433	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:17.525897980 CEST	55693	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:17.532382011 CEST	50944	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:17.621433020 CEST	53	55693	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:17.628309011 CEST	53	50944	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:30.100148916 CEST	53	59353	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:32.674089909 CEST	50078	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:32.674729109 CEST	54406	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:33.570677042 CEST	54736	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:33.571146965 CEST	51337	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:33.666811943 CEST	53	51337	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:33.667396069 CEST	53	54736	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:35.059636116 CEST	53	57591	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:39.986932039 CEST	61833	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:39.987756014 CEST	59906	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:41.401222944 CEST	64818	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:41.401499033 CEST	55824	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:48.898695946 CEST	53	52011	1.1.1.1	192.168.2.6
Apr 2, 2024 01:41:51.694013119 CEST	63219	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:41:51.694869995 CEST	51376	53	192.168.2.6	1.1.1.1
Apr 2, 2024 01:42:11.140573978 CEST	53	63471	1.1.1.1	192.168.2.6
Apr 2, 2024 01:42:11.797203064 CEST	53	59071	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 2, 2024 01:41:13.090423107 CEST	192.168.2.6	1.1.1.1	c248	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 2, 2024 01:41:12.783868074 CEST	192.168.2.6	1.1.1.1	0x7d8f	Standard query (0)	appservies02342-1321331581.cos.ap-beijing.myqcloud.com	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:12.784162045 CEST	192.168.2.6	1.1.1.1	0x8732	Standard query (0)	appservies02342-1321331581.cos.ap-beijing.myqcloud.com	65	IN (0x0001)	false
Apr 2, 2024 01:41:15.212899923 CEST	192.168.2.6	1.1.1.1	0x32b1	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.213213921 CEST	192.168.2.6	1.1.1.1	0x32c4	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 2, 2024 01:41:15.900243998 CEST	192.168.2.6	1.1.1.1	0x9be2	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.900787115 CEST	192.168.2.6	1.1.1.1	0x8c0e	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Apr 2, 2024 01:41:15.901196003 CEST	192.168.2.6	1.1.1.1	0x53b7	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.901607037 CEST	192.168.2.6	1.1.1.1	0xea13	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 2, 2024 01:41:15.902587891 CEST	192.168.2.6	1.1.1.1	0x8dce	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.902834892 CEST	192.168.2.6	1.1.1.1	0xff21	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Apr 2, 2024 01:41:17.525897980 CEST	192.168.2.6	1.1.1.1	0xc39	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:17.532382011 CEST	192.168.2.6	1.1.1.1	0xee53	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Apr 2, 2024 01:41:32.674089909 CEST	192.168.2.6	1.1.1.1	0xceb9	Standard query (0)	account.live.com	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:32.674729109 CEST	192.168.2.6	1.1.1.1	0x9969	Standard query (0)	account.live.com	65	IN (0x0001)	false
Apr 2, 2024 01:41:33.570677042 CEST	192.168.2.6	1.1.1.1	0xa970	Standard query (0)	logincdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:33.571146965 CEST	192.168.2.6	1.1.1.1	0x25f9	Standard query (0)	logincdn.msftauth.net	65	IN (0x0001)	false
Apr 2, 2024 01:41:39.986932039 CEST	192.168.2.6	1.1.1.1	0xb8cd	Standard query (0)	signup.live.com	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:39.987756014 CEST	192.168.2.6	1.1.1.1	0x698d	Standard query (0)	signup.live.com	65	IN (0x0001)	false
Apr 2, 2024 01:41:41.401222944 CEST	192.168.2.6	1.1.1.1	0xcaa2	Standard query (0)	acctcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:41.401499033 CEST	192.168.2.6	1.1.1.1	0x6866	Standard query (0)	acctcdn.msftauth.net	65	IN (0x0001)	false
Apr 2, 2024 01:41:51.694013119 CEST	192.168.2.6	1.1.1.1	0x88	Standard query (0)	signup.live.com	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:51.694869995 CEST	192.168.2.6	1.1.1.1	0x2a6d	Standard query (0)	signup.live.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 2, 2024 01:41:13.023370981 CEST	1.1.1.1	192.168.2.6	0x7d8f	No error (0)	appservies02342-1321331581.cos.ap-beijing.myqcloud.com	bj.file.myqcloud.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:13.023370981 CEST	1.1.1.1	192.168.2.6	0x7d8f	No error (0)	bj.file.myqcloud.com		82.156.94.13	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:13.023370981 CEST	1.1.1.1	192.168.2.6	0x7d8f	No error (0)	bj.file.myqcloud.com		82.156.94.17	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:13.023370981 CEST	1.1.1.1	192.168.2.6	0x7d8f	No error (0)	bj.file.myqcloud.com		82.156.94.45	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:13.023370981 CEST	1.1.1.1	192.168.2.6	0x7d8f	No error (0)	bj.file.myqcloud.com		82.156.94.47	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:13.023370981 CEST	1.1.1.1	192.168.2.6	0x7d8f	No error (0)	bj.file.myqcloud.com		82.156.94.48	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.307917118 CEST	1.1.1.1	192.168.2.6	0x32b1	No error (0)	www.google.com		172.253.62.106	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.307917118 CEST	1.1.1.1	192.168.2.6	0x32b1	No error (0)	www.google.com		172.253.62.99	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.307917118 CEST	1.1.1.1	192.168.2.6	0x32b1	No error (0)	www.google.com		172.253.62.105	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.307917118 CEST	1.1.1.1	192.168.2.6	0x32b1	No error (0)	www.google.com		172.253.62.104	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.307917118 CEST	1.1.1.1	192.168.2.6	0x32b1	No error (0)	www.google.com		172.253.62.147	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.307917118 CEST	1.1.1.1	192.168.2.6	0x32b1	No error (0)	www.google.com		172.253.62.103	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.308576107 CEST	1.1.1.1	192.168.2.6	0x32c4	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 2, 2024 01:41:15.995312929 CEST	1.1.1.1	192.168.2.6	0x9be2	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.995312929 CEST	1.1.1.1	192.168.2.6	0x9be2	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.996316910 CEST	1.1.1.1	192.168.2.6	0x53b7	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:15.996316910 CEST	1.1.1.1	192.168.2.6	0x53b7	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.996584892 CEST	1.1.1.1	192.168.2.6	0xea13	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:15.996665955 CEST	1.1.1.1	192.168.2.6	0x8c0e	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Apr 2, 2024 01:41:15.997376919 CEST	1.1.1.1	192.168.2.6	0x8dce	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.997376919 CEST	1.1.1.1	192.168.2.6	0x8dce	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.997376919 CEST	1.1.1.1	192.168.2.6	0x8dce	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:15.997376919 CEST	1.1.1.1	192.168.2.6	0x8dce	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:17.621433020 CEST	1.1.1.1	192.168.2.6	0xc39	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:17.621433020 CEST	1.1.1.1	192.168.2.6	0xc39	No error (0)	cs1100.wpc.omegacdn.net		152.199.4.44	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:17.628309011 CEST	1.1.1.1	192.168.2.6	0xee53	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:26.163233995 CEST	1.1.1.1	192.168.2.6	0x7f14	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:26.163233995 CEST	1.1.1.1	192.168.2.6	0x7f14	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:26.489115000 CEST	1.1.1.1	192.168.2.6	0x3584	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:26.489115000 CEST	1.1.1.1	192.168.2.6	0x3584	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:32.769901991 CEST	1.1.1.1	192.168.2.6	0xceb9	No error (0)	account.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:32.773401022 CEST	1.1.1.1	192.168.2.6	0x9969	No error (0)	account.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:33.662221909 CEST	1.1.1.1	192.168.2.6	0xac56	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:33.662221909 CEST	1.1.1.1	192.168.2.6	0xac56	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:33.662221909 CEST	1.1.1.1	192.168.2.6	0xac56	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:33.666811943 CEST	1.1.1.1	192.168.2.6	0x25f9	No error (0)	logincdn.msftauth.net	cs1227.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:33.667396069 CEST	1.1.1.1	192.168.2.6	0xa970	No error (0)	logincdn.msftauth.net	cs1227.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:33.667396069 CEST	1.1.1.1	192.168.2.6	0xa970	No error (0)	cs1227.wpc.alphacdn.net		192.229.211.199	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:33.762825012 CEST	1.1.1.1	192.168.2.6	0x4499	No error (0)	cs1227.wpc.alphacdn.net		192.229.211.199	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:33.777244091 CEST	1.1.1.1	192.168.2.6	0xa12	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:33.777244091 CEST	1.1.1.1	192.168.2.6	0xa12	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:33.777244091 CEST	1.1.1.1	192.168.2.6	0xa12	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:35.239800930 CEST	1.1.1.1	192.168.2.6	0xb079	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:35.239800930 CEST	1.1.1.1	192.168.2.6	0xb079	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:35.239800930 CEST	1.1.1.1	192.168.2.6	0xb079	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:35.316308975 CEST	1.1.1.1	192.168.2.6	0x9bf6	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:35.316308975 CEST	1.1.1.1	192.168.2.6	0x9bf6	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:35.316308975 CEST	1.1.1.1	192.168.2.6	0x9bf6	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:36.027475119 CEST	1.1.1.1	192.168.2.6	0x6bfd	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:36.027475119 CEST	1.1.1.1	192.168.2.6	0x6bfd	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:36.027475119 CEST	1.1.1.1	192.168.2.6	0x6bfd	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:39.805999994 CEST	1.1.1.1	192.168.2.6	0x9d5a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:39.805999994 CEST	1.1.1.1	192.168.2.6	0x9d5a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:40.082343102 CEST	1.1.1.1	192.168.2.6	0xb8cd	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:40.087888002 CEST	1.1.1.1	192.168.2.6	0x698d	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:41.394399881 CEST	1.1.1.1	192.168.2.6	0x6daf	No error (0)	scdn1efff.wpc.9da5e.alphacdn.net	sni1gl.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:41.395246029 CEST	1.1.1.1	192.168.2.6	0x10f	No error (0)	scdn1efff.wpc.9da5e.alphacdn.net	sni1gl.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:41.395246029 CEST	1.1.1.1	192.168.2.6	0x10f	No error (0)	sni1gl.wpc.alphacdn.net		152.195.19.97	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:41.398937941 CEST	1.1.1.1	192.168.2.6	0x2a4	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:41.398937941 CEST	1.1.1.1	192.168.2.6	0x2a4	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:41.398937941 CEST	1.1.1.1	192.168.2.6	0x2a4	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:41:41.497452974 CEST	1.1.1.1	192.168.2.6	0x6866	No error (0)	acctcdn.msftauth.net	acctcdn.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:41.498281002 CEST	1.1.1.1	192.168.2.6	0xcaa2	No error (0)	acctcdn.msftauth.net	acctcdn.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:41.498281002 CEST	1.1.1.1	192.168.2.6	0xcaa2	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	global-entry-afdthirdparty-fallback-first.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:51.789361000 CEST	1.1.1.1	192.168.2.6	0x88	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:41:51.796256065 CEST	1.1.1.1	192.168.2.6	0x2a6d	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:42:04.108047009 CEST	1.1.1.1	192.168.2.6	0xf93e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:42:04.108047009 CEST	1.1.1.1	192.168.2.6	0xf93e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 2, 2024 01:42:24.337989092 CEST	1.1.1.1	192.168.2.6	0x272	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 2, 2024 01:42:24.337989092 CEST	1.1.1.1	192.168.2.6	0x272	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

appservies02342-1321331581.cos.ap-beijing.myqcloud.com

cdnjs.cloudflare.com

code.jquery.com

aadcdn.msftauth.net

fs.microsoft.com

https:

logincdn.msauth.net

acctcdn.msauth.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49704	82.156.94.13	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:14 UTC	727	OUT	GET /cummon/update-agreements/claim HTTP/1.1 Host: appservies02342-1321331581.cos.ap-beijing.myqcloud.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:14 UTC	401	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 198160 Connection: close Accept-Ranges: bytes Date: Mon, 01 Apr 2024 23:41:14 GMT ETag: "4be46fd4ce0bed4652abe1e193517c69" Last-Modified: Fri, 16 Feb 2024 18:13:36 GMT Server: tencent-cos x-cos-hash-crc64ecma: 15440875190973069685 x-cos-request-id: NjYwYjQ2MWFfNmM0ZTQ0MGJfMTdjOWFfMTFiMzRmYw== x-cos-server-side-encryption: AES256
2024-04-01 23:41:14 UTC	7803	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 6c 65 74 20 68 74 6d 6c 43 6f 6e 74 65 6e 74 20 3d 20 27 50 Data Ascii: <!DOCTYPE html><html lang="en"><head> <title></title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex,nofollow"> <script> let htmlContent = 'P
2024-04-01 23:41:14 UTC	16384	IN	Data Raw: 48 41 4b 49 43 42 39 43 67 6f 67 49 47 4a 73 62 32 4e 72 63 58 56 76 64 47 55 67 63 44 70 73 59 58 4e 30 4c 57 4e 6f 61 57 78 6b 4c 41 6f 67 49 47 4a 73 62 32 4e 72 63 58 56 76 64 47 55 67 64 57 77 36 62 47 46 7a 64 43 31 6a 61 47 6c 73 5a 43 77 4b 49 43 42 69 62 47 39 6a 61 33 46 31 62 33 52 6c 49 47 39 73 4f 6d 78 68 63 33 51 74 59 32 68 70 62 47 51 67 65 77 6f 67 49 43 42 74 59 58 4a 6e 61 57 34 74 59 6d 39 30 64 47 39 74 4f 69 41 77 43 69 41 67 66 51 6f 4b 49 43 42 69 62 47 39 6a 61 33 46 31 62 33 52 6c 49 47 5a 76 62 33 52 6c 63 69 77 4b 49 43 42 69 62 47 39 6a 61 33 46 31 62 33 52 6c 49 48 4e 74 59 57 78 73 4c 41 6f 67 49 47 4a 73 62 32 4e 72 63 58 56 76 64 47 55 67 4c 6e 4e 74 59 57 78 73 49 48 73 4b 49 43 41 67 5a 47 6c 7a 63 47 78 68 65 54 6f 67 Data Ascii: HAKICB9CgogIGJsb2NrcXVvdGUgcDpsYXN0LWNoaWxkLAogIGJsb2NrcXVvdGUgdWw6bGFzdC1jaGlsZCwKICBibG9ja3F1b3RlIG9sOmxhc3QtY2hpbGQgewogICBtYXJnaW4tYm90dG9tOiAwCiAgfQoKICBibG9ja3F1b3RlIGZvb3RlciwKICBibG9ja3F1b3RlIHNtYWxsLAogIGJsb2NrcXVvdGUgLnNtYWxsIHsKICAgZGlzcGxheTog
2024-04-01 23:41:14 UTC	8168	IN	Data Raw: 43 30 78 4e 53 42 37 43 69 41 67 49 48 4a 70 5a 32 68 30 4f 69 41 32 4d 69 34 31 4a 51 6f 67 49 48 30 4b 43 69 41 67 4c 6d 4e 76 62 43 31 34 63 79 31 77 64 57 78 73 4c 54 45 32 49 48 73 4b 49 43 41 67 63 6d 6c 6e 61 48 51 36 49 44 59 32 4c 6a 59 32 4e 6a 59 33 4a 51 6f 67 49 48 30 4b 43 69 41 67 4c 6d 4e 76 62 43 31 34 63 79 31 77 64 57 78 73 4c 54 45 33 49 48 73 4b 49 43 41 67 63 6d 6c 6e 61 48 51 36 49 44 63 77 4c 6a 67 7a 4d 7a 4d 7a 4a 51 6f 67 49 48 30 4b 43 69 41 67 4c 6d 4e 76 62 43 31 34 63 79 31 77 64 57 78 73 4c 54 45 34 49 48 73 4b 49 43 41 67 63 6d 6c 6e 61 48 51 36 49 44 63 31 4a 51 6f 67 49 48 30 4b 43 69 41 67 4c 6d 4e 76 62 43 31 34 63 79 31 77 64 57 78 73 4c 54 45 35 49 48 73 4b 49 43 41 67 63 6d 6c 6e 61 48 51 36 49 44 63 35 4c 6a 45 32 Data Ascii: C0xNSB7CiAgIHJpZ2h0OiA2Mi41JQogIH0KCiAgLmNvbC14cy1wdWxsLTE2IHsKICAgcmlnaHQ6IDY2LjY2NjY3JQogIH0KCiAgLmNvbC14cy1wdWxsLTE3IHsKICAgcmlnaHQ6IDcwLjgzMzMzJQogIH0KCiAgLmNvbC14cy1wdWxsLTE4IHsKICAgcmlnaHQ6IDc1JQogIH0KCiAgLmNvbC14cy1wdWxsLTE5IHsKICAgcmlnaHQ6IDc5LjE2
2024-04-01 23:41:15 UTC	16384	IN	Data Raw: 43 41 67 62 47 56 6d 64 44 6f 67 4e 7a 6b 75 4d 54 59 32 4e 6a 63 6c 43 69 41 67 49 48 30 4b 43 69 41 67 49 43 35 6a 62 32 77 74 63 32 30 74 63 48 56 7a 61 43 30 79 4d 43 42 37 43 69 41 67 49 43 42 73 5a 57 5a 30 4f 69 41 34 4d 79 34 7a 4d 7a 4d 7a 4d 79 55 4b 49 43 41 67 66 51 6f 4b 49 43 41 67 4c 6d 4e 76 62 43 31 7a 62 53 31 77 64 58 4e 6f 4c 54 49 78 49 48 73 4b 49 43 41 67 49 47 78 6c 5a 6e 51 36 49 44 67 33 4c 6a 55 6c 43 69 41 67 49 48 30 4b 43 69 41 67 49 43 35 6a 62 32 77 74 63 32 30 74 63 48 56 7a 61 43 30 79 4d 69 42 37 43 69 41 67 49 43 42 73 5a 57 5a 30 4f 69 41 35 4d 53 34 32 4e 6a 59 32 4e 79 55 4b 49 43 41 67 66 51 6f 4b 49 43 41 67 4c 6d 4e 76 62 43 31 7a 62 53 31 77 64 58 4e 6f 4c 54 49 7a 49 48 73 4b 49 43 41 67 49 47 78 6c 5a 6e 51 36 Data Ascii: CAgbGVmdDogNzkuMTY2NjclCiAgIH0KCiAgIC5jb2wtc20tcHVzaC0yMCB7CiAgICBsZWZ0OiA4My4zMzMzMyUKICAgfQoKICAgLmNvbC1zbS1wdXNoLTIxIHsKICAgIGxlZnQ6IDg3LjUlCiAgIH0KCiAgIC5jb2wtc20tcHVzaC0yMiB7CiAgICBsZWZ0OiA5MS42NjY2NyUKICAgfQoKICAgLmNvbC1zbS1wdXNoLTIzIHsKICAgIGxlZnQ6
2024-04-01 23:41:15 UTC	8168	IN	Data Raw: 43 42 33 61 57 52 30 61 44 6f 67 4d 7a 4d 75 4d 7a 4d 7a 4d 7a 4d 6c 43 69 41 67 49 48 30 4b 43 69 41 67 49 43 35 6a 62 32 77 74 65 47 77 74 4f 53 42 37 43 69 41 67 49 43 42 33 61 57 52 30 61 44 6f 67 4d 7a 63 75 4e 53 55 4b 49 43 41 67 66 51 6f 4b 49 43 41 67 4c 6d 4e 76 62 43 31 34 62 43 30 78 4d 43 42 37 43 69 41 67 49 43 42 33 61 57 52 30 61 44 6f 67 4e 44 45 75 4e 6a 59 32 4e 6a 63 6c 43 69 41 67 49 48 30 4b 43 69 41 67 49 43 35 6a 62 32 77 74 65 47 77 74 4d 54 45 67 65 77 6f 67 49 43 41 67 64 32 6c 6b 64 47 67 36 49 44 51 31 4c 6a 67 7a 4d 7a 4d 7a 4a 51 6f 67 49 43 42 39 43 67 6f 67 49 43 41 75 59 32 39 73 4c 58 68 73 4c 54 45 79 49 48 73 4b 49 43 41 67 49 48 64 70 5a 48 52 6f 4f 69 41 31 4d 43 55 4b 49 43 41 67 66 51 6f 4b 49 43 41 67 4c 6d 4e 76 Data Ascii: CB3aWR0aDogMzMuMzMzMzMlCiAgIH0KCiAgIC5jb2wteGwtOSB7CiAgICB3aWR0aDogMzcuNSUKICAgfQoKICAgLmNvbC14bC0xMCB7CiAgICB3aWR0aDogNDEuNjY2NjclCiAgIH0KCiAgIC5jb2wteGwtMTEgewogICAgd2lkdGg6IDQ1LjgzMzMzJQogICB9CgogICAuY29sLXhsLTEyIHsKICAgIHdpZHRoOiA1MCUKICAgfQoKICAgLmNv
2024-04-01 23:41:15 UTC	16384	IN	Data Raw: 47 52 73 5a 51 6f 67 49 43 42 39 43 67 6f 67 49 43 41 75 5a 6d 39 79 62 53 31 70 62 6d 78 70 62 6d 55 67 4c 6d 6c 75 63 48 56 30 4c 57 64 79 62 33 56 77 49 43 35 70 62 6e 42 31 64 43 31 6e 63 6d 39 31 63 43 31 68 5a 47 52 76 62 69 77 4b 49 43 41 67 4c 6d 5a 76 63 6d 30 74 61 57 35 73 61 57 35 6c 49 43 35 70 62 6e 42 31 64 43 31 6e 63 6d 39 31 63 43 41 75 61 57 35 77 64 58 51 74 5a 33 4a 76 64 58 41 74 59 6e 52 75 4c 41 6f 67 49 43 41 75 5a 6d 39 79 62 53 31 70 62 6d 78 70 62 6d 55 67 4c 6d 6c 75 63 48 56 30 4c 57 64 79 62 33 56 77 49 43 35 6d 62 33 4a 74 4c 57 4e 76 62 6e 52 79 62 32 77 67 65 77 6f 67 49 43 41 67 64 32 6c 6b 64 47 67 36 49 47 46 31 64 47 38 4b 49 43 41 67 66 51 6f 4b 49 43 41 67 4c 6d 5a 76 63 6d 30 74 61 57 35 73 61 57 35 6c 49 43 35 70 Data Ascii: GRsZQogICB9CgogICAuZm9ybS1pbmxpbmUgLmlucHV0LWdyb3VwIC5pbnB1dC1ncm91cC1hZGRvbiwKICAgLmZvcm0taW5saW5lIC5pbnB1dC1ncm91cCAuaW5wdXQtZ3JvdXAtYnRuLAogICAuZm9ybS1pbmxpbmUgLmlucHV0LWdyb3VwIC5mb3JtLWNvbnRyb2wgewogICAgd2lkdGg6IGF1dG8KICAgfQoKICAgLmZvcm0taW5saW5lIC5p
2024-04-01 23:41:15 UTC	16352	IN	Data Raw: 32 46 69 62 47 56 6b 58 53 42 76 63 48 52 70 62 32 34 36 5a 6d 39 6a 64 58 4d 73 43 69 41 67 63 32 56 73 5a 57 4e 30 57 32 52 70 63 32 46 69 62 47 56 6b 58 53 42 76 63 48 52 70 62 32 34 36 59 57 4e 30 61 58 5a 6c 4c 41 6f 67 49 48 4e 6c 62 47 56 6a 64 43 35 6b 61 58 4e 68 59 6d 78 6c 5a 43 42 76 63 48 52 70 62 32 34 36 61 47 39 32 5a 58 49 73 43 69 41 67 63 32 56 73 5a 57 4e 30 4c 6d 52 70 63 32 46 69 62 47 56 6b 49 47 39 77 64 47 6c 76 62 6a 70 6d 62 32 4e 31 63 79 77 4b 49 43 42 7a 5a 57 78 6c 59 33 51 75 5a 47 6c 7a 59 57 4a 73 5a 57 51 67 62 33 42 30 61 57 39 75 4f 6d 46 6a 64 47 6c 32 5a 53 77 4b 49 43 42 6d 61 57 56 73 5a 48 4e 6c 64 46 74 6b 61 58 4e 68 59 6d 78 6c 5a 46 30 67 63 32 56 73 5a 57 4e 30 49 47 39 77 64 47 6c 76 62 6a 70 6f 62 33 5a 6c Data Ascii: 2FibGVkXSBvcHRpb246Zm9jdXMsCiAgc2VsZWN0W2Rpc2FibGVkXSBvcHRpb246YWN0aXZlLAogIHNlbGVjdC5kaXNhYmxlZCBvcHRpb246aG92ZXIsCiAgc2VsZWN0LmRpc2FibGVkIG9wdGlvbjpmb2N1cywKICBzZWxlY3QuZGlzYWJsZWQgb3B0aW9uOmFjdGl2ZSwKICBmaWVsZHNldFtkaXNhYmxlZF0gc2VsZWN0IG9wdGlvbjpob3Zl
2024-04-01 23:41:15 UTC	16384	IN	Data Raw: 7a 49 32 4d 6a 59 79 4e 6a 73 4b 49 43 41 67 59 6d 46 6a 61 32 64 79 62 33 56 75 5a 43 31 6a 62 32 78 76 63 6a 6f 67 49 32 59 31 5a 6a 56 6d 4e 51 6f 67 49 48 30 4b 43 69 41 67 4c 6d 52 79 62 33 42 6b 62 33 64 75 4c 57 31 6c 62 6e 55 2b 4c 6d 46 6a 64 47 6c 32 5a 54 35 68 4c 41 6f 67 49 43 35 6b 63 6d 39 77 5a 47 39 33 62 69 31 74 5a 57 35 31 50 69 35 68 59 33 52 70 64 6d 55 2b 59 54 70 6f 62 33 5a 6c 63 69 77 4b 49 43 41 75 5a 48 4a 76 63 47 52 76 64 32 34 74 62 57 56 75 64 54 34 75 59 57 4e 30 61 58 5a 6c 50 6d 45 36 5a 6d 39 6a 64 58 4d 67 65 77 6f 67 49 43 42 6a 62 32 78 76 63 6a 6f 67 49 32 5a 6d 5a 6a 73 4b 49 43 41 67 64 47 56 34 64 43 31 6b 5a 57 4e 76 63 6d 46 30 61 57 39 75 4f 69 42 75 62 32 35 6c 4f 77 6f 67 49 43 42 76 64 58 52 73 61 57 35 6c Data Ascii: zI2MjYyNjsKICAgYmFja2dyb3VuZC1jb2xvcjogI2Y1ZjVmNQogIH0KCiAgLmRyb3Bkb3duLW1lbnU+LmFjdGl2ZT5hLAogIC5kcm9wZG93bi1tZW51Pi5hY3RpdmU+YTpob3ZlciwKICAuZHJvcGRvd24tbWVudT4uYWN0aXZlPmE6Zm9jdXMgewogICBjb2xvcjogI2ZmZjsKICAgdGV4dC1kZWNvcmF0aW9uOiBub25lOwogICBvdXRsaW5l
2024-04-01 23:41:15 UTC	8168	IN	Data Raw: 33 63 67 49 57 6c 74 63 47 39 79 64 47 46 75 64 41 6f 67 49 43 42 39 43 67 6f 67 49 43 42 30 61 43 35 32 61 58 4e 70 59 6d 78 6c 4c 58 68 73 4c 41 6f 67 49 43 42 30 5a 43 35 32 61 58 4e 70 59 6d 78 6c 4c 58 68 73 49 48 73 4b 49 43 41 67 49 47 52 70 63 33 42 73 59 58 6b 36 49 48 52 68 59 6d 78 6c 4c 57 4e 6c 62 47 77 67 49 57 6c 74 63 47 39 79 64 47 46 75 64 41 6f 67 49 43 42 39 43 69 41 67 66 51 6f 4b 49 43 42 41 62 57 56 6b 61 57 45 67 4b 47 31 70 62 69 31 33 61 57 52 30 61 44 6f 78 4e 44 41 77 63 48 67 70 49 48 73 4b 49 43 41 67 4c 6e 5a 70 63 32 6c 69 62 47 55 74 65 47 77 74 59 6d 78 76 59 32 73 67 65 77 6f 67 49 43 41 67 5a 47 6c 7a 63 47 78 68 65 54 6f 67 59 6d 78 76 59 32 73 67 49 57 6c 74 63 47 39 79 64 47 46 75 64 41 6f 67 49 43 42 39 43 69 41 67 Data Ascii: 3cgIWltcG9ydGFudAogICB9CgogICB0aC52aXNpYmxlLXhsLAogICB0ZC52aXNpYmxlLXhsIHsKICAgIGRpc3BsYXk6IHRhYmxlLWNlbGwgIWltcG9ydGFudAogICB9CiAgfQoKICBAbWVkaWEgKG1pbi13aWR0aDoxNDAwcHgpIHsKICAgLnZpc2libGUteGwtYmxvY2sgewogICAgZGlzcGxheTogYmxvY2sgIWltcG9ydGFudAogICB9CiAg
2024-04-01 23:41:15 UTC	16384	IN	Data Raw: 6d 56 79 5a 6d 78 76 64 7a 6f 67 61 47 6c 6b 5a 47 56 75 43 69 41 67 66 51 6f 4b 49 43 41 75 63 48 4a 76 5a 33 4a 6c 63 33 4d 2b 5a 47 6c 32 49 48 73 4b 49 43 41 67 63 47 39 7a 61 58 52 70 62 32 34 36 49 47 46 69 63 32 39 73 64 58 52 6c 4f 77 6f 67 49 43 42 6f 5a 57 6c 6e 61 48 51 36 49 44 56 77 65 44 73 4b 49 43 41 67 64 32 6c 6b 64 47 67 36 49 44 56 77 65 44 73 4b 49 43 41 67 59 6d 46 6a 61 32 64 79 62 33 56 75 5a 43 31 6a 62 32 78 76 63 6a 6f 67 49 7a 41 77 4e 6a 64 69 4f 44 73 4b 49 43 41 67 65 69 31 70 62 6d 52 6c 65 44 6f 67 4d 54 41 77 4f 77 6f 67 49 43 42 69 62 33 4a 6b 5a 58 49 74 63 6d 46 6b 61 58 56 7a 4f 69 41 31 4d 43 55 37 43 69 41 67 49 47 39 77 59 57 4e 70 64 48 6b 36 49 44 41 4b 49 43 42 39 43 67 6f 67 49 43 35 77 63 6d 39 6e 63 6d 56 7a Data Ascii: mVyZmxvdzogaGlkZGVuCiAgfQoKICAucHJvZ3Jlc3M+ZGl2IHsKICAgcG9zaXRpb246IGFic29sdXRlOwogICBoZWlnaHQ6IDVweDsKICAgd2lkdGg6IDVweDsKICAgYmFja2dyb3VuZC1jb2xvcjogIzAwNjdiODsKICAgei1pbmRleDogMTAwOwogICBib3JkZXItcmFkaXVzOiA1MCU7CiAgIG9wYWNpdHk6IDAKICB9CgogIC5wcm9ncmVz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49709	104.17.24.14	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:16 UTC	616	OUT	GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:16 UTC	948	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:16 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e5f-9226" Last-Modified: Mon, 04 May 2020 16:10:07 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 974703 Expires: Sat, 22 Mar 2025 23:41:16 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2BqI5rstbUjIoOIIY%2Boo07%2FsjH0atAeTxUTdpDb0GF7XGF2Vo6a4gaaaeptdIezMyYYLBA0qkMNKH2ZCAeVzGeJbLTuDhretWYIErADkJoFKNG5HzBbsAwmSCpU%2FWMdUjCZ8J%2BTO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 86dc6dd189b820ca-IAD alt-svc: h3=":443"; ma=86400
2024-04-01 23:41:16 UTC	421	IN	Data Raw: 37 62 66 65 0d 0a 2f 2a 21 0a 20 2a 20 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 34 2e 37 2e 30 20 62 79 20 40 64 61 76 65 67 61 6e 64 79 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 20 2d 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 0a 20 2a 20 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 2f 6c 69 63 65 6e 73 65 20 28 46 6f 6e 74 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 53 53 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 2f 0a 2f 2a 20 46 4f 4e 54 20 50 41 54 48 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 46 6f 6e 74 41 77 65 73 Data Ascii: 7bfe/! Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) // FONT PATH * -------------------------- */@font-face { font-family: 'FontAwes
2024-04-01 23:41:16 UTC	1369	IN	Data Raw: 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 32 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 74 74 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 74 72 75 65 74 79 70 65 27 29 2c 20 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 73 76 67 3f 76 3d 34 2e 37 2e 30 23 66 6f 6e 74 61 77 65 73 6f 6d 65 72 65 67 75 6c 61 72 27 29 20 66 Data Ascii: /fontawesome-webfont.woff2?v=4.7.0') format('woff2'), url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'), url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') f
2024-04-01 23:41:16 UTC	1369	IN	Data Raw: 20 2e 33 65 6d 3b 0a 7d 0a 2f 2a 20 44 65 70 72 65 63 61 74 65 64 20 61 73 20 6f 66 20 34 2e 34 2e 30 20 2a 2f 0a 2e 70 75 6c 6c 2d 72 69 67 68 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 0a 7d 0a 2e 70 75 6c 6c 2d 6c 65 66 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 7d 0a 2e 66 61 2e 70 75 6c 6c 2d 6c 65 66 74 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 2e 33 65 6d 3b 0a 7d 0a 2e 66 61 2e 70 75 6c 6c 2d 72 69 67 68 74 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2e 33 65 6d 3b 0a 7d 0a 2e 66 61 2d 73 70 69 6e 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 20 66 61 2d 73 70 69 6e 20 32 73 20 69 6e 66 69 6e 69 74 65 20 6c 69 6e 65 61 72 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 66 61 Data Ascii: .3em;}/* Deprecated as of 4.4.0 */.pull-right { float: right;}.pull-left { float: left;}.fa.pull-left { margin-right: .3em;}.fa.pull-right { margin-left: .3em;}.fa-spin { -webkit-animation: fa-spin 2s infinite linear; animation: fa
2024-04-01 23:41:16 UTC	1369	IN	Data Raw: 65 72 3a 20 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 6f 6e 3d 30 2c 20 6d 69 72 72 6f 72 3d 31 29 22 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 20 20 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 2d 31 2c 20 31 29 3b 0a 7d 0a 2e 66 61 2d 66 6c 69 70 2d 76 65 72 74 69 63 61 6c 20 7b 0a 20 20 2d 6d 73 2d 66 69 6c 74 65 72 3a 20 22 70 72 6f 67 69 64 3a 44 58 49 6d 61 67 65 54 72 61 6e 73 66 6f 72 6d 2e 4d 69 63 72 6f 73 6f 66 74 2e 42 61 73 69 63 49 6d 61 67 65 28 72 6f 74 61 74 69 Data Ascii: er: "progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)"; -webkit-transform: scale(-1, 1); -ms-transform: scale(-1, 1); transform: scale(-1, 1);}.fa-flip-vertical { -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotati
2024-04-01 23:41:16 UTC	1369	IN	Data Raw: 2d 74 68 2d 6c 61 72 67 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 39 22 3b 0a 7d 0a 2e 66 61 2d 74 68 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 61 22 3b 0a 7d 0a 2e 66 61 2d 74 68 2d 6c 69 73 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 62 22 3b 0a 7d 0a 2e 66 61 2d 63 68 65 63 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 63 22 3b 0a 7d 0a 2e 66 61 2d 72 65 6d 6f 76 65 3a 62 65 66 6f 72 65 2c 0a 2e 66 61 2d 63 6c 6f 73 65 3a 62 65 66 6f 72 65 2c 0a 2e 66 61 2d 74 69 6d 65 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 30 64 22 3b 0a 7d 0a 2e 66 61 2d 73 65 61 72 63 68 2d 70 6c 75 Data Ascii: -th-large:before { content: "\f009";}.fa-th:before { content: "\f00a";}.fa-th-list:before { content: "\f00b";}.fa-check:before { content: "\f00c";}.fa-remove:before,.fa-close:before,.fa-times:before { content: "\f00d";}.fa-search-plu
2024-04-01 23:41:16 UTC	1369	IN	Data Raw: 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 39 22 3b 0a 7d 0a 2e 66 61 2d 62 61 72 63 6f 64 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 61 22 3b 0a 7d 0a 2e 66 61 2d 74 61 67 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 62 22 3b 0a 7d 0a 2e 66 61 2d 74 61 67 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 63 22 3b 0a 7d 0a 2e 66 61 2d 62 6f 6f 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 64 22 3b 0a 7d 0a 2e 66 61 2d 62 6f 6f 6b 6d 61 72 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 32 65 22 3b 0a 7d 0a 2e 66 61 2d 70 72 69 6e 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a Data Ascii: content: "\f029";}.fa-barcode:before { content: "\f02a";}.fa-tag:before { content: "\f02b";}.fa-tags:before { content: "\f02c";}.fa-book:before { content: "\f02d";}.fa-bookmark:before { content: "\f02e";}.fa-print:before { content:
2024-04-01 23:41:16 UTC	1369	IN	Data Raw: 61 2d 73 74 65 70 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 38 22 3b 0a 7d 0a 2e 66 61 2d 66 61 73 74 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 39 22 3b 0a 7d 0a 2e 66 61 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 61 22 3b 0a 7d 0a 2e 66 61 2d 70 6c 61 79 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 62 22 3b 0a 7d 0a 2e 66 61 2d 70 61 75 73 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 63 22 3b 0a 7d 0a 2e 66 61 2d 73 74 6f 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 34 Data Ascii: a-step-backward:before { content: "\f048";}.fa-fast-backward:before { content: "\f049";}.fa-backward:before { content: "\f04a";}.fa-play:before { content: "\f04b";}.fa-pause:before { content: "\f04c";}.fa-stop:before { content: "\f04
2024-04-01 23:41:16 UTC	1369	IN	Data Raw: 6e 74 65 6e 74 3a 20 22 5c 66 30 36 37 22 3b 0a 7d 0a 2e 66 61 2d 6d 69 6e 75 73 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 38 22 3b 0a 7d 0a 2e 66 61 2d 61 73 74 65 72 69 73 6b 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 39 22 3b 0a 7d 0a 2e 66 61 2d 65 78 63 6c 61 6d 61 74 69 6f 6e 2d 63 69 72 63 6c 65 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 61 22 3b 0a 7d 0a 2e 66 61 2d 67 69 66 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 62 22 3b 0a 7d 0a 2e 66 61 2d 6c 65 61 66 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 36 63 22 3b 0a 7d 0a 2e 66 61 2d 66 69 72 65 3a 62 65 66 6f 72 65 20 7b 0a Data Ascii: ntent: "\f067";}.fa-minus:before { content: "\f068";}.fa-asterisk:before { content: "\f069";}.fa-exclamation-circle:before { content: "\f06a";}.fa-gift:before { content: "\f06b";}.fa-leaf:before { content: "\f06c";}.fa-fire:before {
2024-04-01 23:41:16 UTC	1369	IN	Data Raw: 7d 0a 2e 66 61 2d 74 68 75 6d 62 73 2d 6f 2d 75 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 37 22 3b 0a 7d 0a 2e 66 61 2d 74 68 75 6d 62 73 2d 6f 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 38 22 3b 0a 7d 0a 2e 66 61 2d 73 74 61 72 2d 68 61 6c 66 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 39 22 3b 0a 7d 0a 2e 66 61 2d 68 65 61 72 74 2d 6f 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 61 22 3b 0a 7d 0a 2e 66 61 2d 73 69 67 6e 2d 6f 75 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 38 62 22 3b 0a 7d 0a 2e 66 61 2d 6c 69 6e 6b 65 64 69 6e 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 Data Ascii: }.fa-thumbs-o-up:before { content: "\f087";}.fa-thumbs-o-down:before { content: "\f088";}.fa-star-half:before { content: "\f089";}.fa-heart-o:before { content: "\f08a";}.fa-sign-out:before { content: "\f08b";}.fa-linkedin-square:befor
2024-04-01 23:41:16 UTC	1369	IN	Data Raw: 74 3a 20 22 5c 66 30 61 36 22 3b 0a 7d 0a 2e 66 61 2d 68 61 6e 64 2d 6f 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 37 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 6c 65 66 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 38 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 39 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 75 70 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e 74 65 6e 74 3a 20 22 5c 66 30 61 61 22 3b 0a 7d 0a 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 20 7b 0a 20 20 63 6f 6e Data Ascii: t: "\f0a6";}.fa-hand-o-down:before { content: "\f0a7";}.fa-arrow-circle-left:before { content: "\f0a8";}.fa-arrow-circle-right:before { content: "\f0a9";}.fa-arrow-circle-up:before { content: "\f0aa";}.fa-arrow-circle-down:before { con

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49715	151.101.66.137	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:16 UTC	498	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:16 UTC	569	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Mon, 01 Apr 2024 23:41:16 GMT Age: 1782941 X-Served-By: cache-lga21947-LGA, cache-iad-kcgs7200127-IAD X-Cache: HIT, HIT X-Cache-Hits: 2976, 2 X-Timer: S1712014876.378245,VS0,VE0 Vary: Accept-Encoding
2024-04-01 23:41:16 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2024-04-01 23:41:16 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2024-04-01 23:41:16 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2024-04-01 23:41:16 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2024-04-01 23:41:16 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\\("+K+"((?:-\\d)?\\d)"+K+"\\)\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2024-04-01 23:41:16 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2024-04-01 23:41:16 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2024-04-01 23:41:16 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2024-04-01 23:41:16 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2024-04-01 23:41:16 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49712	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:16 UTC	618	OUT	GET /ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:16 UTC	625	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54522 Cache-Control: public, max-age=604800 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:16 GMT Etag: 0x8D64101507E84BD Last-Modified: Fri, 02 Nov 2018 20:25:22 GMT Server: ECAcc (dce/26D0) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 8e546a46-001e-000f-040f-84d339000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-04-01 23:41:16 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49710	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:16 UTC	622	OUT	GET /ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:16 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54270 Cache-Control: public, max-age=604800 Content-MD5: Sm6wIsHj8wthIZkm/aQWhA== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:16 GMT Etag: 0x8D64101535909BA Last-Modified: Fri, 02 Nov 2018 20:25:26 GMT Server: ECAcc (dce/26A5) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 8d8d13e1-701e-00b8-3a0f-847473000000 x-ms-version: 2009-09-19 Content-Length: 756 Connection: close
2024-04-01 23:41:16 UTC	756	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 63 69 72 63 6c 65 20 63 78 3d 22 32 34 22 20 63 79 3d 22 32 34 22 20 72 3d 22 32 34 22 20 66 69 6c 6c 3d 22 23 65 36 65 36 65 36 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 34 2c 33 35 56 31 34 61 32 2e 39 33 38 2c 32 2e 39 33 38 2c 30 2c 30 2c 30 2d 33 2d 33 48 32 37 56 38 6c 32 2d 31 4c 32 37 2e 39 34 38 2c 35 2e 36 33 38 2c 32 34 2c 38 2c 32 30 2e 30 37 2c 35 2e 36 34 38 2c 31 39 2c 37 6c 32 2c 31 76 33 48 31 37 61 32 2e 39 33 38 2c 32 2e 39 33 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M34,35V14a2.938,2.938,0,0,0-3-3H27V8l2-1L27.948,5.638,24,8,20.07,5.648,19,7l2,1v3H17a2.938,2.93

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49714	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:16 UTC	615	OUT	GET /ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:16 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54270 Cache-Control: public, max-age=604800 Content-MD5: K28EA/F25txr6jQahXym+g== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:16 GMT Etag: 0x8D641015563B044 Last-Modified: Fri, 02 Nov 2018 20:25:30 GMT Server: ECAcc (dce/26DF) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 5ae6e0a8-e01e-00a9-3b0f-84ef53000000 x-ms-version: 2009-09-19 Content-Length: 899 Connection: close
2024-04-01 23:41:16 UTC	899	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 39 2e 31 34 33 2c 31 2e 31 34 33 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2d 2e 30 38 39 2e 34 34 36 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2d 2e 38 39 33 2c 30 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2d 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2d 2e 30 38 39 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M9.143,1.143a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.107,1.107,0,0,1-.089

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49713	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:16 UTC	622	OUT	GET /ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:16 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54270 Cache-Control: public, max-age=604800 Content-MD5: ykuOnMaTo0vw2Gx/ZceiPg== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:16 GMT Etag: 0x8D6410153A20B4B Last-Modified: Fri, 02 Nov 2018 20:25:27 GMT Server: ECAcc (dce/26BF) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 81913c0c-a01e-00c5-330f-845968000000 x-ms-version: 2009-09-19 Content-Length: 222 Connection: close
2024-04-01 23:41:16 UTC	222	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 63 69 72 63 6c 65 20 63 78 3d 22 32 34 22 20 63 79 3d 22 32 34 22 20 72 3d 22 32 34 22 20 66 69 6c 6c 3d 22 23 65 36 65 36 65 36 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 32 35 2c 32 33 48 33 36 76 32 48 32 35 56 33 36 48 32 33 56 32 35 48 31 32 56 32 33 48 32 33 56 31 32 68 32 5a 22 20 66 69 6c 6c 3d 22 23 34 30 34 30 34 30 22 2f 3e 3c 2f 73 76 67 3e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M25,23H36v2H25V36H23V25H12V23H23V12h2Z" fill="#404040"/></svg>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49711	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:16 UTC	614	OUT	GET /ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:16 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54971 Cache-Control: public, max-age=604800 Content-MD5: TjUQkZ0p0Y7rbj6LJofS9Q== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:16 GMT Etag: 0x8D6410144A4CB90 Last-Modified: Fri, 02 Nov 2018 20:25:02 GMT Server: ECAcc (dce/26C9) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 41e33f3d-c01e-0097-750e-846c5f000000 x-ms-version: 2009-09-19 Content-Length: 513 Connection: close
2024-04-01 23:41:16 UTC	513	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 32 34 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 31 38 2c 31 31 2e 35 37 38 76 2e 38 34 34 48 37 2e 36 31 37 6c 33 2e 39 32 31 2c 33 2e 39 32 38 2d 2e 35 39 34 2e 35 39 34 4c 36 2c 31 32 6c 34 2e 39 34 34 2d 34 2e 39 34 34 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37 38 5a 22 20 66 69 6c 6c 3d 22 23 34 30 34 30 34 30 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 30 2e 39 34 34 2c 37 2e 30 35 36 6c 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.57

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49716	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:16 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-01 23:41:16 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=112952 Date: Mon, 01 Apr 2024 23:41:16 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49717	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:16 UTC	617	OUT	GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:16 UTC	736	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 659639 Cache-Control: public, max-age=31536000 Content-MD5: DhdidjYrlCeaRJJRG/y9mA== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:16 GMT Etag: 0x8D7B029B6833F84 Last-Modified: Thu, 13 Feb 2020 02:09:09 GMT Server: ECAcc (dce/2683) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 6d75aa8d-c01e-002f-638e-7e420a000000 x-ms-version: 2009-09-19 Content-Length: 1864 Connection: close
2024-04-01 23:41:16 UTC	1864	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49718	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:17 UTC	612	OUT	GET /ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:17 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54271 Cache-Control: public, max-age=604800 Content-MD5: GapJ5vNFgRzr6JUAPI/Pxw== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:17 GMT Etag: 0x8D641014BCAFCCD Last-Modified: Fri, 02 Nov 2018 20:25:14 GMT Server: ECAcc (dce/2691) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: c2662804-501e-00d2-790f-843844000000 x-ms-version: 2009-09-19 Content-Length: 900 Connection: close
2024-04-01 23:41:17 UTC	900	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 31 2e 31 34 33 2c 36 2e 38 35 37 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2c 2e 34 34 36 2e 30 38 39 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2c 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2c 30 2c 2e 38 39 33 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2d 2e 34 34 36 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49719	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:17 UTC	617	OUT	GET /ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:17 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54271 Cache-Control: public, max-age=604800 Content-MD5: /a3y/mpA+HRaVAiPACrsog== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:17 GMT Etag: 0x8D641014C1EFD89 Last-Modified: Fri, 02 Nov 2018 20:25:14 GMT Server: ECAcc (dce/26DD) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: dd10e329-301e-0038-430f-842326000000 x-ms-version: 2009-09-19 Content-Length: 915 Connection: close
2024-04-01 23:41:17 UTC	915	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 37 37 37 37 37 37 22 20 64 3d 22 4d 31 2e 31 34 33 2c 36 2e 38 35 37 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2c 2e 34 34 36 2e 30 38 39 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2c 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2c 30 2c 2e 38 39 33 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49720	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:17 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-01 23:41:17 UTC	774	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-CID: 7 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z Content-Type: application/octet-stream X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=112951 Date: Mon, 01 Apr 2024 23:41:17 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-01 23:41:17 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49721	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:17 UTC	604	OUT	GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:18 UTC	624	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54524 Cache-Control: public, max-age=604800 Content-MD5: EuPayFgGHQiAI7K9SOL6lg== Content-Type: image/x-icon Date: Mon, 01 Apr 2024 23:41:17 GMT Etag: 0x8D641014D44D8FD Last-Modified: Fri, 02 Nov 2018 20:25:16 GMT Server: ECAcc (dce/26A3) X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: b1cb985c-301e-00c4-1b0f-84726a000000 x-ms-version: 2009-09-19 Content-Length: 17174 Connection: close
2024-04-01 23:41:18 UTC	16383	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-01 23:41:18 UTC	791	IN	Data Raw: 01 80 00 00 01 80 00 28 00 00 00 18 00 00 00 30 00 00 00 01 00 04 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 Data Ascii: (0"P""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49723	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:17 UTC	414	OUT	GET /ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:18 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54973 Cache-Control: public, max-age=604800 Content-MD5: TjUQkZ0p0Y7rbj6LJofS9Q== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:18 GMT Etag: 0x8D6410144A4CB90 Last-Modified: Fri, 02 Nov 2018 20:25:02 GMT Server: ECAcc (dce/26C9) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 41e33f3d-c01e-0097-750e-846c5f000000 x-ms-version: 2009-09-19 Content-Length: 513 Connection: close
2024-04-01 23:41:18 UTC	513	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 32 34 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 31 38 2c 31 31 2e 35 37 38 76 2e 38 34 34 48 37 2e 36 31 37 6c 33 2e 39 32 31 2c 33 2e 39 32 38 2d 2e 35 39 34 2e 35 39 34 4c 36 2c 31 32 6c 34 2e 39 34 34 2d 34 2e 39 34 34 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37 38 5a 22 20 66 69 6c 6c 3d 22 23 34 30 34 30 34 30 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 30 2e 39 34 34 2c 37 2e 30 35 36 6c 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.57

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49727	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:18 UTC	422	OUT	GET /ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:18 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54272 Cache-Control: public, max-age=604800 Content-MD5: ykuOnMaTo0vw2Gx/ZceiPg== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:18 GMT Etag: 0x8D6410153A20B4B Last-Modified: Fri, 02 Nov 2018 20:25:27 GMT Server: ECAcc (dce/26BF) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 81913c0c-a01e-00c5-330f-845968000000 x-ms-version: 2009-09-19 Content-Length: 222 Connection: close
2024-04-01 23:41:18 UTC	222	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 63 69 72 63 6c 65 20 63 78 3d 22 32 34 22 20 63 79 3d 22 32 34 22 20 72 3d 22 32 34 22 20 66 69 6c 6c 3d 22 23 65 36 65 36 65 36 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 32 35 2c 32 33 48 33 36 76 32 48 32 35 56 33 36 48 32 33 56 32 35 48 31 32 56 32 33 48 32 33 56 31 32 68 32 5a 22 20 66 69 6c 6c 3d 22 23 34 30 34 30 34 30 22 2f 3e 3c 2f 73 76 67 3e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M25,23H36v2H25V36H23V25H12V23H23V12h2Z" fill="#404040"/></svg>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49725	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:18 UTC	415	OUT	GET /ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:18 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54272 Cache-Control: public, max-age=604800 Content-MD5: K28EA/F25txr6jQahXym+g== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:18 GMT Etag: 0x8D641015563B044 Last-Modified: Fri, 02 Nov 2018 20:25:30 GMT Server: ECAcc (dce/26DF) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 5ae6e0a8-e01e-00a9-3b0f-84ef53000000 x-ms-version: 2009-09-19 Content-Length: 899 Connection: close
2024-04-01 23:41:18 UTC	899	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 39 2e 31 34 33 2c 31 2e 31 34 33 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2d 2e 30 38 39 2e 34 34 36 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2d 2e 38 39 33 2c 30 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2d 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2d 2e 30 38 39 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M9.143,1.143a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.107,1.107,0,0,1-.089

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49726	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:18 UTC	422	OUT	GET /ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:18 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54272 Cache-Control: public, max-age=604800 Content-MD5: Sm6wIsHj8wthIZkm/aQWhA== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:18 GMT Etag: 0x8D64101535909BA Last-Modified: Fri, 02 Nov 2018 20:25:26 GMT Server: ECAcc (dce/26A5) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 8d8d13e1-701e-00b8-3a0f-847473000000 x-ms-version: 2009-09-19 Content-Length: 756 Connection: close
2024-04-01 23:41:18 UTC	756	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 63 69 72 63 6c 65 20 63 78 3d 22 32 34 22 20 63 79 3d 22 32 34 22 20 72 3d 22 32 34 22 20 66 69 6c 6c 3d 22 23 65 36 65 36 65 36 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 34 2c 33 35 56 31 34 61 32 2e 39 33 38 2c 32 2e 39 33 38 2c 30 2c 30 2c 30 2d 33 2d 33 48 32 37 56 38 6c 32 2d 31 4c 32 37 2e 39 34 38 2c 35 2e 36 33 38 2c 32 34 2c 38 2c 32 30 2e 30 37 2c 35 2e 36 34 38 2c 31 39 2c 37 6c 32 2c 31 76 33 48 31 37 61 32 2e 39 33 38 2c 32 2e 39 33 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M34,35V14a2.938,2.938,0,0,0-3-3H27V8l2-1L27.948,5.638,24,8,20.07,5.648,19,7l2,1v3H17a2.938,2.93

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49722	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:18 UTC	418	OUT	GET /ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:18 UTC	625	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54524 Cache-Control: public, max-age=604800 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:18 GMT Etag: 0x8D64101507E84BD Last-Modified: Fri, 02 Nov 2018 20:25:22 GMT Server: ECAcc (dce/26D0) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 8e546a46-001e-000f-040f-84d339000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-04-01 23:41:18 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49724	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:18 UTC	417	OUT	GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:18 UTC	736	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 659641 Cache-Control: public, max-age=31536000 Content-MD5: DhdidjYrlCeaRJJRG/y9mA== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:18 GMT Etag: 0x8D7B029B6833F84 Last-Modified: Thu, 13 Feb 2020 02:09:09 GMT Server: ECAcc (dce/2683) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 6d75aa8d-c01e-002f-638e-7e420a000000 x-ms-version: 2009-09-19 Content-Length: 1864 Connection: close
2024-04-01 23:41:18 UTC	1864	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49728	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:18 UTC	412	OUT	GET /ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:18 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54272 Cache-Control: public, max-age=604800 Content-MD5: GapJ5vNFgRzr6JUAPI/Pxw== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:18 GMT Etag: 0x8D641014BCAFCCD Last-Modified: Fri, 02 Nov 2018 20:25:14 GMT Server: ECAcc (dce/2691) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: c2662804-501e-00d2-790f-843844000000 x-ms-version: 2009-09-19 Content-Length: 900 Connection: close
2024-04-01 23:41:18 UTC	900	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 31 2e 31 34 33 2c 36 2e 38 35 37 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2c 2e 34 34 36 2e 30 38 39 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2c 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2c 30 2c 2e 38 39 33 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2d 2e 34 34 36 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49729	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:18 UTC	417	OUT	GET /ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:18 UTC	624	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54272 Cache-Control: public, max-age=604800 Content-MD5: /a3y/mpA+HRaVAiPACrsog== Content-Type: image/svg+xml Date: Mon, 01 Apr 2024 23:41:18 GMT Etag: 0x8D641014C1EFD89 Last-Modified: Fri, 02 Nov 2018 20:25:14 GMT Server: ECAcc (dce/26DD) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: dd10e329-301e-0038-430f-842326000000 x-ms-version: 2009-09-19 Content-Length: 915 Connection: close
2024-04-01 23:41:18 UTC	915	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 37 37 37 37 37 37 22 20 64 3d 22 4d 31 2e 31 34 33 2c 36 2e 38 35 37 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2c 2e 34 34 36 2e 30 38 39 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2c 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2c 30 2c 2e 38 39 33 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49730	152.199.4.44	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:18 UTC	404	OUT	GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:18 UTC	624	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 54525 Cache-Control: public, max-age=604800 Content-MD5: EuPayFgGHQiAI7K9SOL6lg== Content-Type: image/x-icon Date: Mon, 01 Apr 2024 23:41:18 GMT Etag: 0x8D641014D44D8FD Last-Modified: Fri, 02 Nov 2018 20:25:16 GMT Server: ECAcc (dce/26A3) X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: b1cb985c-301e-00c4-1b0f-84726a000000 x-ms-version: 2009-09-19 Content-Length: 17174 Connection: close
2024-04-01 23:41:18 UTC	15778	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-01 23:41:18 UTC	1396	IN	Data Raw: 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 99 99 99 99 99 99 99 70 03 33 33 33 33 33 33 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa aa aa 50 04 ee ee Data Ascii: 3333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333p3333333P

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	49747	13.107.213.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:34 UTC	617	OUT	GET /shared/5/js/reset-password-signinname_en_8qvvLKBP0Aes1nPeyZ0lbw2.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://account.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:34 UTC	820	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:34 GMT Content-Type: application/x-javascript Content-Length: 161862 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 21 Mar 2024 14:24:57 GMT ETag: 0x8DC49B2AF695BD1 x-ms-request-id: ff1095e0-401e-000a-183f-84eb8b000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234134Z-va93t229q121v133m8ee9hqat800000009bg0000000158ht x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-01 23:41:34 UTC	15564	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 6d 77 d3 48 b3 28 fa fd fe 8a c4 97 95 25 ed 74 8c 9d f0 2a a3 f1 01 92 0c cc 00 61 08 cc 0c 93 27 27 4b b1 db 89 c0 96 8c 24 27 84 c4 ff fd d6 4b bf 4a 72 80 67 9f 7d ce be 87 b5 88 5b ad 56 77 75 75 75 77 55 75 55 f5 dd ff 58 5f db cf 8b b5 69 3a 92 59 29 d7 d2 6c 92 17 b3 a4 4a f3 6c 6d 3e 95 09 64 95 52 ae 15 b2 94 d5 d6 3c 29 cb cb bc 18 6f 95 e9 59 96 66 59 32 93 27 32 eb 7e 2a bb af 5e 3e df 7b 73 b8 d7 ad be 56 6b ff 71 f7 ff 59 9f 2c b2 11 d6 11 84 d7 17 49 b1 26 45 25 32 51 88 3c be 7e fc 70 bb f7 20 32 ef e9 4d 78 dd 59 60 43 55 91 8e aa ce 00 bf 28 e2 2c 78 bc f3 e8 5e 88 df 8c ce d3 e9 f8 79 9e 55 f2 6b f5 fe 6a 2e cb 68 bd 27 46 f6 b9 f6 48 af c7 72 92 2c a6 d5 db 22 9f f3 73 5a ce a7 c9 d5 1b 80 19 1f cf Data Ascii: mwH(%ta''K$'KJrg}[VwuuuwUuUX_i:Y)lJlm>dR<)oYfY2'2~^>{sVkqY,I&E%2Q<~p 2MxY`CU(,x^yUkj.h'FHr,"sZ
2024-04-01 23:41:34 UTC	16384	IN	Data Raw: fd 65 46 b7 ff 00 ea 47 25 0d 24 1f 72 fb d0 18 3c 40 25 4f a7 98 0b df bf c5 68 4f 1d b1 dd 8b 30 08 57 c9 90 6c 3f b4 48 db d9 26 74 ed ec 60 d9 33 b4 bd 17 3b f7 38 cd 68 d8 b9 8f 2d 02 33 b6 03 ed bd c8 67 f8 cd 43 0f b3 3b 8f 1c cc ee 3c f6 d1 7a af e7 21 f5 1e d4 f6 32 2b 25 da 5a dc 7b 60 f1 db c7 3e ee f7 31 01 90 ec 6f 63 02 c0 d8 df c1 04 7c b3 7f 0f 13 f0 c1 fe 7d 4c 00 00 fb 0f 30 01 4d ef 3f c4 04 34 bb ff 08 51 05 ed ed 3f c6 44 1f 2b ec 61 8a aa c6 ba b7 b1 ee 3e 56 7e 0f 2a 7f b3 98 31 3e fa 08 95 3b 54 db db f0 1a 55 84 30 2c 89 37 13 80 ba eb 5a 1c 22 79 4d ff 79 7e 44 cf e8 c9 82 bf c4 f1 79 03 ed dd f5 a2 96 09 7b 48 69 95 38 1c 61 55 c6 34 bb c2 a1 1a f5 a8 ed 38 51 d6 8e d4 b5 3e d7 ea f6 b9 ca 54 01 87 1f 1d d3 1d f2 0e 5c 51 07 3a Data Ascii: eFG%$r<@%OhO0Wl?H&t`3;8h-3gC;<z!2+%Z{`>1oc\|}L0M?4Q?D+a>V~*1>;TU0,7Z"yMy~Dy{Hi8aU48Q>T\Q:
2024-04-01 23:41:34 UTC	16384	IN	Data Raw: b2 6c 1e 0a af 56 a2 9c 09 94 6a 5d ba 5e 70 13 11 cd 3b b2 8f ac f2 9e 30 b8 28 62 e3 4d ae ea b5 c5 64 19 ac bc 9d e3 48 39 7a 58 77 cd 9f 66 de 95 6a a7 56 94 83 d5 35 6c c6 73 73 bb 9a 3f 35 5a fd 21 bf 3a 9d ea c7 3c 6f 59 a9 18 01 d0 90 27 08 e0 da 50 61 e5 5d ea 6d 3d 63 e6 fa 56 56 ac 29 64 a3 c2 b9 9a 35 7e 5c 9a b1 74 a5 d1 fb 87 70 6d 63 a4 d7 fa 20 59 d9 c3 b6 45 0a 1b 75 30 6e 2d 4d 40 25 a1 be fc c0 0b 77 45 42 25 6f 54 9a 28 e9 d8 e8 8c 6c 91 a2 03 0c 4e da 63 67 55 bf 92 ea 58 ce 04 46 83 13 8a 8a 04 7b 46 7f 25 52 d7 bd 4e 07 21 25 4f 53 5c a5 48 d7 66 59 d5 8c 63 a8 66 24 fb 7b 32 2f 29 28 95 10 57 75 bc 7b 46 45 eb ff 0d 36 1b b6 4a d3 d9 13 b9 d1 61 3f 53 4f 0e df b6 a5 05 19 cb 9f 37 69 50 47 a2 ad 75 b3 a9 e1 2a d3 5a d0 f3 a9 e7 7a Data Ascii: lVj]^p;0(bMdH9zXwfjV5lss?5Z!:<oY'Pa]m=cVV)d5~\tpmc YEu0n-M@%wEB%oT(lNcgUXF{F%RN!%OS\HfYcf${2/)(Wu{FE6Ja?SO7iPGu*Zz
2024-04-01 23:41:34 UTC	16384	IN	Data Raw: 23 ac 09 33 25 56 e3 11 56 0c c1 28 72 5d a6 61 44 10 3e d0 3b 7b 9c 0b 23 7b cf a8 49 a9 16 5b 71 0a 88 ab 50 60 d6 ab 88 85 29 71 2b 33 ee f7 8c 71 83 7c 55 89 0f e6 7c 04 57 3e 06 19 71 12 30 27 5d 09 63 ad 0f 9e c1 47 d6 4d 7a 28 21 fc 6b 1c 62 cd 5d 44 82 0e 50 02 79 79 20 4b c0 d4 bb 49 dd 67 03 8a 33 e9 89 18 94 1e ff 23 7e f1 67 fd cd 55 21 27 bc ba 38 0f 3c 19 0b eb 38 61 9b 4d 8e 6d 36 39 b2 79 86 f8 25 a7 00 8d 09 fe dc 42 6d 01 fc dd 41 6d 01 fc 7d 86 da 47 72 5a 61 e7 42 b9 7a 27 9c 09 af f1 f9 2e ca f8 f0 77 0f 05 fc dc dd dd f2 50 c4 67 c7 70 8d 05 72 ce f0 2f 7c ea 08 ff 42 df 1f f0 2f 7c eb 9b 50 ba be c2 df f0 ad 03 fc 0b df fa 84 7d f7 e0 c5 af 40 07 78 74 ba c3 f6 83 03 54 dd 1e 7f fa f8 f9 d5 a7 0f 1f d9 21 fc fe 78 f0 f3 c1 ab 4f 87 Data Ascii: #3%VV(r]aD>;{#{I[qP`)q+3q\|U\|W>q0']cGMz(!kb]DPyy KIg3#~gU!'8<8aMm69y%BmAm}GrZaBz'.wPgpr/\|B/\|P}@xtT!xO
2024-04-01 23:41:34 UTC	16384	IN	Data Raw: 88 df 0e ff 5d 63 bf ab 2d fe cb e3 9b ad 55 16 e8 8a 16 5a 6d 11 e8 8a ba 3b ac ee ee ba 88 68 f3 c6 78 25 6d 5e b6 23 3a db 14 19 5b fc 59 b1 c9 13 da 22 a1 29 76 43 23 1b ff 33 15 e3 c0 62 17 4b fd 0c 61 e5 02 ca a0 15 df 57 d4 e7 1e a8 25 68 17 a8 e8 e7 67 35 15 f0 3a 4c c1 7e 5a 6b da bf a6 e6 06 39 e5 ec f9 d5 96 d3 69 f0 60 d3 f1 2d 55 46 e9 53 2a 9e df 37 4d 58 31 38 ef d6 f2 f2 4e fa a8 dd de b4 5e 66 86 99 d8 bc 3d 6e dd de 42 60 27 b5 1e b7 51 21 04 25 8e 32 69 1f 05 11 6e d6 6a b0 ba b0 fc f2 f2 12 e4 7f d4 59 bf bd dd 49 1f 37 1b 2d fa ed ae 51 23 ab 5d fa 5a 6b d0 d7 c6 9a b5 29 db a3 a5 84 eb ac 6a 42 be e5 e5 76 cb a5 de b1 10 d6 ac 0e e3 d7 6c 18 d4 69 8b 2f b0 9d 94 af 30 df 91 cb b5 30 ad ed 0e b3 27 df de 60 bf bf d2 08 37 8f 63 df 3b Data Ascii: ]c-UZm;hx%m^#:[Y")vC#3bKaW%hg5:L~Zk9i`-UFS*7MX18N^f=nB`'Q!%2injYI7-Q#]Zk)jBvli/00'`7c;
2024-04-01 23:41:34 UTC	16384	IN	Data Raw: 80 29 e2 3e aa a8 2f 29 21 26 6c 6e ce 64 85 dc 80 02 b7 4b 6c 52 2a f8 a1 58 6a 36 53 fb 90 06 d2 30 d7 bf 30 34 d7 6f d4 f5 c5 44 b3 46 fc ea 81 0c 0f 6c 59 d6 b8 8d 6b 54 32 b7 38 a4 04 67 e5 e4 bb 8a 69 c2 5e 4b c4 8c e8 4d ac 09 35 44 93 35 2e 39 56 2b 78 a4 83 74 1a 5d aa 5e 78 ab 5e c7 19 f5 13 aa d9 20 26 a2 31 5b 67 5c ea 49 df 36 55 eb d2 91 32 89 a1 37 01 51 83 54 ad 69 67 a9 45 78 ce 20 42 b2 52 d8 0a a8 f9 b3 13 65 1e 75 d1 84 b5 c0 55 c1 e4 12 4e 93 9d c0 45 ee 71 7e 53 30 5d 90 66 e7 15 79 46 21 5b ec 95 7e 8b d1 da b6 06 dd dc d5 0d 3f 04 9b f2 a5 0a 3d af 0b b6 78 d1 65 8f 7c 12 86 bf f6 49 e8 dc cf 49 18 4e 74 12 f6 1f f8 24 0c 1f e9 24 ec 3f c2 49 d8 66 27 61 18 a2 06 07 96 d9 29 38 90 98 85 9f b0 6b 56 2f e0 95 43 86 d8 ef f4 3d 76 ce Data Ascii: )>/)!&lndKlR*Xj6S004oDFlYkT28gi^KM5D5.9V+xt]^x^ &1[g\I6U27QTigEx BReuUNEq~S0]fyF![~?=xe\|IINt$$?If'a)8kV/C=v
2024-04-01 23:41:34 UTC	16384	IN	Data Raw: 7d eb ff e5 bb 6f f7 a7 ef be 63 dd ee 3b fe 1b ec be e3 bb ee be 9d 5f 67 f7 6d ea 16 6d f3 6f b0 68 9b 13 2e 1a 71 5c d1 b3 de f7 ac 77 bd a2 f5 dc e8 49 7e f8 36 7a b6 86 93 e4 f7 8a 46 4c 7e 64 13 c4 15 cd a2 3c 53 5c d3 c3 ae d7 c6 2d 4d a2 9e 71 15 d7 98 ca ae b5 6d 01 7f c2 7f a7 53 b8 c8 fb d6 12 0d 5a 64 64 a9 12 ea a9 3c 50 8f 58 c7 41 a5 ef 7b b5 3e e9 bf 14 d3 fe 4d 51 4e 3e d3 69 d6 4f 45 59 69 38 db 34 e3 db a2 8c f8 c8 22 cd f6 b5 28 1b 2a 8c d3 6c 1f 8a b2 c5 1e 3e 2d 48 33 7e 2c ca 38 ec 8f 94 31 bf 2e cc 88 02 79 9a cf 1b 14 75 d0 e9 4a 56 e3 52 ae 27 d5 27 18 03 99 de f1 c1 29 60 93 75 21 9e 9f a0 30 7c bf e3 b3 25 2d 56 70 c7 0a 70 16 51 89 6e e6 6d 9b d7 3e ec af ad 1c 7d 5e 3a d8 38 de 59 db 3d fa bc b2 bd 77 b8 b5 bb f1 79 f9 60 69 Data Ascii: }oc;_gmmoh.q\wI~6zFL~d<S\-MqmSZdd<PXA{>MQN>iOEYi84"(*l>-H3~,81.yuJVR'')`u!0\|%-VppQnm>}^:8Y=wy`i
2024-04-01 23:41:34 UTC	16384	IN	Data Raw: f0 fd a0 f9 06 38 25 47 21 14 4d 32 ec 6b e9 80 f2 fb 28 a2 23 84 c1 ac 5d 0c 9c fb 04 6d 99 e9 19 86 b6 4d 23 4d 26 a8 1d 0c 2b cb ae e7 75 2a 67 ba 27 00 e1 7b 68 f0 60 90 06 b4 d7 18 e4 39 06 e5 52 76 1a 75 11 a4 a3 ec b4 0f d3 ee c2 3d 33 c1 25 38 03 be df eb cd 5d b8 72 e8 83 bc 41 8d 60 b3 67 d9 64 e4 5a a1 fc c4 f4 83 56 6b 8e 9c 3b da 2d bb 96 67 fc c2 dc 6f 81 02 f6 20 21 c3 53 0c 04 e4 21 ac 60 d0 e3 4b 7a 83 79 48 55 f6 54 62 5d 15 62 bf b3 62 8d b1 4c c3 0a c0 85 c5 de 59 38 8e 5e 01 1a 8e 5f 43 19 d7 ea 61 da 18 d2 22 4c c3 37 26 5d 52 0e 8e 97 11 23 5c d8 b7 b8 95 6e e7 da 07 d5 59 0d d3 81 4c 6e 76 14 74 27 83 13 18 e4 f9 30 99 c5 cc c0 47 18 03 88 ee d7 24 e6 85 f2 60 c4 2f 5d 6e 40 d3 9b 64 a7 f1 71 14 85 e3 8c 1c 57 69 44 b6 be 8e ca d7 Data Ascii: 8%G!M2k(#]mM#M&+u*g'{h`9Rvu=3%8]rA`gdZVk;-go !S!`KzyHUTb]bbLY8^_Ca"L7&]R#\nYLnvt'0G$`/]n@dqWiD
2024-04-01 23:41:34 UTC	16384	IN	Data Raw: ab f0 53 c8 72 a7 32 32 e4 cc 92 01 9c 12 81 ff 28 6f 46 1f df e1 23 ae d2 b3 ac 11 a7 53 ae e5 dc 3b 0b 97 7f 9f 56 f3 b3 83 10 cd 2c ec 7b cb 99 87 b2 8c 21 75 13 ba 19 12 1c f9 ff 11 62 23 ef 68 79 83 d1 28 e3 6d 18 6f 11 74 00 99 a3 e3 f6 c7 71 19 4e bc 2e 8c da a0 a4 a0 c9 da a9 e6 a8 ca 88 67 d1 78 3e b3 8d a0 f4 f0 12 34 5c 37 e6 3f 54 d8 ab bd ef aa e5 0d 18 57 58 40 1b 6c fd 04 c0 08 55 74 40 ea ce 43 09 58 c9 ee 70 37 9b bb 96 15 26 5f 3f cd 41 b5 2b 6f b8 df 85 cb d9 0d d7 a9 0d eb d4 a5 75 fa 26 bd 74 6c 58 6e 31 68 9a 2a 30 62 0f 15 a4 f1 f9 d8 75 d1 9a 7c 08 12 1d a8 a1 b4 34 f1 ba 12 c9 c6 81 30 20 da 9f 4d 12 92 81 7c a6 a0 89 99 7b 8e 01 52 32 e4 07 6d 4e 47 82 44 cf 8e 05 56 1e 59 d1 a0 16 65 56 dc f0 ff 51 5e 5b d3 f1 9f 37 de 47 ed 1a Data Ascii: Sr22(oF#S;V,{!ub#hy(motqN.gx>4\7?TWX@lUt@CXp7&_?A+ou&tlXn1h*0bu\|40 M\|{R2mNGDVYeVQ^[7G
2024-04-01 23:41:34 UTC	15226	IN	Data Raw: 3b 02 5d ba a9 c0 2f 28 24 89 47 5e 58 21 b9 c8 40 35 03 31 3e 15 3b c1 03 df 9b 49 3b 53 19 28 8e b3 df 0f a7 38 a6 2d a9 61 5a a2 cc b8 4a cd ca 8f c3 d4 34 5a 5c 78 a0 b4 4d 3f e5 ad 48 15 69 dd 74 8d c9 8a 44 06 3f 63 f1 f1 eb 1f 91 68 21 5f 0a c9 e2 7f 91 00 2c f1 bd 08 a8 66 20 c6 8b a1 bb 2a 97 b2 c0 4f 05 65 a9 00 ec 02 56 3a 43 b2 07 97 57 bc 08 ae 0c a8 1c 9a c4 8b 45 b2 63 bb 51 42 fe 55 d3 78 69 be 09 d3 11 e9 99 82 65 86 6e 76 0b c5 d8 94 30 2c 46 95 72 26 9e 90 6c 22 33 09 89 19 64 46 16 55 4a 89 53 18 a8 79 fd 07 36 7e a1 a2 af 86 f0 64 d9 a7 91 ea c8 f7 3a 59 95 54 93 38 a9 51 4e 5c 1a f3 4b 49 f5 4c 4d e3 a5 f6 38 d2 56 18 e9 c8 8a 8b 2a a5 ae b8 47 e6 4b 4e 65 65 fe 2a dd 25 4b e7 8e 94 28 a9 84 50 86 4e 21 25 f7 55 d9 42 70 f5 20 64 68 Data Ascii: ;]/($G^X!@51>;I;S(8-aZJ4Z\xM?HitD?ch!_,f OeV:CWEcQBUxienv0,Fr&l"3dFUJSy6~d:YT8QN\KILM8VGKNee*%K(PN!%UBp dh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	49749	13.107.213.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:34 UTC	611	OUT	GET /shared/5/chunks/oneds-analytics-js_c53074e74ebeb8e140d6_en.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://account.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:35 UTC	819	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:35 GMT Content-Type: application/x-javascript Content-Length: 32748 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 06 Feb 2024 16:58:54 GMT ETag: 0x8DC2734E6AF6F81 x-ms-request-id: e3038321-501e-007b-4ac6-833289000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234135Z-u3tnh2hu4x01dfc3ckvcvu9bww00000002wg0000000075k2 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-01 23:41:35 UTC	15565	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 69 77 db 38 b3 3f f8 7e 3e 85 c4 e9 f1 25 db b0 22 39 4b 77 a4 30 3a 89 e3 74 9c cd ee d8 59 ba dd be 3e b4 04 d9 6c cb a4 42 52 5e 62 e9 bb 4f fd 0a 0b 41 8a 4e f2 9c ff 9d 79 71 fb 74 2c 62 21 08 14 0a 85 aa 42 55 e1 de af ed d6 cb 34 6b 4d e3 91 4c 72 d9 8a 93 49 9a 5d 44 45 9c 26 ad d9 54 46 94 95 4b d9 4a 13 39 ce 37 a2 24 9a de 14 f1 28 df f8 37 3f 1e 3d bc df fd ed 81 a4 ff 4f e4 c9 ef b2 f7 a0 3b 7e 74 2c 93 ce bf 79 e7 ed ce d6 f6 fb fd ed 4e 71 5d b4 7e bd f7 7f 79 73 b4 52 64 f1 a8 f0 06 7e 2e a7 93 ce 95 3c 99 45 a3 f3 ad b3 79 72 7e 7c 91 c7 63 99 14 71 71 73 9c c7 f9 9c d2 51 f8 53 b5 16 8b c3 a3 a0 33 9b e7 67 fe e1 e1 e6 c3 de 91 b8 7d d0 7b f4 f8 51 7f 32 4f 46 18 82 9f 08 29 8a e0 b6 e8 64 be 0c 44 d1 Data Ascii: iw8?~>%"9Kw0:tY>lBR^bOANyqt,b!BU4kMLrI]DE&TFKJ97$(7?=O;~t,yNq]~ysRd~.<Eyr~\|cqqsQS3g}{Q2OF)dD
2024-04-01 23:41:35 UTC	16384	IN	Data Raw: 7d ed 52 dc 70 af e6 f3 3f e8 25 f5 f0 ff d7 fe 25 ce 31 b8 06 af 71 1f 5f ed 9d 5c f7 74 ef 4c df cc 9e 34 fc 3b 3e c4 89 e7 91 7d e8 e3 6f a5 79 ea 98 eb ae 62 e3 88 d0 00 9e 6e f4 86 f4 db 77 72 8f 75 ee b1 a7 4e 0a 98 cd 48 c3 1a 17 45 db 40 3a 9b 4f 89 80 ef ce 60 76 4b 44 73 ff 26 27 f9 61 27 99 a4 06 ce bc e1 15 a1 09 a7 cf 1c a8 8d 8a 02 53 37 27 e1 79 30 3f 2d 73 10 b0 b4 52 45 65 a8 eb 33 32 c3 fd b8 bd aa 5e aa 26 53 f7 52 35 33 8b 70 46 e5 49 eb 30 03 ab 00 4d 09 1b 6a a3 e8 a4 ea ee e6 4e 5e 5e 4d a2 41 43 79 95 7a ee 8c 66 55 5e 8b c4 48 e5 6a 9c 92 9c 77 89 58 7b 29 6d ba 29 84 e3 84 b7 7a f5 8b e6 53 15 a3 24 ee 10 6e 15 b8 43 93 e3 c6 aa b7 9d 4c 92 18 23 22 8c f6 6a 3a e7 3e ba f2 ec 5e 9d 56 13 3f a4 2c 6b d3 1f 73 27 dd 3b 38 13 6d 43 Data Ascii: }Rp?%%1q_\tL4;>}oybnwruNHE@:O`vKDs&'a'S7'y0?-sREe32^&SR53pFI0MjN^^MACyzfU^HjwX{)m)zS$nCL#"j:>^V?,ks';8mC
2024-04-01 23:41:35 UTC	799	IN	Data Raw: 43 cb b3 07 10 0a 40 83 7b f1 3a 1d eb 62 5a e3 af f2 3d bb 8d 4e d2 74 37 4d ae 65 87 6f 0a 9d d0 23 68 73 00 44 ec d5 51 98 20 bc e7 9b 12 e5 15 1f b0 36 af 6a e3 92 d8 56 9a f4 aa ba 33 28 50 a3 5d d3 2f 5d f5 cd 65 82 83 49 20 2e 8b 4e 00 65 1f c0 12 ca d5 a6 be 53 5c f9 2d ce 87 40 5b 73 52 a1 d5 96 b3 ef 56 0e 61 35 b5 d5 e2 0e 6d 68 8d 09 5e 3b 86 37 d8 80 96 e6 34 1b 99 d9 d8 b0 c4 39 bf 68 24 24 57 ad 03 03 5f 07 cd 14 12 5a a5 f5 d9 19 98 71 d6 ac d3 ca 39 49 5e 5b 37 c8 01 f1 6e 70 24 f9 da d7 f0 4a e1 d7 9d e4 2a 3d 48 4e e9 57 0c e3 d0 92 70 82 5d 73 6c e4 6b 5a 0b db 47 c3 aa a3 65 38 4e e2 f1 18 ee ed 65 16 8f 81 10 09 07 38 95 69 06 08 d4 9e eb ac 88 08 dd 4a 8b af 46 24 1c 6d c4 e8 75 cd 97 cf 6f f8 56 f7 2d f6 59 a6 40 ca 7e a3 59 c0 1e Data Ascii: C@{:bZ=Nt7Meo#hsDQ 6jV3(P]/]eI .NeS\-@[sRVa5mh^;749h$$W_Zq9I^[7np$J*=HNWp]slkZGe8Ne8iJF$muoV-Y@~Y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	49751	13.107.213.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:34 UTC	634	OUT	GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:35 UTC	807	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:35 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:25 GMT ETag: 0x8DB772562988611 x-ms-request-id: bc424e21-401e-000a-3ed8-81eb8b000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234135Z-u3tnh2hu4x01dfc3ckvcvu9bww00000002yg000000006gp3 x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-01 23:41:35 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	49750	13.107.213.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:34 UTC	621	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:35 UTC	806	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:35 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:22 GMT ETag: 0x8DB7725611C3E0C x-ms-request-id: 73f0fe3a-101e-0043-6cfb-834b89000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234135Z-g8z1ra19914wd6hvn439kd4yr400000008dg00000001by59 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-01 23:41:35 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	49753	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:35 UTC	398	OUT	GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:35 UTC	807	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:35 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:25 GMT ETag: 0x8DB772562988611 x-ms-request-id: bc424e21-401e-000a-3ed8-81eb8b000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234135Z-fbsuskukgd7u74wr9uws7q3kxc000000098000000001defq x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-01 23:41:35 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	49754	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:35 UTC	385	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:35 UTC	806	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:35 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:22 GMT ETag: 0x8DB7725611C3E0C x-ms-request-id: 73f0fe3a-101e-0043-6cfb-834b89000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234135Z-8yngfh7h3506x6uds3pm58hn4s00000009fg00000000crth x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-01 23:41:35 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	49755	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:35 UTC	600	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://account.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:35 UTC	764	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:35 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Sat, 30 Mar 2024 04:51:43 GMT ETag: 0x8DC507518EA1F75 x-ms-request-id: af2c74b9-a01e-00c9-287b-8281ec000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234135Z-pqtck5q2et6kvek514ag73krts00000009eg00000000cg7w x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-01 23:41:35 UTC	15620	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-01 23:41:35 UTC	1554	IN	Data Raw: 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	49756	13.107.213.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:36 UTC	364	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:36 UTC	743	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:36 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Sat, 30 Mar 2024 04:51:43 GMT ETag: 0x8DC507518EA1F75 x-ms-request-id: af2c74b9-a01e-00c9-287b-8281ec000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234136Z-x67sv75c354b335e6u6f3msdew000000096g0000000169wp x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-01 23:41:36 UTC	15641	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-01 23:41:36 UTC	1533	IN	Data Raw: 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	49764	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:41 UTC	608	OUT	GET /converged_ux_v2_nBE5FSqn9KpH44ZlTc3VqQ2.css?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:41 UTC	801	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:41 GMT Content-Type: text/css Content-Length: 17755 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Sun, 31 Mar 2024 04:51:35 GMT ETag: 0x8DC513E3E0AD5DD x-ms-request-id: 7eb84cd0-101e-0072-3995-83d2bf000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234141Z-tkef5ywm7h3eh3d8ba50w733b4000000094g0000000174mp x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-01 23:41:41 UTC	15583	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 69 73 db 46 d2 f0 77 ff 0a ac 5c ae 58 59 12 e1 2d 4a aa a4 d6 87 12 eb 59 1f 2a 4b d9 ec 56 de 94 0b 22 21 11 6b 10 60 01 a0 65 85 0f ff fb db 73 5f 3d 00 28 c9 89 9f aa 44 b1 44 ce f4 f4 5c 3d 3d 3d 33 7d 7c f7 ed df 82 17 f9 ea b6 48 ae 17 55 f0 f4 c5 7e f0 26 99 15 79 99 5f 55 90 5e ac f2 22 aa 92 3c 0b 83 67 69 1a 50 a0 32 28 e2 32 2e 3e c5 f3 30 f8 f6 bb ef be fd db a3 6e fb ff 82 f3 8b 67 ef 2f 82 77 3f 06 17 af 4e df bf 0c ce e0 db 7f 82 b7 ef 2e 4e 5f 9c 04 ad b1 3c 7a 74 b1 48 ca e0 2a 49 e3 00 fe 5e 46 65 3c 0f f2 2c c8 8b 20 c9 66 bc d5 71 19 2c e1 77 91 44 69 70 55 e4 cb a0 5a c4 c1 aa c8 ff 1b cf a0 0f 69 52 56 50 e8 32 4e f3 9b e0 29 a0 2b e6 c1 59 54 54 b7 c1 e9 d9 7e 18 5c 00 6c 0e dd 4d 32 28 3d 93 e3 Data Ascii: }isFw\XY-JYKV"!k`es_=(DD\===3}\|HU~&y_U^"<giP2(2.>0ng/w?N.N_<ztHI^Fe<, fq,wDipUZiRVP2N)+YTT~\lM2(=
2024-04-01 23:41:41 UTC	2172	IN	Data Raw: 4f 55 ca 9b 38 29 6e 73 56 f4 9f 8b 25 ec 53 f4 e3 c5 3a bb 26 a8 5f 47 3c ef 7d 14 7d 22 58 4f cb 8f 39 f0 de e0 2c af 58 7e b5 a0 7f 63 e0 31 37 d1 3c 26 2d 94 77 df c1 7f a2 57 71 c2 10 a8 c4 ff 59 c4 d9 b5 4a 8f d2 eb 75 16 fc 94 57 8b 64 46 7a 55 92 a9 ba 8e d3 3c 38 81 cd a4 8c 8c b2 af 12 d2 d3 5b 33 f1 6d 7c 13 5c 44 49 f0 7a 6d d6 7e b6 88 ae cb 33 13 96 c2 59 8d 4c 82 e7 11 f0 26 92 98 67 d7 c0 58 a3 4c a5 fc 2b 78 0e 29 e4 d3 6d 94 c1 3c 06 24 26 22 7c 7d 11 2d 61 fc a3 e0 0d 8c c0 9e 4e 35 4c f0 fb 7d d1 9d 65 fb 1d 2c bd ba d9 df 7c 25 b3 ff d7 8c df 7d c6 c9 cb 22 dd 12 dd b3 b3 be fe f5 ef 62 fd 87 03 e7 71 93 27 69 0f a0 23 4c a9 45 67 39 43 60 39 86 fe 58 78 40 71 d8 86 d9 e1 70 32 d4 6f 6a 69 ab 44 e2 5f 2c ee 2f 82 6f 45 f0 75 77 3d 3d Data Ascii: OU8)nsV%S:&_G<}}"XO9,X~c17<&-wWqYJuWdFzU<8[3m\|\DIzm~3YL&gXL+x)m<$&"\|}-aN5L}e,\|%}"bq'i#LEg9C`9Xx@qp2ojiD_,/oEuw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	49765	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:41 UTC	588	OUT	GET /jqueryshim_hlu0tTfjWJFWYNt1WZrVqg2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:41 UTC	814	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:41 GMT Content-Type: application/javascript Content-Length: 5564 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Fri, 29 Mar 2024 05:26:19 GMT ETag: 0x8DC4FB0C37D769E x-ms-request-id: 2236d3e0-901e-006a-1cd3-813a8c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234141Z-h6zsrg57vh5sd12pn0ftqvfftn00000004qg00000000g5ps x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-01 23:41:41 UTC	5564	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cd 3c 6b 8f db 38 92 df fd 2b da c2 c2 90 10 c5 70 67 80 fb 60 b5 62 64 33 b3 97 e0 66 a6 f7 36 99 bd 3b 18 46 a0 b6 e9 b6 26 32 e9 a5 e8 ee 34 da fa ef 57 c5 87 44 52 92 fb e5 bb 64 06 88 5b 14 45 56 15 eb cd 22 d7 7b ba 14 39 a3 67 5f b2 d5 ea 97 1b 42 c5 af 79 29 08 25 3c 24 b1 88 69 74 4f 46 23 32 f6 5f ce da 4d 21 f6 9e 62 ef b3 9c 96 22 a3 4b c2 d6 67 1f 3e ff f6 eb 2f 05 d9 42 47 39 8e 10 d9 72 23 bf f3 1e c3 80 d1 e0 15 8e 51 ad 6b 98 ae 89 b8 e4 9f 88 f8 3b 67 bb f2 92 ea 81 4a 05 5a cc a3 fb 7c 0d df 5d fd 49 96 22 48 53 71 b7 c3 29 45 74 ff 65 cd f8 2f 30 f2 7f 90 3b 00 cb 8c 17 02 36 f0 22 bc c9 f8 59 99 4e e2 3c 25 63 02 43 96 49 79 91 8f 0b 42 af c5 26 29 5f bd 8a ee b1 07 4b f3 79 b9 48 f8 8c cd f9 62 4e 17 a9 Data Ascii: <k8+pg`bd3f6;F&24WDRd[EV"{9g_By)%<$itOF#2_M!b"Kg>/BG9r#Qk;gJZ\|]I"HSq)Ete/0;6"YN<%cCIyB&)_KyHbN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	49766	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:41 UTC	592	OUT	GET /knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:42 UTC	815	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:41 GMT Content-Type: application/javascript Content-Length: 28582 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Fri, 29 Mar 2024 05:26:19 GMT ETag: 0x8DC4FB0C3A62E5E x-ms-request-id: 44233764-901e-0086-43d3-81dbe2000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234141Z-npcyu9krd51132e58grn4grsn000000009p0000000009q15 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-01 23:41:42 UTC	15569	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 cc bd 69 73 db 48 96 36 fa dd 11 fe 0f 20 5e 87 0c 94 52 90 54 d5 33 d3 0d 1a e6 95 25 d9 56 95 2c b9 25 b9 aa ab 69 b5 03 1b 17 13 5c 44 90 5a 2c f2 bf df f3 9c cc 04 12 20 e4 aa 9e 77 e6 c6 75 57 8b 40 22 f7 e5 e4 d9 cf ee 0f ad 9d 3f ff cf ba bc 3a b8 b8 b2 ce df 5a 57 ef 4f 2e 8e ac 8f f4 f6 bb 75 76 7e 75 72 78 6c fd e9 5a 9e 3f 7b fe ec 6a 30 cc ad de 30 4b 2d fa 8d c2 3c 4d ac e9 c4 9a ce ad e1 24 9e ce 67 d3 79 b8 48 73 6b 4c 7f e7 c3 30 b3 7a f3 e9 d8 5a 0c 52 6b 36 9f 7e 4d e3 45 6e 65 c3 7c 41 85 a2 34 9b de 59 0e 55 37 4f ac 8f e1 7c f1 60 9d 7c 74 3d eb 8a f2 4e e7 c3 fe 70 42 a5 e3 e9 ec 81 9e 07 0b 6b 32 5d 0c e3 d4 0a 27 09 d7 96 d1 cb 24 4f ad e5 24 49 e7 d6 dd 60 18 0f ac 0f c3 78 3e cd a7 bd 85 35 4f e3 74 Data Ascii: isH6 ^RT3%V,%i\DZ, wuW@"?:ZWO.uv~urxlZ?{j00K-<M$gyHskL0zZRk6~MEne\|A4YU7O\|`\|t=NpBk2]'$O$I`x>5Ot
2024-04-01 23:41:42 UTC	13013	IN	Data Raw: 3a c5 59 d4 c0 49 88 71 43 38 ba 65 69 4a ea 76 64 2b ca e6 a7 fa 0d ba b8 5c e4 b6 29 ef ad ce a4 2d a5 61 80 2b 6b 88 a6 f7 f0 64 c3 41 86 05 21 ca f3 30 19 4e 8b 14 46 27 56 ab 4c 73 eb 54 08 3f 39 d4 3a 75 43 f3 d8 e7 55 9a 09 3a ad ab 55 1f 56 67 ad 88 21 1a ca 25 84 16 0f 6f 96 29 8e 15 2b 32 38 95 e0 15 a5 1f 53 06 a5 69 45 01 04 ad 62 ab d8 50 da 19 d9 22 55 f0 b6 82 5b b2 16 ed c0 fb b5 58 81 96 ba 38 8c a9 0a 9e 3f 6b 3e b6 91 11 c5 59 a1 94 5a 63 99 6a c8 f3 3f 79 da 55 78 29 1c 9b cd 68 da 9d 3f 04 03 78 38 09 b5 eb 03 f6 22 a5 55 4f a5 a6 65 91 41 9b 7e 53 d7 78 60 d8 ca 1b 89 41 2c 8c 1a 69 f7 4a 1f ab 44 46 b2 ea c0 9f 1d 53 0c f0 43 17 28 ca 24 0d 90 c5 d6 df c0 0b 01 68 d1 ef ec 91 5e bf 30 af 5f 36 af 92 9e 68 bf ec a0 d2 71 69 dc 28 c6 Data Ascii: :YIqC8eiJvd+\)-a+kdA!0NF'VLsT?9:uCU:UVg!%o)+28SiEbP"U[X8?k>YZcj?yUx)h?x8"UOeA~Sx`A,iJDFSC($h^0_6hqi(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	49767	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:41 UTC	615	OUT	GET /lwsignupstringscountrybirthdate_en-us_gdxUIqa3ijrOefuBnwhTKg2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:42 UTC	794	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:42 GMT Content-Type: application/javascript Content-Length: 7203 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Mon, 01 Apr 2024 23:22:28 GMT ETag: 0x8DC52A298E2D766 x-ms-request-id: 39a7c2f1-501e-00f2-3e8e-8485ea000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234141Z-s1cyf3k4at0hvduqgd60cr76e400000002wg0000000030qk x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-01 23:41:42 UTC	7203	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 5c cd 72 e3 48 72 be fb 29 b0 b4 23 d4 e3 e8 51 f3 ff a7 b7 a5 b5 44 49 14 5b 24 c5 11 29 f5 cf ee c6 44 11 2c 91 18 81 28 4e 01 10 87 dd 31 11 be f8 21 7c f6 c1 b1 07 df fc 06 fd 26 7e 12 67 16 40 22 13 12 a0 c1 c4 ee a5 9b 02 b2 aa b2 be fc fb b2 00 f2 0f f7 a1 67 07 8e f2 5e 7d f7 55 cb 85 e3 07 52 8f c4 4a fa 6b 61 cb 57 a5 7f e9 2a ef de 59 94 be 7b 1d 7f 3a f4 97 42 cb f9 24 d0 8e b7 f0 8f be 96 a4 d6 4a fb a5 b7 5f 4b 5a fe 1c 3a 70 af f4 b6 34 5d 3a be e5 78 f7 4a af 04 4e 6e c1 9f bb db 87 a5 d7 25 b9 12 8e 7b 93 c8 9f 78 96 b9 64 89 f9 5c 4b df a7 f2 20 be 5e 2a 4f 52 71 cb 5c b1 bc 70 35 93 3a 2d 2c 7c 7f a3 f4 9c cb c7 17 53 b2 8e f7 28 5c 67 7e 8e 6b 5f 18 65 41 fa dc 03 0c ac 60 29 d3 3a 79 e6 62 b4 29 cb 57 Data Ascii: \rHr)#QDI[$)D,(N1!\|&~g@"g^}URJkaWY{:B$J_KZ:p4]:xJNn%{xd\K ^ORq\p5:-,\|S(\g~k_eA`):yb)W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	49769	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:41 UTC	626	OUT	GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:41 UTC	805	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:41 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Thu, 28 Mar 2024 04:51:48 GMT ETag: 0x8DC4EE2C6948021 x-ms-request-id: 4bca719d-301e-00b0-7737-8100ff000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234141Z-rhb54k8ad501f14gngpmm4txa800000009qg0000000090s7 x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-01 23:41:41 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	49768	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:41 UTC	602	OUT	GET /lightweightsignuppackage_I2u0h5_OVsvo48cPwiR07Q2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:42 UTC	815	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:41 GMT Content-Type: application/javascript Content-Length: 53103 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Sun, 31 Mar 2024 04:51:57 GMT ETag: 0x8DC513E4B922A9E x-ms-request-id: 13a55e2d-f01e-0040-45bd-83a5aa000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234141Z-g7xsdw3wxp5exe97s05nhcdgt8000000035000000000021s x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-01 23:41:42 UTC	15569	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec 7d 79 7f db b6 b2 e8 ff fe 14 32 eb a3 92 15 a4 48 f2 92 44 0a ad eb 25 69 dc 6c 6e 9c 34 6d 5d 35 8f 16 29 89 35 45 aa 24 e5 a5 96 ee 67 7f 33 03 80 04 37 d9 c9 69 ef b9 ef f7 7b 3d 27 16 09 80 58 06 83 d9 30 18 8c 17 fe 28 76 03 bf f6 dc 1f 85 b7 f3 58 77 58 cc 7c 66 19 77 57 56 58 0b cc f3 61 3f ba 76 e3 d1 54 f7 5b 71 f0 3a b8 76 c2 23 2b 72 74 c3 b8 1b c1 af 36 9a 4e a2 3f 23 4b eb b9 63 dd 5f 78 9e 69 3a cb 25 7f 88 8d bb d0 89 17 a1 5f c3 f7 55 60 9e 5a a3 4b 6b e2 9c 1d 1c 5b b1 85 0d 19 fd 8b d0 b1 2e fb b2 a6 f9 b5 5d 56 91 55 51 d1 5b e7 fa c0 b7 df 79 f6 e9 b5 0d d5 59 99 ea 72 75 55 54 01 5f be f3 bd 5b dd c9 7e eb fa 0f f9 d6 f5 cb be 0d 83 60 ac 7e 5d af af 07 c7 eb 60 e2 fa 27 7e 4c 40 c1 ac 4d d3 19 38 bd Data Ascii: }y2HD%iln4m]5)5E$g37i{='X0(vXwX\|fwWVXa?vT[q:v#+rt6N?#Kc_xi:%_U`ZKk[.]VUQ[yYruUT_[~`~]`'~L@M8
2024-04-01 23:41:42 UTC	16384	IN	Data Raw: c2 7d 52 68 a5 b6 4b 75 83 4e 5b 2e 0f 13 6d ff cc 5d de 78 b7 84 1f 94 c3 2b 02 15 b7 b3 dd de 43 05 f7 4e a3 b4 17 ae e3 d9 ef c5 35 f3 40 f7 78 0d 9d 76 e7 09 10 3c 7a 79 8e b1 6f 85 49 ec 05 5d 43 ac 14 db de cd 14 7b 8e 96 ea 28 cd ef 3e 79 ac ad d6 6a 43 11 e9 c1 29 4c 51 e7 9d cb 67 50 9f e7 02 9e a8 41 0b 4a 46 9e 70 96 84 25 ea cd 36 87 24 29 d5 0a 1c c9 cb 25 81 22 ee 4e d9 09 0c 7b 57 7f af 1a 96 95 b2 72 2a 98 74 78 eb 6f 7e 79 52 36 58 6e 12 1a 58 eb bb fc d8 cd 6c be 88 d1 b1 16 04 ba 34 90 1c ca 44 06 ee 0f dc 53 a4 95 de c4 78 84 17 31 d2 d1 a2 2f fe 2a 17 49 57 9e ec 54 23 d1 d6 00 4d 26 e8 7f 0d 72 1c 17 7b 41 fc 0b 27 17 7a 9b c1 ff 0c 8c b4 80 56 f0 6f da f4 9f fa 4a cf b0 8a a9 74 77 77 97 89 7f e9 37 63 fa 4f 7d e5 df 84 fc 9b ed 2e Data Ascii: }RhKuN[.m]x+CN5@xv<zyoI]C{(>yjC)LQgPAJFp%6$)%"N{Wrtxo~yR6XnXl4DSx1/IWT#M&r{A'zVoJtww7cO}.
2024-04-01 23:41:42 UTC	16384	IN	Data Raw: ba fe 78 f9 e1 83 93 84 49 67 f8 43 0c 42 5a ee e1 57 97 2e f4 1b 41 35 81 fe 72 0c 17 98 f2 19 d3 f1 49 70 55 29 c5 1b 9d 71 e3 00 8c cd 3f 26 d0 df 28 fa 4f 77 fd 97 cb 55 8c 80 0e eb d4 84 13 6a 1c 4e 3e 13 d8 6b cc bc d0 b9 06 8e 3a 07 7b 59 cf 3a 3d ff 9a a2 fc 53 b1 a6 9a 63 62 67 8a 16 17 ee b8 53 98 c3 f6 5a 73 f8 79 10 17 b9 a0 56 4b e0 5a 53 d8 35 1b 4b 0e 9c 1d 7a 9d 73 fb 92 d0 6f fd 8a 3a 8a 86 d0 7f b5 f9 55 01 5a 62 ce ac db 6a f6 24 ab 18 db 4e 97 b8 ea fc ef 0b ff d5 ef bb af 7e b9 74 ca 5b fb cd 3c c5 f8 e1 49 f6 21 cc 6e 8e 03 1c 7b bd 79 e3 a4 db 0e 50 b5 05 07 3f 88 ce c8 9e 05 e3 c2 ef fb 50 00 87 8a 8e d8 ad d6 c1 62 51 98 f6 e3 36 fa 99 f0 c9 85 b3 10 15 09 6d 56 45 d6 32 a9 93 5f cb f2 a4 87 97 3a 61 34 0a 1e bc ed 1e 7d 7e ed 5f Data Ascii: xIgCBZW.A5rIpU)q?&(OwUjN>k:{Y:=ScbgSZsyVKZS5Kzso:UZbj$N~t[<I!n{yP?PbQ6mVE2_:a4}~_
2024-04-01 23:41:42 UTC	4766	IN	Data Raw: 69 c3 37 d6 ad 9a 9a 40 95 f7 51 80 69 19 76 b4 70 94 43 4e 5f fd 8a 93 29 ec 14 e3 6f e2 c9 64 ad 8d 46 18 7a c7 ac dc d6 33 17 7c 99 6b 0a 1b 2f fc 17 9b 06 0e 05 bc f0 a1 ee bc ea 15 9d 59 dd 51 95 45 c2 62 61 7d 44 78 c6 c3 be 0f 52 e8 1b c5 61 a2 79 12 4d bd 3a 1c 66 a2 95 5e 56 db 00 93 bb 77 f6 cb dc aa 9d d5 bd b8 84 da af 4d 9e 99 b6 2b 7a 08 59 8a 45 0b 61 c0 80 e6 a4 72 96 e6 85 22 7e 20 60 94 60 3d 6f 32 52 4a bc b5 2f 18 0a d0 55 bd 56 c6 ad 3f ae cc 42 f2 fa da 08 3b a7 7a 62 36 8a 82 e5 63 d2 49 e4 77 d5 43 7e ce a1 e3 b3 fe 9b 59 17 88 1c 00 e7 a6 3b 1e a5 e8 9c 33 d3 5c 45 a0 1e 77 fd c0 15 14 59 f7 a4 7e 58 94 92 42 d8 b5 c0 f9 5e 40 09 2c 27 a7 0b db 40 20 aa 71 a6 7f 67 81 e9 ae 06 a6 59 1e ec bb 04 99 f6 ec 19 e0 e3 f6 25 57 16 f8 ae Data Ascii: i7@QivpCN_)odFz3\|k/YQEba}DxRayM:f^VwM+zYEar"~ ``=o2RJ/UV?B;zb6cIwC~Y;3\EwY~XB^@,'@ qgY%W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	49774	13.107.213.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:43 UTC	391	OUT	GET /images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:44 UTC	784	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:44 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Thu, 28 Mar 2024 04:51:48 GMT ETag: 0x8DC4EE2C6948021 x-ms-request-id: 4bca719d-301e-00b0-7737-8100ff000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234144Z-rhb54k8ad501f14gngpmm4txa800000009pg00000000arz7 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-01 23:41:44 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	49775	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:44 UTC	553	OUT	GET /oneds_MC5gQfpbTUjLu60sQCwU1w2.js?v=1 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:45 UTC	816	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:44 GMT Content-Type: application/javascript Content-Length: 105716 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Mon, 01 Apr 2024 04:46:28 GMT ETag: 0x8DC5206B1F6F85F x-ms-request-id: 59bc69c3-201e-00b9-14f1-8373ec000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234144Z-s1cyf3k4at0hvduqgd60cr76e4000000031g000000000h87 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-01 23:41:45 UTC	15568	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bc bd 69 73 db 48 b2 2e fc 7d 22 e6 3f 90 b8 0e 1d a0 59 a2 49 6d dd 06 5d c3 90 b5 d8 b2 ad c5 5a 6c 77 73 74 14 10 59 92 60 51 00 8d 45 8b 2d 9e df 7e f3 c9 2a 00 05 92 9e 99 7b ef 1b ef 4c 5b 44 ed 5b 56 56 66 56 66 d6 cb df 9a 7f ff 5b e3 b7 46 77 fb a4 f1 fe a4 71 b2 fd a1 b1 15 27 4a 34 56 db 2b ed 0d 4e da 8a 27 4f 49 78 7d 93 35 dc a1 d7 d8 0f 87 49 9c c6 57 59 23 88 46 8d 61 1c 65 49 78 99 67 71 92 b6 1b 9b e3 71 83 73 a6 8d 44 a5 2a b9 57 a3 36 57 e1 56 a5 f6 a2 4c 25 51 30 6e 1c 46 e3 27 0f a9 2f ff fe b7 fb 20 69 44 32 bb 09 53 a1 e4 55 1e 0d b3 30 8e dc c8 fb e9 e4 a9 6a a4 d4 c4 30 73 7a c8 75 24 9d 22 dd 11 b9 74 e2 cb 6f 8a d2 a8 98 93 47 23 75 15 46 6a e4 88 54 3a 93 24 ce e2 ec 69 a2 1c b1 23 9d 9b 20 3d 7c Data Ascii: isH.}"?YIm]ZlwstY`QE-~{L[D[VVfVf[Fwq'J4V+N'OIx}5IWY#FaeIxgqqsDW6WVL%Q0nF'/ iD2SU0j0szu$"toG#uFjT:$i# =\|
2024-04-01 23:41:45 UTC	16384	IN	Data Raw: b5 19 be 19 c7 97 7a 6f 74 3b dd 6a 14 4c 24 44 19 52 29 61 c5 a0 02 02 96 cd a1 6e 9f 71 48 b7 53 6d 45 7d dc 6c e5 b4 8d ef b6 b5 7b 31 33 70 43 70 50 ee 35 dd a3 7d 3a 3d 93 27 a7 3e d5 dd 0e e3 20 9c fb b4 9f 95 19 27 e2 69 61 60 21 a0 a9 07 46 65 99 df 11 47 61 78 b1 4d 6c 01 35 9a 87 e9 8d 1a 31 cb da e5 f8 b7 e0 15 c2 21 8e 07 e2 d4 11 b3 77 f4 79 8d 7a 98 d0 12 fa ab 26 e6 7e a3 88 59 e3 98 7d 1a c7 49 ce 7b d7 5f e7 18 f6 ae 75 90 df 5d aa c4 df e0 18 3a 94 08 b1 ea 97 cb 7f e7 98 93 70 52 54 f3 87 8e b8 cb ca 98 57 ba 29 56 ea c8 9e fc ae ee f6 59 12 fa 5d dd d3 dd ef a3 c8 ef ce f5 f1 23 ed ee 21 e5 5f 15 7a 42 55 62 16 a4 18 9a 09 fa f0 0c 00 aa 4c 4f 0d d1 15 63 9a 82 ad 38 cd b6 81 60 e8 54 a3 f1 13 3d 34 06 97 40 03 df bb bb 53 a3 10 ca 15 Data Ascii: zot;jL$DR)anqHSmE}l{13pCpP5}:='> 'ia`!FeGaxMl51!wyz&~Y}I{_u]:pRTW)VY]#!_zBUbLOc8`T=4@S
2024-04-01 23:41:45 UTC	16384	IN	Data Raw: 10 29 6d 3c f1 6c 94 9e fa 44 7a a7 84 db 12 0c 13 5b 6b 95 c7 3f 22 31 aa 47 51 e1 d5 c3 fc 06 6f a7 80 ed 11 3f d2 4e 94 70 67 3e 21 0f 1c 02 09 b1 70 14 e0 bb f8 98 f2 23 7a 39 bc 4b 06 7e a1 4c 98 0a 3f 53 b0 a3 85 79 a9 9f f2 a3 04 bc f3 e3 d9 4c 9d 83 bd 41 49 0b a3 d1 50 4a 48 1c 3a ae 63 b8 26 6b 9a 5e 5b 38 6e 58 e3 e1 97 9e 56 0e a3 4c f8 1b 99 5f fb 82 53 93 86 94 6e e4 83 b1 c6 fb 5c b0 ea 2f 9a d6 6c 11 ae 74 d1 2c 47 6e 04 fd ac da d3 03 8c ba 28 03 72 a8 30 98 74 1f 3d 8c 36 fd cd 27 8f 1f 3c 7c fc 98 a0 a0 4e d8 88 1e 01 d0 a9 11 03 bb 12 a9 96 01 9e 05 b0 ce 10 4b 39 ec ea bb 2d da a8 3f ab d1 52 e7 04 b2 e6 9e f6 bd c6 66 1b c1 39 47 ac 41 b7 d0 4f aa 8c 26 08 d0 0d 75 f3 5b c1 40 3e 70 1d 0c 2d 60 1c 6e 99 e3 d5 b8 fe fb cf b0 32 05 01 Data Ascii: )m<lDz[k?"1GQo?Npg>!p#z9K~L?SyLAIPJH:c&k^[8nXVL_Sn\/lt,Gn(r0t=6'<\|NK9-?Rf9GAO&u[@>p-`n2
2024-04-01 23:41:45 UTC	16384	IN	Data Raw: bf 47 f4 ef 77 fa f7 98 fe 3d a1 7f 21 fd 3b 85 c9 2e fd 63 5d 26 fa 77 e6 c0 0e 61 ac c0 a3 8d b7 1e 74 e2 46 c3 23 bc 82 ae fd 87 d8 ef 60 03 7b 7d ba 21 a3 3f fe 78 b0 d6 7e a8 1f 1f 57 8f ed 0d eb f9 51 f5 bc d1 b2 9e ad aa 1b 5c b7 63 2e d4 c7 0d 77 73 8d bf 32 6d 95 8c 98 a4 b7 67 66 5b 1e 9f a8 07 34 8d 0f 1c fd da de 54 9b 5e 23 33 6f 8f f0 a6 9f 9f 60 4d 18 8e 65 21 d1 9b ff f0 9f a3 c2 25 a5 2c 09 58 1a ce 1d 4d 4d cb 89 0c 22 12 d7 9c d0 dd 00 04 bd ff 57 ef cf 61 b8 7e d6 27 c4 cf d6 28 09 2d a4 91 1b dc dc 50 99 2d 39 9f 2c 94 a0 31 85 a1 8c 23 0f 19 4b 1d 8b df 2a 4b b0 3d b2 6b e5 a1 46 a2 e0 79 08 0c 10 88 41 ed dd 76 16 ba 75 6c 46 e9 d8 3d e2 8d 9d 30 c6 e7 44 08 76 42 8d db a4 41 d8 bb 83 68 12 1a e6 ae 16 4f de 44 e0 22 bd 84 12 bd 16 Data Ascii: Gw=!;.c]&watF#`{}!?x~WQ\c.ws2mgf[4T^#3o`Me!%,XMM"Wa~'(-P-9,1#K*K=kFyAvulF=0DvBAhOD"
2024-04-01 23:41:45 UTC	16384	IN	Data Raw: de 88 07 2e 03 8a 8e 2d f6 9e 3a 4d 29 c0 6f f0 92 c6 01 a5 b2 5d 7c f8 33 25 f8 4c 07 00 cf 26 39 03 da 93 13 b6 a3 ee a8 77 0b 0b 6d 26 f9 87 dd 5f 9a e6 33 50 7d f8 c4 2b f6 13 d0 26 0e 2b 20 21 13 24 8a 32 ac db 1b ea e4 b1 a5 5c 63 85 25 62 25 3f a2 a6 cc 6c 63 c8 d3 ff 7b 41 b1 a5 1a 46 df 60 98 a2 d7 46 62 93 f2 3d 09 28 f1 7f f3 b6 96 b1 e4 3f ce 10 f8 56 0e eb 39 d2 68 97 1d 8d a3 25 87 d7 bd d1 62 a9 45 c0 1c 35 64 85 35 4c f1 45 61 3d 28 96 28 c5 83 0a 01 16 79 67 ed 33 06 9c 6a d6 f5 50 05 48 53 0d d8 d8 0b 53 ee 02 12 db b3 ba fe 67 52 3f a5 78 34 c1 de 27 5f 13 3e d3 b1 d4 f5 51 f5 d8 23 33 b0 89 4f db 78 91 55 65 b3 d8 01 a2 f3 fa 9b 38 35 d6 ea d3 cd b2 48 99 22 72 08 30 8e f7 35 e8 79 15 8d e8 33 8f f5 e4 69 67 02 dd ea f8 3f 53 d9 9d c1 Data Ascii: .-:M)o]\|3%L&9wm&_3P}+&+ !$2\c%b%?lc{AF`Fb=(?V9h%bE5d5LEa=((yg3jPHSSgR?x4'_>Q#3OxUe85H"r05y3ig?S
2024-04-01 23:41:45 UTC	16384	IN	Data Raw: f6 3d bc 6d 12 b5 d0 d8 62 4b c7 16 d5 0a bb e6 7b b7 fc 1a 76 a5 f6 d5 ba 5a 55 c7 aa 0b 02 f8 6e 47 29 6b f3 f3 6b 85 d0 9d bc af 7f 49 5d b9 32 5a 86 10 3f 40 c0 d0 e3 b7 dc 2d ba 07 8c 35 87 69 33 88 83 3b 1e 75 d7 e4 51 d7 2e 6d f1 a3 ee a9 b8 5d af a8 e9 b2 7b aa 7c 2b ab d8 64 f5 8c a2 30 51 fe 81 a9 b4 af 96 99 59 08 9b 5d cf 70 6b 33 09 45 e2 56 9b e7 aa 79 94 85 5c ae 63 7c d6 b2 c1 78 4a d0 4f 9c 31 bb ce b1 6c c3 0e 6b 7c 15 11 4e 63 09 ba e5 b9 9c f5 4e 96 41 9a cd 81 50 d2 07 66 2b 19 a0 c9 b9 88 3d 6a 98 bb 60 c5 be 79 e1 9c c4 b2 de 6a 3d 68 3a 2b 62 c8 3e a6 96 30 2d 96 35 56 ab 54 83 c6 f9 06 1d 64 4d 85 87 c7 d1 c3 01 3b 49 b0 6c b1 56 1e 53 65 34 6f 87 ca 56 a7 79 ab 8b e4 e2 4c a7 e8 2e 5c b9 94 9f e1 39 63 9d c4 b2 e6 77 bb c3 3d 76 Data Ascii: =mbK{vZUnG)kkI]2Z?@-5i3;uQ.m]{\|+d0QY]pk3EVy\c\|xJO1lk\|NcNAPf+=j`yj=h:+b>0-5VTdM;IlVSe4oVyL.\9cw=v
2024-04-01 23:41:45 UTC	8228	IN	Data Raw: 57 0a ec 21 68 13 01 c7 b9 28 72 57 3f c7 80 ea b2 a2 7f 77 29 d3 a4 75 f7 72 65 cb 0e b4 a6 64 07 3c d5 2a 75 a5 6f 6f 41 f7 c3 60 17 93 75 ba 2b 78 70 b7 8a 94 48 fc 0d a4 a6 3d 3d 28 c8 1c c0 6c cb 59 44 00 a1 3a 30 a1 26 f8 98 a3 9f a5 1a c7 a1 6e 37 47 bb d6 d5 e8 93 7d 09 7c c0 92 6b 10 7c cf 72 96 c4 04 4b 69 51 d6 f4 6f ba 84 15 ec 77 11 be 5c 3d 65 42 f6 1d ae 67 a7 41 b6 3b c1 05 24 a5 08 84 11 08 31 40 70 31 4c 6d 4d 9a 1c 22 ea 01 3b b9 33 c2 3b c0 de 6c 5d 10 fe b4 e4 6d 33 e4 07 94 b0 53 9f 7f 76 33 1c 8b 9a 40 dc 3b 06 37 0a 97 fd d2 89 0d 58 55 67 48 2e c4 78 53 17 3a d3 04 dc f5 45 89 00 8f f6 5d df a6 4b d7 f5 51 1c 7e cb a7 2e 1c 20 cf 8a 4b 34 f5 23 94 46 c5 c2 a3 bc bb 26 4c 9d 0b 8c 77 f7 ab 62 09 62 36 39 6e 22 85 b1 4a 13 4a 6a b4 Data Ascii: W!h(rW?w)ured<*uooA`u+xpH==(lYD:0&n7G}\|k\|rKiQow\=eBgA;$1@p1LmM";3;l]m3Sv3@;7XUgH.xS:E]KQ~. K4#F&Lwbb69n"JJj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	49777	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:44 UTC	613	OUT	GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:44 UTC	783	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:44 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Mon, 01 Apr 2024 04:46:07 GMT ETag: 0x8DC5206A5291D56 x-ms-request-id: 1f7510e0-001e-0087-325b-84f0e0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234144Z-bx3x7fsbw56ut00yp1tg6gurus00000009gg00000000rk50 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-01 23:41:44 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	49780	13.107.246.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:45 UTC	592	OUT	GET /datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:45 UTC	814	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:45 GMT Content-Type: application/javascript Content-Length: 3505 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Sun, 31 Mar 2024 04:51:35 GMT ETag: 0x8DC513E3E2DE930 x-ms-request-id: a457890f-601e-00bd-2462-83dfe4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234145Z-x67sv75c354b335e6u6f3msdew0000000990000000015c4y x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-01 23:41:45 UTC	3505	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ad 59 5b 73 db 36 16 7e cf af a0 51 8f 4c 8e 60 46 49 db dd ae 18 44 e3 da 71 e2 dc 63 2b cd 83 e3 e9 d0 24 24 31 a6 49 96 04 2d 2b 92 fe fb 7e 07 e0 4d 96 d2 d9 9d dd 4e 1d 13 07 07 07 e7 7e 81 f7 26 65 12 a8 28 4d 6c 67 59 7f 5a d2 96 9d 95 a2 55 2e 55 99 63 a7 d7 93 6e a1 7c 25 85 88 7b 3d 5b ba 59 2e ef 9a 0f 37 91 f7 4a 48 fd cb e1 e6 b7 de a4 0f 8d 21 0c a2 c3 4f 84 00 31 fb a4 c1 de 37 80 fd 06 a3 be a8 e4 b2 3e aa c9 27 65 1c f3 c5 e1 21 30 d6 0d 93 3e 31 19 4d ec 2e 83 a5 b3 bc f3 73 2b 17 fb 5e 3e b2 f3 8a b9 9a 5a ee 0c 71 39 ae 95 cd 4d 20 db ef af 5b a2 13 28 65 ef af 5e 6f ef ba d7 5b f4 7a f7 cf e7 60 f0 5a cc a3 24 4c e7 6e 21 d5 38 ba 95 69 a9 ec 29 2f 1c a7 3d 77 47 cc 98 ab ed 44 ce ad 13 10 77 dc a9 c1 b7 Data Ascii: Y[s6~QL`FIDqc+$$1I-+~MN~&e(MlgYZU.Ucn\|%{=[Y.7JH!O17>'e!0>1M.s+^>Zq9M [(e^o[z`Z$Ln!8i)/=wGDw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	49783	13.107.213.40	443	5952	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-01 23:41:45 UTC	378	OUT	GET /images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-01 23:41:45 UTC	804	IN	HTTP/1.1 200 OK Date: Mon, 01 Apr 2024 23:41:45 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=604800 Content-Encoding: gzip Last-Modified: Sun, 31 Mar 2024 04:51:35 GMT ETag: 0x8DC513E3E937A3B x-ms-request-id: 0002695e-201e-00c1-6b95-83d9fd000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240401T234145Z-pqtck5q2et6kvek514ag73krts00000009qg000000008gkt x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-01 23:41:45 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4132, Parent PID: 6140

General

Target ID:	0
Start time:	01:41:04
Start date:	02/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5952, Parent PID: 4132

General

Target ID:	2
Start time:	01:41:09
Start date:	02/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2128,i,4475635242253092868,16860567519649660981,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2788, Parent PID: 6140

General

Target ID:	3
Start time:	01:41:11
Start date:	02/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly